Mitigating Risk: How to Make Office 365 Safe for Your Business


Thought Leadership

Mitigating Risk: How to Make Office 365 Safe for Your Business

Teresa Zwierzchowski

You’ve seen the suspicious emails pile up in your junk folder—and those are just the ones that aren’t blocked from ever reaching a folder in the first place. Malicious emails, whether they contain ransomware, phishing attacks, viruses, or another form of cyber annoyance, generally cannot be entirely sidestepped by small and mid-sized businesses (SMBs).

Verizon’s 2018 Data Breach Investigations Report (DBIR) found that 49 percent of malware (non-point of sale) was installed by malicious emails. Your email security deflects most of these attacks, but it just takes one getting through to put you in a world of hurt. According to a 2017 Ponemon Institute report, a successful cyberattack costs SMBs, on average, $2.2 million when you add up theft of/damage to IT assets and disruption to business operations.

In theory, Office 365 should give you the peace of mind that your email is safe and sound—after all, it’s backed by Microsoft, so the conventional wisdom is that security would be a priority. However, Office 365’s email security is far from foolproof. The solution doesn’t leave the front door open for malicious emails and cyberattacks, but it’s not exactly putting on the chain and locking the deadbolt.

However, these shortcomings shouldn’t be a reason to overlook Office 365, because it is a viable and superlative option for business productivity. Here are some steps to take to make Office 365 safe for your organization:

Knowledge Is Power

Your employees might be your greatest asset, but they also might open the suspicious email, download the malicious attachment, or fall for a phishing attack that gives the bad guys the keys to the kingdom. After a couple of decades of email best practices, users should know to be careful with what arrives in their inboxes, but cyberattackers have become good at thoroughly disguising their email messages to look legitimate.

That doesn’t mean educating employees to be smart Office 365 users is any less important. Good training can fend off many email attacks that manage to reach inboxes despite your other security measures. Strong governance policies regarding passwords, email content, and BYOD (just because you open a work email on your own device doesn’t mean in can’t infect your servers) also better secure Office 365 email before any additional technical measures.

Strong Encryption

Educating users helps with email security, but ultimately, you will need robust digital solutions to fully protect your business. Office 365’s email encryption capabilities aren’t perfect; messages are encrypted only when the reach the server, thus leaving them vulnerable in transit.

Enhanced encryption is critical and can be found in quality third-party email security solutions. Point-to-point encryption delivers added security by encrypting emails immediately, so that they can’t be compromised in transit. Moreover, this approach can prevent infected emails from going anywhere, thus offering secure experiences in both mobile and desktop environments.

Advanced Filtering

The default filtering settings on Office 365 are porous, leaving gaps for unwanted email, malware, and phishing leaks to get through. These filters can be customized, but that consumes much time and can still leave admins and users at risk of overlooking something.

Advanced email and web filtering fills in the gaps and eases the administrative burden. The best solutions offer easy rules implementation, a minimum of four antivirus engines, and bulk email management. Furthermore, with web filtering, an additional layer of protection shields networks from ransomware, malware, adware, and other threats if something somehow gets through the email filters.

Get More Advanced Than ATP

Microsoft hasn’t ignored email security with Office 365 and offers Advanced Threat Protection, or ATP, to supplement the suite’s existing security. On the surface, ATP is a good upgrade—it includes email protection against malware and zero-day attacks, security against malicious attachments and links, and the ability to safely view attachments without compromising the network.

However, ATP could be better. Third-party solutions pick up the slack where ATP is insufficient. Additional features you should look for in security software include:

DNS-level web filtering Category/content web filtering Real-time threat notification alerts Periodic threat assessment reports customized for your network Compatibility with any email service (not just Office 365)

These and other features deliver maximum protection, much more than ATP. And with this maximum protection, the best third-party solutions deliver peace of mind—no more constant worrying that malware or viruses could lead to a $2 million loss.