Keeping your data protected… with Office 365 Advanced Threat Protection
Released back in June 2017, as a brief re-cap; in the wake of the rise in email born cyber-attacks, Microsoft released ATP as their non-compulsory add-on security service. Filtering emails, with little impact on productivity, ATP is among the toughest of the add-ons suite to 365, which we strongly impulse businesses to adopt.
Including key features, such as Safe Links, ATP averts users from inadvertently clicking on malicious links embedded within phishing emails that are misleadingly representing themselves from a genuine source, such as a bank, government body or trusted brand name.
Safe Attachments, protects your users from opening potentially damaging email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even realising.
ATP has been around since 2017, so what’s new about it?
A key feature, which has been added to the service’s Anti-Phishing tools, emphasises on Impersonation Detection. ATP has been at work to defend against phishing attacks for quite some time, though attacks known as, “spear-phishing” or “whaling”, where offenders impersonate a trusted sender often targeting entities within a business that may have access to valuable data, are far more problematic to detect.
If the hacker can get their email distributed to their intended target, they are far more likely to be tricked by domain name impersonation. Where two very similar names are used, so alike in fact, that at first glance most users wouldn’t notice anything wrong with the email.
The new Impersonation Detection service works to detect lookalike email addresses and domain names that may be used to hoax users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a reliable email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s attention to likely risks.
This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which are included as-standard with the Enterprise E5 license.
Could someone impersonate my domain?
Simple answer, yes. It is astonishingly easy for those with moderately basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to snip valuable data, or simply cause disruption & down time.
One specific risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to mimic your domain, with the one key objective of fooling your personal staff.
Recent examples include, a Finance Director’s email account being impersonated – with an exact mask of the name, full email address, and even his email signature! An email gets sent from this counterfeit account to another member of the Accounts Department, requesting them to make payment on a fictitious invoice to a bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple unknowing error.
How can I use ATP to shield against this impersonation?
ATP will routinely keep a look out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-selected choices) that fall into an untrusted category, perhaps a spoof domain that is very similar to your own (down to simple variances, such as being one character different), or from an unknown user/email address that doesn’t exist within your 365 – keeping your team well out of harm’s way.
The threat management dashboard encompasses real-world statistical information on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the fears.
There is of course the risk that honest emails may well be filtered out, so you can of course view a list of all the quarantined emails and choose to act on them all collectively or by individual email.
What are the next steps?
If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost immediately! Contact the team to receive support in obtaining and best configuring the service to sufficiently protect your data, users and livelihoods.
Want to get the best of cyber security for your business?
At iTeam, we take a security first approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might actually be and identify actions to take.
To book a consultation or to arrange a further discussion, please get in touch via our form below, call 03330 507 690 or email Chris on firstname.lastname@example.org.