By Nathaniel C. Gravel, CISA, CISM, CRISC
Hundreds of thousands of organizations in the U.S. and around the world rely on Microsoft’s Office 365 software suite to run their businesses. But recent events have shown that even this highly regarded software is vulnerable to penetration by increasingly sophisticated methods used by cyber criminals.
The biggest threat to Office 365 is malicious malware inserted through phishing attacks. The malware is, so far, unable to be detected by Office 365 security filters. The malware gives cyber thieves the ability to access user credentials, which can then be turned around and used to launch further phishing attacks on the Office 365 users’ contacts. The malware also downloads sensitive company information, financial details, and personally identifiable information such as social security numbers. Stolen email credentials and contact lists can be resold to spammers.
For these reasons and many others, organizations should consider performing an Office 365 security review. This review can help your organization understand its potential susceptibility to compromise through the Office 365 platform. It will also ensure that your organization is following best practices set forth by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), such as:
- Use multi-factor authentication, the best mitigation technique to protect against credential theft for Office 365 users
- Enable unified audit logging in the Security and Compliance Center
- Enable mailbox auditing for each user
- Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users
- Disable legacy email protocols, if not required, or limit their use to specific users
Additional security protocols should include regularly training and testing users (through simulated phishing exercises), encrypting devices, and turning off auto-forwarding. You should also limit user access privileges to the minimal necessary for them to carry out their assigned tasks. The fewer people who can access sensitive data, the less chance their credentials can be used to compromise the system.
Office 365 remains a stalwart software suite that delivers exceptional capacity across multiple business processes. By taking sensible precautions and continuing to monitor potential threats you should be able to continue to benefit from Office 365 safely and securely.
Nathaniel Gravel is a cybersecurity expert and consultant with Gray, Gray & Gray, LLP, a consulting, accounting and business advisory firm based in Canton, MA. He can be reached at ngravel@gggllp.com.