Do the basics first:

Most customers have not configured what they already own and think that buying or subscribing to a new device or service they will be more secure. The reality is the complete opposite. What the customer now has is an over complicated siloed security solution that fills the customer with a false sense of security. “You cannot buy security if the basics are not in place.”

So, what are the basics? Not to sound like a broken record but attackers don’t break in. They take opportunities be that bad procedure, accounts payable procedure or fear of looking stupid. It can be as simply as making sure users don’t fear asking questions or pointing out issues they see without fear of reprisals. A good security awareness program teaches that security is everyone’s job and that we all make mistakes (once).

 

Email: A Business-Critical application can it be trusted?

Email is most popular methods of communication today. Millions of people use email to send and receive messages, files, and other types of information. However, email is not always secure, and there are many risks associated with it. In this Blog we will discuss various ways to secure email and protect sensitive information from hackers, cybercriminals, and other malicious actors.

Let’s start with the 5 basics for Exchange online. No matter the license you can provide all your EOL customers the following protections.

 

  • Multi-factor authentication is an authentication method that requires users to provide two or more forms of authentication before accessing their Exchange Online accounts. MFA is one of the most effective ways to prevent unauthorized access to Exchange Online accounts.
  • Exchange Online Protection is a cloud-based email filtering service provided by Microsoft that protects Exchange Online users from spam, viruses, and other types of malware. EOP includes several security features, such as spam filtering, malware detection, and email encryption.
  • Implement access controls: Access to Exchange Online should be restricted to authorized users only. Users should be granted access based on their job responsibilities, and access should be revoked when users leave the organization.
  • Train users on email security: Users should be trained on email security best practices, such as how to recognize phishing emails and how to avoid clicking on suspicious links or downloading attachments from unknown sources.
  • DKIM helps prevent email spoofing and phishing attacks by ensuring that the sender's domain name is authentic and that the message content has not been tampered with. DKIM is an important part of email authentication and is often used in conjunction with other email authentication methods such as SPF and DMARC to provide a more comprehensive email security solution. The DKIM signature is created using a private key that is associated with the sender's domain name. The signature contains information about the email message, including the sender's domain name, the timestamp, and a hash of the message content. This signature is then added to the header of the email message as a DNS text record.

 

5 Nice to haves to give you beyond the Basics

Defender for Office also includes several additional security features, such as:

Safe Links: This feature checks links in emails and Office documents to ensure they are safe and do not lead to malicious websites.

Safe Attachments: This feature uses sandboxing technology to scan email attachments for malware and other security threats before allowing them to be opened by the user.

Mailbox intelligence: Lets me see things like how often I get email from spoofing NZ (No I don’t run the spoofing club in NZ)

 

 

If you are resource constrained, and who isn’t, look at automating your response to comprised user via email. This is the true capabilities of an XDR framework. Unlike known protection methods such as prevention and blocking based on a single indicator of compromise, attack disruption in Microsoft 365 Defender leverages the breadth of our XDR signal to act at the incident level and takes the entire attack into account. Where we correlate signal across email, identity, and apps to establish high confidence.

 

 

More detail on this can be found here https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294

 

So, in summary there are many layers of technology we can put in place rather than just doing some phishing training and then blaming users for comprise.

Use you already have and look to integrate signal across any existing silos of intelligence. Don’t fall for a XDR out of the box product, they don’t exist. Prioritise securing email as the initial attack vector and institute signal enrichment by using DKIM and DMARC. It’s free. If everyone used these it would stop the vast majority of email crime.

Remember your customers are only as secure as you are. Have you turned on what you have got?