Phishing Protection In Outlook and Office 365

There are four ways that a typical business user on a Microsoft Outlook/Exchange/Office 365 platform can utilize.  While these may not be perfect, and all of them have issues, applying these solutions will help prevent your users for falling victim to phishing emails.  These solutions are additive, and each additional solution deployed provides a further layer of protection.

Junk Mail Filter – Outlook comes with a built-in Junk Mail filter that, while not perfect, is actually pretty good at detecting spam and phishing exploits.

Exchange – The Outlook Junk Mail functionality can be improved by implementing junk mail rules on the Exchange server using Cached Exchange Mode or PST files on the server to push the rules to the clients.

Disable Hyperlinks – Using Group Policy, you could disable hyperlinks in emails completely.  This will not be popular with your user base, and will require them to copy and paste links into a browser.  While this will take the heart out of most link-based phishing exploits, and will kill legitimate links as well as malicious links.  This does nothing against phishing emails with email attachments,

Advanced Threat Protection in O365 – ATP safe links are cloud-based version of Outlook’s junk mail filter, and rules can be applied at the individual, group, or organizational level.  When ATP is applied, incoming emails (when they contain hyperlinks) are run through a series of filters that analyze the message header.   These filters look at IP and envelope filters, and run the message through signature-based anti-malware scans, and anti-spam filters. If found to be safe the message is sent on to the recipient.

Phishing Detection and Resistance Training – It is also a good idea to provide some training on how to determine whether an email is a phishing email or not.  There are many organizations you could choose from to provide the training.  Professionally, phishing awareness and cybersecurity awareness training is about 35% of my month.  Most of the employees I have trained enjoyed the experience, and walked away with useful tools to use at work and in their personal life.

These techniques, for the most part, are low cost and easy to implement.  Used together, they will stop most of your problems with phishing.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment