There are four ways that a typical business user on a Microsoft Outlook/Exchange/Office 365 platform can utilize. While these may not be perfect, and all of them have issues, applying these solutions will help prevent your users for falling victim to phishing emails. These solutions are additive, and each additional solution deployed provides a further layer of protection.
Junk Mail Filter – Outlook comes with a built-in Junk Mail filter that, while not perfect, is actually pretty good at detecting spam and phishing exploits.
Exchange – The Outlook Junk Mail functionality can be improved by implementing junk mail rules on the Exchange server using Cached Exchange Mode or PST files on the server to push the rules to the clients.
Disable Hyperlinks – Using Group Policy, you could disable hyperlinks in emails completely. This will not be popular with your user base, and will require them to copy and paste links into a browser. While this will take the heart out of most link-based phishing exploits, and will kill legitimate links as well as malicious links. This does nothing against phishing emails with email attachments,
Advanced Threat Protection in O365 – ATP safe links are cloud-based version of Outlook’s junk mail filter, and rules can be applied at the individual, group, or organizational level. When ATP is applied, incoming emails (when they contain hyperlinks) are run through a series of filters that analyze the message header. These filters look at IP and envelope filters, and run the message through signature-based anti-malware scans, and anti-spam filters. If found to be safe the message is sent on to the recipient.
Phishing Detection and Resistance Training – It is also a good idea to provide some training on how to determine whether an email is a phishing email or not. There are many organizations you could choose from to provide the training. Professionally, phishing awareness and cybersecurity awareness training is about 35% of my month. Most of the employees I have trained enjoyed the experience, and walked away with useful tools to use at work and in their personal life.
These techniques, for the most part, are low cost and easy to implement. Used together, they will stop most of your problems with phishing.Share