The Concerning Reality of Microsoft’s Email Security

Are you trusting Microsoft Office 365’s built in security? With data security compliances such as HIPAA, GDPR, DFARs and the risk of crippling consequences of subsequent breaches, you shouldn’t solely rely on these built in features. Within the past eight years, the use of email has grown exponentially, becoming the primary business collaboration tool. Organizations need to ensure that the content and information they send and receive is both appropriate and secure when entering or leaving the organization.

With one in five emails containing data with a legal, financial or regulatory risk, email protection should be one of your biggest security concerns. You need to ensure that your security tools will scan deep into the message and any attachments to identify any critical information before it leaves your business. Office 365 does offer basic email security including regulatory control through archiving and basic encryption. It also has template rule sets that can get you started with policies. But these functions typically do not provide the deep content inspection required to remain secure.

With 93% of all data breaches originating from email, your organization needs more protection than the built in features.

Here are 4 steps you can take to achieve the data protection, threat protection, and control you need to protect your company email and your data in the cloud (in addition to enabling the built in security features).

  1. Enforce end user training to prevent phishing attacks. 65% of SMBs don’t undergo end user training even though end users are the number one cause of data breaches.
  2. Implement a data backup solution. Microsoft CANNOT retrieve stored content or data in the event of an outage. Their responsibility is only to ensure that the service is operational and data is accessible. They are not responsible for the backup of individual customer sites/libraries/files. They recommend that you regularly backup your data using a third party service for this reason.
  3. Utilize email encryption to encrypt and protect email content from being read by entities other than the intended recipients.
  4. Layer additional security on top of email security such as Managed Detection and Response technology to detect malicious activity that could originate from email.

Data leaks and data breaches originated from email are more common every day. Unfortunately even with the best email security in place, your data is still at risk. Protect your information by implementing these six steps.

Is your organization doing all that’s necessary to secure your email and cloud data? We can help you assess your current controls and policies with a simple gap assessment. Find out more here.

Spread the word. Share this post!