Cloud security has become a major concern of those both using and providing cloud services. Data breaches are happening at an increasing rate around the world as hackers find new ways to exploit popular services, like Microsoft 365.
The popular Microsoft productivity suite has been particularly targeted by hackers looking for ways to breach the platform for everything from using it to send spam and phishing emails to gathering user credentials to sell on the Dark Web.
One of the recent Microsoft 365 phishing attacks that was spotted by Australian company MailGuard, involves an email that contains an HTML attachment which displays a message, “Fetching your audio file…” and then redirects the user to a fake Microsoft 365 login page designed to steal their credentials.
Another type of attack targeted at users of the office suite sends what looks like a SharePoint file sharing invitation using a link to a OneDrive file. The file redirects the user to a similar spoofed Microsoft 365 login page.
Office 365 login credentials sell from $15 to $100 on the Dark Web.
Sydney area businesses that are looking to improve data and network security and safeguard their Microsoft 365 account have some feature additions coming in 2020 to help them do just that.
Security Features Planned for Microsoft 365
When reviewing feature updates that Microsoft has planned for Microsoft 365 applications in the coming months, we saw an emphasis on data security. Many of the features rolling out in 2020 are designed specifically to provide users with more ways to protect their accounts and the data they contain.
Here are the security enhancements you can expect to see soon:
#1 Manually Apply Sensitivity Labels in Office Online
Sensitivity labels allow you to tag Office documents for specific handling rules to keep more sensitive information safeguarded. Classifications can be tailored to your needs, and usually are something like:
- Internal Use Only
- Highly Confidential
Microsoft is adding the ability to manually apply sensitivity labels to documents in the Office Online programs, Word, PowerPoint, and Excel to give you better control over document handling.
#2 Sensitive by Default Setting for Data Loss Prevention
Microsoft 365 Data Loss Prevention will have a setting added to treat all files in SharePoint and OneDrive for Business as sensitive (a higher security setting than non-sensitive) by default until the file has been fully scanned for sensitive information.
#3 Phishing Campaign Views in Microsoft 365 ATP
The Advanced Threat Protection (ATP) component of Microsoft 365 is designed to help defend against phishing attacks. Microsoft is making the tool more powerful by adding the ability to see the details of phishing campaigns that have attacked your organization and their impact.
This increases the investigative power of ATP and helps administrators better create policies that protect their users from future phishing attempts.
Safe Links Added to Office Online
The Windows, Mac, iOS, and Android clients for Microsoft 365 currently have the protection of Safe Links through Advanced Threat Protection. Safe Links inspects URLs, and if they’re malicious, it will stop the page from loading and instead redirect the user to a warning page.
Safe Links will be added to Office Online as well in 2020 to provide more protection to users that may accidentally click a dangerous link in Word, Excel, PowerPoint, or OneNote.
New Safe Documents Feature
You can currently see Safe Documents through a public preview, and the feature is scheduled to roll out by February 28, 2020. What Safe Documents does is instead of prompting users to exit Protected View for a document, it will automatically check untrusted Office Word, Excel, and PowerPoint files against Windows Defender Antivirus and ATP before allowing the files to open at all.
This helps avoid users accidentally enabling a document that might contain malware by using the power of the Intelligent Security Graph to prescreen files.
Auto Classification of Sensitivity Labels in SharePoint & OneDrive
Another automation designed to make users’ lives easier and prevent human error when it comes to document protection is an auto classification being added to SharePoint and OneDrive files.
The mechanism will be able to automatically detect and label sensitive files based upon an auto labeling policy that you set up in the Microsoft 365 Compliance Center. This will prevent files from going unlabeled my mistake.
The feature is currently in private preview, which you can sign up for here.
Enhanced Compliance with Information Barriers
Another new security feature that is currently in private preview is Information Barriers. This is a compliance-related tool for highly regulated industries such as finance and healthcare and it allows organizations to restrict communications between groups within their company to avoid any conflicts of interest and to safeguard internal information.
Examples of potential uses that Microsoft gives are:
- An internal team with trade secret file access can’t call or chat online with certain groups in their organization.
- A day trader cannot call someone on the marketing team.
- Finance personnel that work with confidential information cannot receive calls from certain groups in their organization.
Improve Your Network Security with NetCare!
NetCare can help your Sydney area business ensure that your network, on-premises, and cloud services are properly secured to prevent credential theft, data breaches, and malware infections.
Contact us today to schedule your security consultation. Call (02) 9114 9920 or reach out online.