Office 365’s Advanced Threat Protection (APT) may be a useful way to improve the security of the platform, but it is not without its flaws.
Security researchers discovered back in 2018 that Office 365 APT had some fundamental flaws when it came to defending against a new wave of phishing attacks. It seems as though SharePoint invitations containing malicious links were being sent out to some users, leading to malware being installed. The SharePoint documents looked legitimate, seemingly a simple OneDrive file access request, but the link would instead send you to a malicious website claiming to be an Office 365 login page. From there, login credentials could be skimmed.
Anyone with their finger on the pulse in the industry knows that attackers evolve their methods of attack rapidly. The challenge for organizations, and particularly those using Office 365, is how do you keep up with this ongoing evolution? Research like the one undertaken on Office 365 vulnerabilities confirms what we’ve always known, no platform (whether cloud or on-premise) is fully secure when it comes to insider and external attacks.
It is critically important that you are able to adapt and develop your security strategy to mitigate the worst of the risks that could lead to a data breach. Here are a few steps you can take to do just that.
1. Make Use of the Microsoft Secure Score
This is by no means a perfect system, but it could give you an indication of how well you are performing when it comes to the security of your overall environment. The Microsoft Secure Score works by giving you points for configuring certain security features, performing security-related tasks and addressing recommended actions where third-party software is concerned.
Use the Microsoft Secure Score as an initial indicator of whether your Office 365 environment is set up in the most secure way and whether you are regularly performing the recommended security best practices.
2. Make Use of the Security & Compliance Center
Another useful tool that Microsoft provides is the Security & Compliance Center. In this, there are numerous reports presented on a dashboard that can give you basic audit information regarding the changes being made to Exchange Online and SharePoint Online. There are even some capabilities for Azure Active Directory audit logging and user activity reports.
The Threat Explorer is also a great way to see how many attacks have occurred in your Office 365 environment over time and will provide you with some useful information about the attacks.
However, it’s worth noting that the information contained within the Security & Compliance Center, whilst a good starting point, is not detailed enough to meet most compliance standards and ensure security through visibility. For that, you’re better off using a dedicated Office 365 Auditing software (but more on that later).
3. Implement Multi-Factor Authentication
User accounts are often the route that attackers take to gain access to Office 365. For that reason, you’re going to want to ensure that those accounts remain secure, even in scenarios where the password has been compromised.
Obviously, strict password policies are a necessary part of ensuring that accounts remain secure, but multi-factor authentication can help you maintain account integrity in the event of an attack. Have users respond to a notification to their mobile devices or through some other method and do not allow access until that second factor has been met.
4. Protect Your Inbox from Malware
Phishing is one of the most common methods that attackers use to compromise your systems. You’re going to want to ensure that neither you, nor your users are clicking on malicious links coming into your Exchange Online. There is a feature within Exchange Online that allows you to implement mail flow protections. Using this feature, you can:
- Implement advanced threat protection against dangerous links and attachments.
- Deploy a basic antimalware solution.
- Set up policies that will help you filter out spam emails.
- Protect against spoofing when you are using a custom domain (by implementing DKIM, DMARC and SPF).
5. Deploy a Data Security Platform
Visibility is the key to security. In other words, knowing what is happening to the configurations and permissions in your Office 365 environment is the key to spotting potential threats before they become problematic.
Ensure you spend the time to find and evaluate a Data Security Platform that gives you visibility over changes being made to configurations, permissions, data and more. Such solutions should be able to provide you with change information in easy-to-read reports and through real time alerts – making them a far more appealing option than manually sorting through native audit logs.