How to Secure Your Microsoft Cloud Estate from Phishing Emails
Phishing emails are one of the most pernicious threats facing organisations today. If you’ve been leveraging Microsoft 365 and Azure to keep your users productive whilst working remotely, Six Degrees offers some steps you should take to secure your deployment and protect your organisation from phishing emails.
Phishing emails are one of the most significant cyber threats facing your organisation today. Designed to evade both technical and human defences, phishing emails will remain one of the main threat vectors that hackers use to deliver both ransomware and business email compromise (BEC) attacks in 2021.
What are phishing emails? Phishing emails are sent by cybercriminals, and they pretend to be from someone you trust like your bank or your local council. Their goal is to convince you to do something which they can use to their advantage, such as click on a link to a malicious website or provide login and other personal details.
Your organisation needs to know how to be better at defending against phishing emails. This includes training your people to identify them, implementing processes to deal with them, and hardening your infrastructure to reduce the chance of a phishing email becoming a launchpad for a ransomware or BEC attack.
Secure Your Microsoft Cloud Estate
If you’ve been leveraging Microsoft 365 and Azure to keep your users productive whilst working remotely, there is functionality available to you in these products that will secure your deployment and protect your organisation from phishing emails. Here are the top six, according to our cyber security experts.
- Enable spam and virus filters. Ensure all filters are enabled and turned on to block and alert mode to ensure known malicious emails are detected and treated well before they are able to enter a user’s mailbox.
- File type and file analysis. Enable or whitelist file extensions that are used by your organisation so that all others are blocked by default. If your organisation does not use macro-enabled xlsx documents, make sure they are blocked by default.
- Sandboxing. Most cloud provider email scrubbing systems have the ability to open a suspected email within a segregated safe area to ensure there are no malicious files hidden within. Enabling this feature allows real-time analysis to be performed before it hits a user’s machine.
- URL inspection. Most cloud providers have the ability to inspect any web links that are contained within the body of an email to determine if the destination is malicious. This is critical to protect against even the most diligent of users against watering hole attacks. Note: A watering hole attack works by identifying a website that's frequented by users within a targeted organisation, or even an entire sector. The website is then compromised to enable the distribution of malware.
- Domain impersonation/similarity. Mail scrubbing services have an ability to compare the sender information name, domain etc. to known contacts your users deal with. Doman impersonation or similarity is detected as opposed to the user examining in close detail if the name is spelt wrong.
- SPF/DKIM/DMARC configuration. Sender Policy Framework, Domain Keys Identified Mail and Domain-based Message Authentication, Reporting and Conformance are security controls built into the email infrastructure that confirm originating emails come from a registered server, are not altered or changed from destination and receiving servers, and upon failure of these control parameters can instruct what happens to the email itself.
By following these six configuration steps, you will go some way towards protecting your organisation from phishing emails and the malicious payloads they are designed to deliver. But there’s always more you can do. We’ve provided an additional six steps you can take in our new phishing infographic, which you can download for free from our website.
Secure Your Microsoft Cloud Estate
Microsoft 365 and Azure are keeping organisations running in 2021, giving people the tools they need to deliver essential services whilst working remotely. But this increased reliance on Microsoft cloud services has meant that hackers are targeting them more than ever before to launch ransomware and BEC attacks. As recent high-profile attacks have shown, the damage they can cause to organisations and their residents and citizens is significant.
To book a free Microsoft Cloud Security Assessment with one of our experts that will help you secure your Microsoft 365 and Azure deployments to protect your people and the communities you support, click here and fill out a simple form.
Former DWP chief security officer Claudia Natanson to chair new professional body
Newly created organisation aims to improve national resilience
Revenue spiked 7% to £8.9bn, DCMS study reveals
Home Office chief reveals two thirds of users also need to be trained
Jointly, Equinix and Cintra enable organisations with mission-critical Oracle workloads to accelerate their journey to cloud, while minimising transition risks - here's how
Defence Medical Services (DMS) is pursuing ground-breaking digital, data and technology transformation which will revolutionise Tri-Service healthcare provision to over 135,000 Armed...
OneTrust presents the reasons why your organisation should invest in privacy management - and offers three easy tips for getting started
The remote-first world has seen email being relied on more than ever as a core communication mechanism - but with 93% of IT leaders acknowledging a risk to sensitive data, what steps should be...