The long-existing problem of email hacking appears to be unsolved by 2016. According to the recent warning released by FBI, companies have lost above $2.3 billion over the past three years due to email frauds, in which the employees are tricked into wiring funds to adversaries by fake messages sent from “the boss”. While the ill-famed breach of the Panamanian law firm Mossack Fonsecais shows how email server hacks can lead to a horrific 2,6-terabytes data leak.
Despite all existing security technologies developed for email protection, this communication channel becomes untrusted for different reasons. First, since attackers are adapting to any countermeasure, it is getting hard to predict new threat models. Second, using email services in the cloud, companies are not ready to unconditionally trust cloud service providers.
Unauthorized access and account hijacking are the most often worries regarding using email services in the cloud. Tweet this ->
Below I’ve collected vital practices that would help companies enable security in their email systems disregarding of their location.
1. Multi-level authentication
FBI continues to warn companies to enable more authentication layers to protect mailboxes against unauthorized access. In practice, this is one of the biggest items for email security and it is critical for C-level managers’ accounts and shared accounts with administrative privileges, as adversaries always hunt them. Ensure that those accounts are protected with strong authentication technologies, such as smart cards or a two-factor authentication.
2. Testing employee threat awareness
How do your employees distinguish suspicious emails? Which links in the emails would they follow? Regular testing may reveal many surprising details about their behavior, and will help you develop a detailed security policy on real-life examples.
3. User behavior analytics
Efficient user behavior analysis is not possible with manual processes. For example, manual configuration of audit settings in Microsoft Exchange Online may require a lot of time due to necessity to configure them per each mailbox. Coupled with poor reporting capabilities and lack of archiving options, security checks and investigations may be inefficient due to lack of visibility into changes made to Exchange Online objects configuration and permissions.
4. Monitoring non-owner mailbox access
It is almost impossible to prevent insider threats without knowing what non-owners with permission to access other users’ mailboxes do with your sensitive data. Keeping an eye on each action taken by an Exchange administrator allows reconstructing the course of events in case of a data breach or system’s crash.
When moving workload and information assets to the cloud, the worst thing is to lose control over the data. Although large providers often have more advanced security controls in place rather than regular company can afford, they will not be completely responsible for your data integrity in case of a data breach.
So my tip is ensure you have an ongoing control over your cloud-hosted systems with regularly assessments and monitoring, and that there is no hidden or malicious activity that may compromise your data.
4 rules for enhancing Exchange Online security. Tweet this ->