Microsoft Office 365 News 31 January 2019

Office 365 Security – Advanced Threat Protection

Protect your organisation from malicious attacks by enabling the right policies.

Office 365 Security – Advanced Threat Protection, Fabric

Office 365 Advanced Threat Protection (ATP) helps protect organisations from attacks online. Adding this to your license is one of the best ways to keep one step ahead and prevent the chances of these malicious attacks from compromising the security of your businesses data.

To give your organisation the best protection available, we recommend that all the following features are enabled and set up correctly.

To find out if you’re protected, or for more information, email info@fabric-it.com or call 01625 443 110

 

ATP Safe Links

We should all be cautious when clicking links. Is the sender trustworthy, were you expecting this link to be sent, is there anything suspicious about the address pop up when you hover your mouse on the link

Emails will only get into your inbox by passing through exchange online protection. This is where filters are applied to spot phishing or spam emails. If an email with a malicious link is not caught by this filter, and the link is clicked, then ATP safe links can check the website before it appears in your browser.

This is what you’ll see when the link is being scanned. You may need to wait a couple of minutes then try the link again to see if the scan is complete.

ATP - Pop up showing "this link is being scanned"

This is what will show if the website has been classed as malicious in the scan.

ATP - Pop up showing "this website is classified as malicious"

You can choose to block specific url’s within your organisation. For example, if you’re looking to block all employees from Dropbox, this would be a feature to enable amongst a wider strategy to make it difficult for staff to access Dropbox.

ATP - Pop up showing "this website was blocked by your Office 365 administrator"

ATP Safe Attachments

All attachments sent to people within your organisation are thoroughly checked. This feature is customisable, so it can run alongside and adhere to your policies and procedures.

You may choose that all emails with malicious attachments are removed before your employees even get the chance to see it.

If ATP determines this as a malicious file, then nobody will be able to open it. That way, everyone can open files confidently, knowing that they have passed the ATP scan, and their computer is well protected.

Did you know? To check that attachments are safe, Microsoft open the file in a virtual environment. If you’re based in the UK like us, your attachment will be opened in Durham, Cardiff or London!

ATP for SharePoint, OneDrive, and Teams

Files on SharePoint, OneDrive and Teams are scanned for malicious threats. If the file is found to be hazardous, ATP can lock the file and will display a red warning icon as shown below:

ATP - Example showing locked file with red icon

As a default setting, you will be unable to open, move, copy or share the file if it’s been flagged as malicious but you will be able to delete it.

However, administrators can enable people to download files even if they have been detected as malicious. This may be useful if you are completely certain the file isn’t going to harm your computer and the malicious content may have been added to the file intentionally.

 

Useful Definitions for the next feature:

 

Phishing-

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.

Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.

https://en.wikipedia.org/wiki/Phishing

Spoofing-

Email spoofing is the creation of email messages with a forged sender address.

https://en.wikipedia.org/wiki/Email_spoofing

 

Anti Phishing Capabilities

Anti-phishing applies machine learning and artificial intelligence together with impersonation detection algorithms to incoming messages to provide protection for commodity and spear phishing attacks.

All messages are subject to a set of models trained to detect phishing messages, together with a set of algorithms used to protect against various user and domain impersonation attacks.

Microsoft reports phishing was the number one threat for Office 365 users in 2018, with the Microsoft Office 365 security research team detecting around 180-200 million phishing emails every month.

Phishing email statistics from Office 365 from January 2018 to September 2018

 

  • 300,000 phishing campaigns analysed in 2018
  • 8 million business email compromise attempts in 2018
  • 20% of users click on a malicious link in first 5 minutes

ATP - Pop up showing "this link was clicked from a phishing message"

If you have Advanced Threat Protection for your organisation, we strongly recommend that you ensure these policies are enabled.

Office 365 Security – Advanced Threat Protection, Fabric

Get in touch Back to blog