Many businesses are at risk of hacked email accounts. It’s difficult to realize how much is invested in business email accounts until those accounts are in the hands of cybercriminals.
Office 365 has taken a dominant role as the productivity solution of choice for enterprise data: 58.4 percent of all sensitive corporate data in the cloud is stored in Office 365. There’s value in your corporate inbox.
Your business keeps so much sensitive and proprietary information all in one inbox: photos, contracts, business plans, invoices, tax forms, reset passwords, and payslips are just a few of the details which can be found in your users’ professional inboxes. By simply breaching their emails, a malicious hacker can get access to all these vital documents.
Sit up and pay attention
Here are some stats that should cause you to sit up and read more:
Almost three quarters (71.4 per cent) of corporate Office 365 users have at least one compromised account each month, according to a report by Skyhigh Networks.
The average organization experiences 2.7 threats each month within Office 365:
- 3 compromised accounts each month – such as an unauthorized third party logging into a corporate Office 365 account using stolen credentials
- 8 insider threats each month – such as a user downloading sensitive data from Sharepoint and taking it when they join a competitor
- 6 privileged user threats each month
On average the cost of a data breach is $3.9M.
Insider threats are more damaging particularly if it’s a compromised account, careless employee misuse or a malicious insider. The cost of such a data breach could be up $8.76M.
Microsoft takes security seriously
Microsoft takes Office 365 security seriously and has made significant investments in service-level security. However users can still perform either accidental or malicious high-risk actions within Office 365 which can put your business at risk. Also, account credentials can be stolen through phishing scams and then used by third parties to get access to your data.
Email accounts are hacked by cybercriminals because they are often a weak link in an organization’s security pipeline. The diagram below, adapted from Krebs on Security is a clear overview of the value of your corporate email account.
Think about it – when anyone signs up for an online service, the user must enter an email address, and whoever controls that email address can reset the password and take over the account, all without the immediate knowledge of the account’s owner.
Then there’s Phishing – the fraudulent practice of sending emails pretending to be from reputable companies in order to coerce individuals to reveal personal information, such as credit card numbers, account numbers and passwords. All phishing emails have a link provided that if clicked on will either direct the user to site and infect your PC with malware (such as ransomware) or direct you to a website asking for personal information.
How to stay safe
A three-pronged approach is needed to keep your corporate email account safe.
First focusing on security. Secondly focusing on back up, thirdly focusing on user awareness training because employees can be a weak link in security. If they are trained properly and educated to spot a phishing attempt, this could prevent some threats.
This post will focus on the first two elements of staying safe – backup and security, which aren’t interchangeable concepts.
An effective Office 365 security strategy will begin with an Office 365 Security and Cyber Threat Assessment and provide you with a security configuration score. Followed by a recommendation on best practices and guidance on successfully implementing Office 365 security features.
Such a strategy will need to cover:
- Proactive threat reporting and monitoring of your Microsoft 365 environment
- 24 / 7 reactive and proactive security support
- Bi-monthly reporting with insights for improving your security standing
- A plan for setting up, enhancing and maintaining threat detection, threat protection and threat response capabilities
- Identification of security and compliance gaps
Addressing the security skills gap within your IT team will be the most necessary and pivotal step towards protecting your business inbox.
Should data loss or theft occur, then you want the peace of mind of knowing that you have preserved business continuity.
When you consider that 75% of data loss is caused by user error, then you begin to understand why Microsoft recommends you have a third-party capability to back-up your Office 365 data. (Source: IT Compliance Policy Group)
Even though Microsoft hosts the Office 365 platform, they are not responsible for maintaining a backup of your business-critical data. With Office 365, it’s your data – you control it – and it’s your responsibility to protect it.
An effective and secure backup solution for Office 365 will do the following:
- Protect your Office 365 data from accidental deletion, security threats and retention policy gaps
- Quickly report individual Office 365 items across Exchange, OneDrive and SharePoint
- Drill down through backups by date or keyword search to quickly locate and recover
- Backup all or specific groups of user
- Ensure that data stays in your cloud environment and you have the control to restore when you need
A comprehensive Office 365 backup solution can give you a peace of mind, should the unnecessary occur.
In summary, today’s ever changing threat landscape requires a multi-layered security response and a comprehensive backup solution to keep your business both protected from the worst and buoyant should you experience a data loss.