Woman checking her emails at a mobile location

Office 365: Advanced Security Solutions Keep Cybercriminals Out

18 Jan 2017 by Teresa Meek

A data security breach is not just embarrassing; it can cost you big money. In 2015, more than 175 million personal records were hacked, according to a report by the Identity Theft Resource Center (ITRC). This year, the average cost for each lost or stolen record was $158, up from $154 per record in 2015, reports an IBM-commissioned Ponemon Institute study.1

But even as high-profile incidents fill the headlines, many companies fail to implement advanced security solutions that could help them prevent a data breach. A 2016 Verizon report found that 30% of phishing messages were opened by recipients. Thirteen percent of the time, the recipient clicked on the malicious link or attachment the message contained.

Let’s face it: No matter how much training you provide, some employees will be taken in by deceptive emails. How can you protect your information?

Advanced Threat Protection

Microsoft has come up with some answers in its Office 365 Enterprise E5, which uses several lines of defense against security threats. One of the most sophisticated is its Advanced Threat Protection system that spots suspicious links and attachments and opens them in a secure environment to test them without contaminating the company network.

This system uses machine learning to monitor the behavior of users and devices, discerning over time what’s normal and what’s not. It helps identify real threats and reduces the false alarms so common in the IT world. When the system spots suspicious links or attachments, it opens them in a virtual machine — a cordoned-off sandbox — to see if they create a denial-of-service attack, a Trojan horse or a worm.

Advanced Threat Protection monitors for shady or deceptive addresses, keystroke loggers and other hidden clues employees might miss. It can even prevent zero-day attacks, which exploit security holes in software programs before the vendor knows about them.

Threat analysis goes on in the background, invisible to email recipients. When they click a link or attachment, it is “wrapped” and opened quickly in the virtual machine, causing no discernable delay. The recipient either opens the link or attachment after it has been deemed safe or receives a pop-up message warning that it has been blocked.

Like physical viruses, cyberthreats constantly evolve to challenge defenses used against them. That’s where behavioral analytics provides an edge. The Office 365 Enterprise E5 system continually adjusts to new tactics. As hackers become more sophisticated, so do the methods of detecting them.

Customizing security

Advanced security solutions in Enterprise E5 allow IT administrators to create their own policies, directing the system to check for types of links or attachments they’ve flagged in the past. They can create alerts for specific groups of users or for people whose access to high-level information makes them attractive targets.

IT managers can also approve or revoke access to third-party apps and maintain a “go/no-go” list of sites employees can visit. For example, they can monitor the use of cloud-based services such as Dropbox, Amazon or Facebook.

Monitoring online behavior allows IT to identify anomalies and warn people who engage in risky practices that could lead to a data security breach. It also provides insight into how employees use information across the organization, guiding future technology decisions.

Maintaining privacy

When Microsoft customers use Office 365, OneDrive, Skype for Business or other applications, their information is routed through a server in a Microsoft data center. But that doesn’t mean Microsoft can access company information. Businesses can use a feature called Customer Lockbox, which allows Microsoft support engineers to fix problems without having access to their data. Business data is secured on the server, and only designated people at the company are allowed to see it.

Meeting advanced threats

In an age where data security breaches have evolved from clumsy phishing attempts to sophisticated techniques such as ransomware, zero-day attacks and botnets, it’s crucial to have advanced security solutions built into your office systems.

Cyberthieves count on a certain percentage of people falling for their schemes. Advanced Threat Protection blocks malicious software from being opened without taking employees away from their work. Combined with customized policies and privacy protection, it’s a powerful way to keep your company’s information safe.

1 Ponemon Institute. (June 2016). 2016 Cost of Data Breach Study: Global Analysis.