In the digital transformation, one name arguably looms larger than any other: Microsoft. Just this week, Bill Gates’ tech gurus thwarted a major cyberattack on U.S. think tanks, and Microsoft has pulled off similar preemptive strikes over the last few years. The company invests upwards of $1 billion annually in security R&D alone, and publishes a lengthy cybersecurity report each year outlining the biggest threats to online security.
The goal? To showcase its leadership in building a safer digital landscape.
Given Microsoft’s size (it’s the world’s 7th largest IT company) and its equally impressive user base (there are more than 120 million Microsoft 365 subscribers globally), it’s easy to assume that if you’re using email with Microsoft 365, you’re in safe hands. But just as its own cybersecurity report outlines, there’s never been more risks lurking in our inboxes—and like every other key player in the digital transformation, the tech giant isn’t immune to security issues.
A growing cybersecurity threat
Both the frequency and severity of cyberattacks are on the rise, in a big way. Since 2016, the number of attacks has increased by more than 18.4%. And despite the attention-grabbing damages associated with these breaches—$21 trillion by 2021—95% of their true costs occur below the surface. In the last year, cyberattacks targeting cloud-based Microsoft accounts increased 300%, and attempted sign-ins from malicious IP addresses spiked by 44%.
Simply put, in today’s landscape, no email account is inherently safe, even if it’s provided by a trusted name like Microsoft. Here’s why you should think twice before assuming your Microsoft 365 email is impermeable to attack—and a few tips to help you keep your emails safe, secure and out of the hands of hackers.
Microsoft 365’s vulnerabilities (and ways to minimize risk)
There’s a reason why so many businesses go with Microsoft 365. It takes away the hassle of managing SharePoint and Exchange servers internally—and we don’t have to tell you how much of a productivity drain this can be otherwise. But Microsoft’s cloud-based office suite isn’t foolproof, and it’s certainly not hacker-proof. Going the “plug and play” route can set the stage for major security headaches.
- Active Directory enhancements: More and more hackers are taking advantage of Microsoft’s Active Directory. Why? Because the cloud-based Active Directory can be controlled both internally and externally, making it more susceptible to security breaches. And hackers know that it’s “the keys to the kingdom.” This decades-old technology is widely trusted by users, but it was developed in a much different cyber risk landscape. Too few organizations have mastered the art of adapting it to modern security needs—adding an auditing solution and a system to prevent unauthorized users from gaining access, to name a few.
- Enterprise Mobility Suite 2FAs: Through the Enterprise Mobility Suite, your company can bring the authentication processes for various apps into one directory service. Sounds great, right? Absolutely—until the entire database is compromised and wreaks exponentially more havoc than the breach of a single app or directory. Go with a reliable third-party vendor to set up a two-factor authentication (2FA) that minimizes the risk of costly breaches.
- Edge protection: Microsoft’s email system has its own layer of malware protection. But to provide the extra security needed in today’s risk-laden landscape, consider implementing your own edge protection in the form of anti-malware and anti-spam safeguards. Learn more about advanced threat protection for email.
- Back it up, then back it up again: For many, cloud systems like Microsoft 365 might seem to eliminate the need for backups. But that doesn’t mean important data will never get deleted along the way, whether by accident or malicious intent. Supplement Microsoft’s built-in backup systems to make sure you always have access to your most pertinent data, in the event of crashes, deletions, outright attacks and even simple human error.
There’s a reason why millions of organizations around the globe rely on Microsoft 365 for essential business functions like email. And although Microsoft offers some of its own security safeguards right out of the box, it’s essential to supplement these foundational measures with your own layer of advanced Microsoft 365 security. By doing so, you can bring out the best in Microsoft 365 and protect your company against phishing and other devastating cyberattacks.
PROTECT YOUR BUSINESS WITH ACTIVELY MANAGED SECURITY AND COMPLIANCE FROM OBT
Your business connects with the outside world a thousand times a day. Protection matters.
With almost 20 years of hosting and consulting experience, OBT's highly technical team is dedicated to taking the complexity our of IT security so small businesses can grow in the cloud. Our fully-managed Secure 365 offering is designed to help protect your customers, partners and employees whilst keeping your business operational and compliant. Future proof your business and focus on what you do best with the expert assistance of Australia's trusted and innovative IT service provider.