Since the beginning of the COVID-19 crisis, Microsoft has recorded a 775% increase in the number of users of its Azure cloud computing platform and an increase of 12 million active users of its Teams collaborative software. At the beginning of March, Microsoft is offering Teams free of charge to facilitate collaboration between teleworking teams.
In addition, Microsoft 365 (soon to be ex-Office 365), with its 200 million active users worldwide, is the preferred cloud computing service used by organizations. It is also a privileged target for cybercriminals. This trend is expected to continue in the coming months with the deployment of its services within companies, where teleworking has exploded.
Whether your organization is already using Microsoft 365 solutions or whether you are planning to migrate to the platform, in the coming weeks or months, securing your environment is of utmost importance.
Why protect your Microsoft 365 environment?
It often starts with an email
91% of attacks start with malicious email. In most incidents recorded when using Microsoft 365, phishing emails appear as a regular Microsoft email.
Once the user clicks on the phishing link, a website identical to Microsoft 365 requests the user to identify oneself (username and password). The information is then passed directly to the hackers who then have access to the data and can misuse the victim’s identity.
Behind an e-mail, there can exist a malicious software
Other attacks involve the use of malicious attachments using documents from the Office suite to infect the computer and the network with malware, viruses, Trojans and APTs such as Emotet or Trickbot.
What are the risks?
By having access to the account, hackers can use their prey’s mailbox to send unwanted emails to contacts, or even contact customers, colleagues or partners, with the message to:
- click on a link;
- open a document;
- transfer money;
- or share sensitive information.
These are known as Business Email Compromise Attacks (BEC).
BECs are also used to conduct scams including the infamous President’s Fraud. Hackers send a fraudulent email to a potential victim, making him or her to believe that the received message originated from a senior director of the company, most often the CEO or CFO. The message requests that a money transfer (the most common type of request) be issued to a fraudulous account or that personal information about employees be transmitted.
How do you protect your Microsoft 365 environment?
You are responsible for security configurations
The first mistake is to believe that Microsoft is responsible for securing your account in its cloud.
Although Microsoft developers update the cloud platform to avoid vulnerabilities in the code and implement security processes, it is the client’s responsibility to configure and protect its use of the Microsoft 365 service.
Adapt Microsoft 365 security settings to your organization
By default, Microsoft offered security configurations that are performance and ease-of-use oriented.
Since COVID-19, Microsoft has improved and optimized the security of Microsoft 365, Microsoft Azure and Microsoft Teams in response to high demand from its customers.
Properly configuring your environment, modifying the default settings to meet the specific threats your organization faces, and keeping up to date with new options – which change weekly – will greatly reduce your exposure to cyber threats.
By the way, are you familiar with Secure Score, which allows you to set up certain security settings based on the licenses and tools your organization has?
Enhance the safety of remote work
In order to offer safe platforms, Microsoft is proposing a guide to best practices to adopt to secure the remote working of your employees.
Filter inbound and outbound emails
As previously stated, e-mail is the most common means used by cybercriminals. Microsoft 365 is equipped with a basic anti-spam service whose purpose is to block dangerous attachments: phishing or spam. You also have the option of adding more advanced protection services such as Microsoft Threat Protection to your license.
Log and monitor
Then it is strongly recommended to monitor the account connections. Indeed, in order to carry out a BEC type attack, will the attackers try to gain access to several Microsoft 365 accounts in your company? Or will they try to break a password? Also, are the connections coming from unusual geographical areas or dangerous IP addresses such as Botnet, TOR, etc.?
To prevent and detect intrusions, there are simple solutions that your IT teams can implement such as :
- multi-factor authentication;
- secure configuration of your Microsoft 365 environment and functionality;
- activity logging and monitoring;
- file backups
- the implementation of solutions such as Microsoft Endpoint Data Loss Prevention to limit the risk of data loss or leakage.
Microsoft 365 commits to making your data available at all times. Although Microsoft, by default, offers solutions to recover a deleted file or email thanks to its retention rules, you are still responsible for your data. It is up to you to activate the retention rules according to the subscription you have, and to have a backup strategy with third party solutions that meet the legal retention requirements. For example: information concerning former employees.
Educate your staff
In most cyber security incidents, the clumsiness of a user is at fault. It is therefore essential to educate and train your employees on the company’s internal policies and best practices.
Do not hesitate to call on In Fidem’s offensive security experts for regular phishing tests. Their interventions will allow you to ensure their vigilance and assess your employees’ exposure to most types of attack.
What should you do in the event of a cyber attack on your Microsoft 365 account?
If you think your Microsoft 365 account has been hacked or compromised, call in the experts.
They will take care of:
- taking the necessary steps to resolve the incident,
- verifying and correcting the modifications implemented by the hackers,
- and checking if any other users have been victimized.
They will also investigate how your account was compromised.
Our Forensik subsidiary offers a team of experts to respond to cyber attacks such as cyber security incidents in Microsoft 365. Do not hesitate to contact them so that they can assist you with the remediation of the situation.
Migrating to cloud computing services clearly allows you to accelerate growth, optimize processes and reduce costs. However, this digital transformation comes with new cybersecurity issues that need to be evaluated. You must keep in mind that the responsibility for the security configurations of your Microsoft 365 environment and software rests with your company and not with the service provider.
Therefore, In Fidem can assist you migrate securely to the cloud. As a Microsoft partner, we can provide you with 6 months of free Microsoft 365 E1 licenses. To find out more, take the time to discuss your needs! Contact us!