Office 365 outstanding cloud success story but users need to employ email security best practice | Paralogic IT

office365image3Microsoft Office 365 just works!

It’s 5 years and a few months since Microsoft Office 365 launched as a commercial product and around two and a half years since it was upgraded to its current format.
During this time, it has set some significant benchmarks, including being Microsoft’s fastest ever growing product. Under the stewardship of CEO Satya Nadella Microsoft has pursued its cloud strategy very effectively. Office 365 is akin to the jewel in the crown as it is now the single most popular enterprise cloud service, and is reckoned to be used by one in five employees.
The reason, with which many that use O365 will agree, is that it is quite simply an outstanding product. From the perspective of many users and IT department’s it just works, and it performs very well while reducing support and administrative requirements.
If we had to identify one aspect that really does make a difference it is putting Outlook email into the cloud. Just ask anyone that has had to manage, backup and restore the Mail Store of an on-premise Microsoft Exchange server how much anxiety is attached to the dreaded call to support that says: “Email has gone down.”

Cybercriminals targeting Office 365 users

As with any successful product there are those that try to exploit and cash in by piggy-backing on its popularity. Cybercriminals are targeting Office 365 users with malware customised to get through Office 365’s built-in security tools.
One good example is the ransomware known as Cerber. This has been around for most of 2016, but this summer a zero-day attack (the first observed use case) saw a Cerber variant specifically written to bypass the Office 365 platform’s defences.
Avanan, a US cloud security provider, estimated that roughly 57 percent of organisations using Office 365 received at least one copy of the malware into one of their mailboxes during the attack. Deploying a best in class cloud email security product like Mimecast may be effective, however, top-rated security tools are not a replacement for best practice and the use of common sense by email users.

Email security best practice from Paralogic

It is important to educate and remind users of some basic rules because you simply cannot afford to let complacency take hold when it comes to security best practice.
Paralogic recommends users follow two key time tested rules of email security best practice.

  • Not opening email
    • Don’t open email from people you don’t know or messages you are not expecting.
    • If you get an odd message from someone you know, treat it with suspicion because it may have come from an infected user’s account.
    • If curiosity gets the better of you and you open such a message, do not under any circumstances open attachments or click links in such emails.
  • Avoid .EXE files 
    • Best policy is to block all email activity related to .EXE files; use workarounds such as password protected ZIP file containers if you must use them.

We help over 1000 businesses and have assisted many with Office 365 Migration. To find out more about how we can help you to get more out of your investment in business technology simply get in touch today.
Click here to download our FREE ‘Client security briefing: Defending the ransomware threat’.
Click here to see the article ‘Cerber Strikes With Office 365 Zero-Day Attacks’ at information security website Dark Reading.
Click here to see ‘Widespread Attack on Office 365 Corporate Users with Zero-day Ransomware Virus’ at avanan.com




LATEST BLOG POSTS

Paralogic named one of Britain’s Best Managed IT Companies for second year running

1st February 2021

For more than 20 years, Paralogic has been working with small and medium sized businesses, providing outstanding IT support that they can rely on. We’re thrilled, therefore, to be named among the best MSPs in…

Read More

Equifax security breach: What if it happened under GDPR?

9th October 2019

The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…

Read More