Use Microsoft 365 to protect your business against malicious cyber actors
According to the Department of Homeland Security, bad actors are spreading malicious software and targeting businesses making rapid moves to a remote workforce as a result of COVID-19. Phishing campaigns, malware deployment and exploitation of rapidly deployed teleworking infrastructure are all seeing increased activity.
The Microsoft Threat Intelligence Center (MSTIC) tracks thousands of email phishing campaigns covering millions of malicious messages every day. Out of those messages tracked, roughly 60,000 contain COVID-19 related malware or malicious URLs. While this number does not represent a surge in total threats, less than 2%, it does signal a significant shift in context to exploit fears about the global pandemic. And with the increased stress around the global pandemic, people are being less vigilant online — so people are clicking when they might otherwise think twice.
The MSTIC has noticed a rise in impersonation of global health entities such as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) as well as targeted attacks on healthcare organizations. China, Russia and the United States are among the countries hit hardest by this new wave of attacks.
Protect your business now
One of the easiest ways to help protect your business — especially during work-from-home but also beyond — is to activate all the security features already built into your chosen platform, such as: credential protection and authentication safeguards, phishing protection and email security, data/information protection and endpoint protection. You should also enable multi-factor authentication (MFA) and conditional access policies, which control access to applications and help prevent credential-theft related attacks.
Since most of these attacks are using phishing campaigns as the initial attack vector, email security is critical — so using aggregated threat identification will protect end-users against malicious URLs, unsafe malware attachments and targeted phishing attacks. Security baselines and default threat protection policies provided by platforms can protect against most attacks.
You should also encrypt sensitive documents and emails, classify document sensitivity and apply access and usage rights across your organization’s data. This can effectively thwart attempts by attackers to access or download confidential corporate data. It’s also important to secure employee devices as a protection against malware attacks.
We’re here to help you get started
Microsoft 365 includes all of these recommended security tools — so you could effectively build your defenses with these technologies alone. Still, it can be challenging to implement everything at once, so we recommend the following as a starting point:
- Enable MFA
- Implement Conditional Access Policies
- Turn on anti-phishing, malware and URL protections, which are available in Office 365 Advanced Threat Protection (ATP)
- Develop an information protection strategy and plan your Azure Information Protection for Office 365 policies, if applicable
- Deploy Microsoft Defender ATP for your endpoints, if applicable
Whether you need help with turning on a few settings or would like to talk about your security strategy in-depth, our experts are here to help. We have helped thousands of customers across every industry find a security plan that fits their needs.
Learn more about Microsoft 365 and start securing your business today. Already a Microsoft 365 customer with Rackspace? Reach out to your account representative to get started.