×

Archives

  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • September 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • August 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • January 2013
  • December 2012
  • October 2012

Categories

  • Bots & AI
  • Business Applications
  • Industry Solutions
  • InfoPath Replacement
  • Microsoft Teams Integration
  • News & Press Releases
  • NITRO Studio
  • Remote Workforce
  • Security Management
  • Uncategorized

HOW TO SHOP

1 Login or create new account.
2 Review your order.
3 Payment & FREE shipment

If you still have problems, please let us know, by sending an email to support@website.com . Thank you!

SHOWROOM HOURS

Mon-Fri 9:00AM - 6:00AM
Sat - 9:00AM-5:00PM
Sundays by appointment only!
Questions? Email us at sales@crowcanyon.com
  • +1 (925) 478-3110

Crow Canyon SoftwareCrow Canyon Software

Crow Canyon Software

No-Code Business Process Automation for Microsoft 365, Teams, & SharePoint!

Call: +1 (925) 478-3110
Email: sales@crowcanyon.com

Crow Canyon Software
Offices in Benicia, CA & Wakefield, RI

  • HOME
    • ARIES HOMEPAGE
    • HOMEPAGE 4
    • ATHOS ONE-PAGENEW
  • Portfolio
  • HERO
  • FEATURES
    • BLOG
    • BLOG STYLE #2
    • s
    • s
    • CUSTOM SUBHEADERS
      • Sep
  • PAGES
    • THE COMPANY
      • ABOUT US
    • WORK & STORIES
    • DYNAMICS
      • F.A.Q.
    • SYSTEM
      • 404 PAGE
Free Demo
  • Home
  • Blog
  • Industry Solutions
  • Office 365 Tools for Protecting Your Company

Office 365 Tools for Protecting Your Company

by crowcanyon / Friday, March 22, 2019 / Published in Industry Solutions

It’s 10 am and already I have received four phishing attempts in my Inbox – fake emails purportedly from Chase Online, Xerox, FedEx, and a VoiceMail service. That does not even include the others in my Junk Mail or that were blocked by anti-phishing filters.

I know they are fakes just by looking at them. For example, the display name of one of them says “Chase Online”, but the email address is some weird combination of letters and numbers.

In the body of the email, a link says “Review Awaiting Files”. When I roll my mouse over that, it gives a URL with a domain in the Philippines and other oddities that set my alarms off. It is obviously not a Chase email and even a cursory look shows it is bogus. I promptly deleted the email.

Phishing for Your Password

The goal of phishing is to get you to click a link and enter in your username and password. With that, the phisher can get access to emails, banking, and more, and do some real harm to you, your business, and your family.

These phishing emails are getting harder and harder to detect. They now include logos and images that look similar to what you are familiar with seeing on a secure website. Some of us are getting tricked by these and clicking the links. It must be a profitable business for the malevolent senders; otherwise, it would not be of any use to send them.

Recently someone in our company made the mistake of clicking one of these links. Oops! He entered in the username and password to his Office 365 Inbox. That resulted in the phisher sending an email to everyone in his Sent Items folder, claiming there was an overdue invoice, which was attached. Fortunately, that email looked quite suspicious and I don’t think anyone was tricked. However, we did have to field a large number of questions, which wasted everyone’s time.

And the phishers are getting even more sophisticated with their attacks. Not long ago, I received an email from LinkedIn saying I had a message from a business partner (one I knew well). I went to LinkedIn and saw that the message had a PDF attachment with a name like “RFP_NYC_PROJECT.PDF”. I downloaded the file, thinking it was legitimate, but when I went to view it, it prompted me to enter my Office 365 username and password, claiming the file was on OneDrive. At that point, I knew something was amiss – the screen looked like Office 365’s login page, with the browned out photo of Rio de Janeiro, but the domain was not something I recognized as related to Microsoft. Fortunately, my “phishing sensors” went off and I called the partner, who confirmed it was a bogus message.

