EMAIL SECURITY

Who Would Want to Read My Emails Anyway?

This is a common objection we get from people. Who cares if hackers read my emails, there's nothing interesting in there anyway.

If you don't handle sensitive information like financials, patients health records, share passwords and credit card info over email, and you're just asking Jim where he wants to go to lunch, then maybe.

Think again. Most of the time, hackers aren't trying to read your emails. They are going to send you a phishing link or malicious file that gives them access to your email, a specific account, or your computer. Ultimately, they want money from you. Once they're in your system, they SPAM people using YOUR email address or will find creative ways to impersonate your CEO asking your CFO to make an urgent wire transfer to close a deal.

And when they do that using your company's email, then two things happen. First, if you're the IT guy, then everyone's wondering why you weren't able to prevent this, making you feel embarrassed and your skills inadequate. If you're the CEO, then a handful of customers leave and the rest of them have less confidence in you, making you angry, because you already had tons of other work to deal with, and now a storm hit the fan.

What's included in Email Security?

The engineers at BEMO implement and continue to maintain the following email security tools and policies:

1. Office 365 Advanced Threat Protection (ATP)
   1. Safe Links
   2. Safe Attachments
   3. Anti-phishing protection policies
2. Microsoft Exchange Online Protection
   1. Anti-Spam Policies
   2. Anti-Malware
3. Configure DKIM, DMARC, and SPF for Office 365
4. Office 365 Office Message Encryption (OME)
5. Set outbound spam notifications
6. Turn on mailbox auditing for all users
7. Do not allow mail forwarding rules to external domains
8. Do not allow anonymous calendar sharing

 

 

Office 365 Advanced Threat Protection (ATP)

ATP protects your organization by preventing dangerous links and malicious attachments that come via your email, SharePoint, OneDrive, and Teams. In addition, it'll filter out all the spam mail, so that when you start your day, your Outlook is always clean with emails that should be there. Microsoft's introduction video is very concise, so please give it a watch below.

Office 365 ATP is really smart, using machine learning to analyze metrics such as senders IP, frequency of emails, whether a user has marked the sender as spam in the past. And because 6.5 billion trillions of emails are sent through Microsoft Exchange, they have been able to perfect this solution. In 2018, Office 365 ATP prevented 5 billion phishing emails! In the 13-minute video below, Shobit Sahay of the Office 365 Security shows off ATP in an easy to understand demo.

 

For more reading, I have provided a few of my favorites below...

• Office 365 ATP - eBook
• Office 365 ATP - Technical Overview 

Office Message Encryption (OME)

A lot of the people we talk to think that their emails are encrypted by default. I can't imagine how many people don't realize that their sensitive information is being sent in clear text over a network. In fact, all a hacker has to do is sit in a coffee shop and just watch all the emails being sent by people around them! With Office 365 OME, you can send encrypted emails to people inside and outside of your company without needing a 3rd party tool. In fact, we have a lot of healthcare companies that comes to us paying ridiculous amounts of money for a 3rd party HIPAA compliant email server when they could just be using Microsoft Exchange with OME at about 10 percent the price. Anyhow, watch the video below as Jeremy Chapman, the Director of Microsoft 365 walks you through the demo to show you how to send encrypted emails, stay compliant, and enforce data leakage policies.

 

 

 For more information:

• Office 365 OME - Technical Overview