How to Combat Phishing in Office 365

Download Checklist

Phishing attacks are one of the easiest ways for a cybercriminal to enter an organization’s environment and move laterally. That’s why they are all too common! Below are our top tips for combating phishing attacks when using Office 365 (O365).

  • Enable multifactor authentication for all O365 Users
    We recommend that select users specify how to receive the verification code as having just approve or disapprove buttons may accidentally allow for a threat actor to be approved. SMS compromise is a threat. Victims tend to approve an attacker if the attacker is persistent enough.

  • Enable O365 Compliance Score & Secure Score
    Both analyze organization security based on activities and security settings in O365 and assign a score. To utilize these features a subscription to Office 365 Enterprise, Microsoft 365 Business Office or Office 365 Business Premium is needed.

  • Enable O365 Cloud App Security
    Provides insight into suspicious activity within O365 through notifications of alerts or suspicious activities, data access used and suspended user accounts with suspicious activities.

  • Set up secure mail flow
    Enabling unified audit logging provides the identity of the sender of each email message.

  • Enable mailbox audit logging
    By default, mailbox audit logging is not enabled. This logging includes who has logged into mailboxes, sent messages and other activities performed by the mailbox owner, a delegated user or an administrator. Enabling this setting assists in the discovery of sensitive data that has been accessed by unauthorized individuals.

  • Practice data loss prevention
    Identify sensitive data and create policies to help prevent users from accidentally or intentionally sharing sensitiveor ePHI data. Email is the most common method where data is sent in an insecure and unencrypted manner.

  • Enable Customer Lockbox
    Allows Microsoft support engineers to access data during a help session. This requires approval or rejection prior to the Microsoft support engineer accessing the data. Each request has an expiration, and once the issue is resolved, the request is closed and access is revoked. If credit card data may be transmitted or stored within O365, this is a must have in a PCI environment

Through our Managed Detection and Response (MDR) services, our security operations center (SOC) team can help you configure each of these settings and recommend other cybersecurity best practices to prevent threats against your organization.

About Pondurance

Pondurance delivers world-class managed detection and response services to industries facing today’s most pressing and dynamic cybersecurity challenges including ransomware, complex compliance requirements and digital transformation accelerated by a distributed workforce.

By combining our advanced platform with our experienced team of analysts we continuously hunt, investigate, validate and contain threats so your own team can focus on what matters most.

Pondurance experts include seasoned security operations analysts, digital forensics and incident response professionals and compliance and security strategists who provide always-on services to customers seeking broader visibility, faster response and containment and more unified risk management for their organizations.