After these incidents, we implemented strong anti-phishing rules on our Office 365, as well as held educational classes. While I hope we are now “phishing-proof”, we will have to stay vigilant. The phishers are using more and more tricks. The best strategy is to stay always on the defensive and be especially wary of any email that has attachments or links that require you to enter login credentials.

Implementing Office 365 Anti-Phishing Features

You can make your Office 365 safer from these attacks by implementing security features that are available in the Admin Center.

Microsoft has good documentation here about this: “Anti-phishing protection in Office 365”. https://docs.microsoft.com/en-us/office365/securitycompliance/anti-phishing-protection

One of the first things that article says is: “The most important thing you can do to secure your environment is to educate your users about the dangers and the warning signs of phishing attacks.”

This emphasizes that the first line of defense has to be “user awareness”. Be sure to hold training classes and warn users of this danger. Here is a good article from Microsoft that you can share with your users: “Protect yourself from phishing schemes and other forms of online fraud” (https://support.office.com/en-us/article/protect-yourself-from-phishing-schemes-and-other-forms-of-online-fraud-be0de46a-29cd-4c59-aaaf-136cf177d593)

Next, there are settings in the Office 365 Admin Center that you can implement. If you are on the Office 365 E5, A5, or Microsoft 365 Business subscriptions, you can implement “Advanced Threat Protection (ATP)”: https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-atp. For other subscriptions, ATP comes at a monthly cost from $2 to $5 per user per month.

But even without ATP, you can set up email filtering and protection by going to the Admin Center, then Security & Compliance, then the “Threat Management” section. You can set up policies to protect against malware, phishing, spam, and bulk emails, as well as any that meet a specific criteria.

We are using these “Threat Management” capabilities in our Office 365, and it seems to work well enough. The biggest issue is that legitimate emails are sometimes blocked and we have to review the Quarantined messages (in Threat Management/Review) throughout the day to release the good ones.

Unfortunately, it is likely the phishers (and spammers and malware/virus propagators) will get more and more sophisticated. That tends to poison what is a very effective and convenient way to communicate, email. But by keeping our defenses up and users trained, as well as implementing protections available in Office 365, we should be able to keep ahead of these malefactors, at least for the most part.

I encourage every Office 365 Admin to implement policies and educate users before you suffer a phishing attack.

Meanwhile, stay aware and vigilant!

— Scott Restivo, CEO of Crow Canyon Software

  • Tweet

What you can read next

Harness the power of SharePoint solutions through SharePoint application software
Ready to make a change? Get O.V.E.R. it!
Automation with SharePoint for Effective Customer Service

Categories

  • Bots & AI
  • Business Applications
  • Industry Solutions
  • InfoPath Replacement
  • Microsoft Teams Integration
  • News & Press Releases
  • NITRO Studio
  • Remote Workforce
  • Security Management
  • Uncategorized

Recent Posts

  • PR: NITRO Studio Brings Business Process Automation to Microsoft 365 GCC High Users

  • Working from Home

    Crow Canyon Software Reacts to Capital’s Major Investment in Nintex

  • PR: Crow Canyon Software Awarded GSA Schedule 70 MAS Contract

  • Crow Canyon Software reacts to TPG Capital’s Major Investment in Nintex

  • Approvals: Critical Component of Many Business Process Workflows

Crow Canyon Software Logo

Crow Canyon builds upon your existing collaboration platforms in Office 365 and SharePoint to give your staff the tools they need to drive business process automation. Pick and choose the best solution for your organization.

  • Business Applications
  • Company Overview
  • NITRO Studio
  • Partners & Resellers
  • Solutions
  • Newsroom
  • Services
  • Purchase
  • Resources
  • Careers
  • Support
  • Request a Demo

Questions? Contact Us!

+1 (925) 478-3110
Email: sales@crowcanyon.com

Crow Canyon Systems, Inc.
Offices in Benecia, CA & Wakefield, RI

  • GET SOCIAL

© 2021 Crow Canyon Systems, Inc. All rights reserved. Privacy Policy | Disclosure Agreement | Cookie Policy

TOP