combines email, file storage, collaboration, and productivity applications,
including OneDrive and SharePoint. Together, they are the crock of gold of
sensitive data and files that phishers are looking to exploit.
On obtaining a single set of legitimate Office 365 credentials, a phisher can conduct spear phishing attacks from within the organization, impersonating employees in order to extract a financial payback. Attackers mimic the protocols and appearance of Office 365 messages and interfaces to trick users into disclosing their login credentials and here are the type of attacks to look out for:
The Voice Message Attack:
Office 365 indicates you have an email. The subject line reads: “Incoming: You
received a voice message from +1 508 *** – 250 seconds.” It’s personalized with
your first name in the body of the message. Along with the realistic-looking
phone number, the email contains a phishing link you can click on to hear your
message. Don’t! It’s a trap.
The ‘Action Required’ Attack
The message arrives with a subject
line that says something like, “Action Required: [email_address] information is
outdated—You must revalidate your account.” The message includes a link that is
generally hosted on a legitimate although hacked website to bypass
reputation-based email filtering systems. This is a trick to get you to
disclose your Office 365 login credentials. This could be the first step in a
multiphase attack, providing the attacker with all they need to begin
conducting lateral attacks within your organization using the compromised
Office 365 account.
The Shared File Attack
shared-file attack, you receive a file-sharing notification in an email message
from a common name, such as “John” or “Julie.” You know someone named John or
Julie, don’t you? You’re then redirected to a fake OneDrive login page where
the phisher then harvests your account credentials. You assume you’ve been
logged out. The phisher is counting on you to sleepwalk through your use of
Office 365. That way, you won’t question what’s happening.
How to prevent Office 365 Phishing Attacks:
User Awareness Training
Knowledge is power! The more informed your users are to the current threats and alert to them, the more likely they will be to spot a phishing attack. User Awareness Training is key to this and Nimbus can provide this training.
2. Add extra security
The second is to add an additional security layer that sits insideOffice 365. This solution leverages artificial intelligence (AI), including machine learning (ML), uses real-time behavioural analysis to protect from unknown threats, whereas traditional fingerprinting and reputation methods detect only known threats. With this predictive approach, AI-based technologies leverage huge amounts of data to identify abnormal behaviours and inconsistent characteristics in the way’s emails are built and sent to identify a potential new threat. Again Nimbus can offer this product as part of your multi-layered security approach to cyber security.
Email is a must-have for easily doing business. For everything from work, shopping, social media and keeping in touch, the benefits email provides has made organisations more efficient and productive than ever before.
Even with all these benefits, having an email address does come with its security risks. With the increasing threats of viruses and spyware from spam and phishing emails, it’s now more important than ever before to ensure you are protected.
Ensure your business security with these tips for keeping their emails safe and identity spam emails:
Poor grammar and spelling
A well known way to identify spam is when the email is full of spelling or grammatical mistakes or looks like it has been translated online. However, with the quality of these spam emails improving, it’s now more important than ever before to make sure your staff and colleagues are thoroughly checking all emails for any indication of a spam email.
Unknown or odd email address
With spear-phishing attacks becoming increasingly more advanced, personalisation in emails, both for businesses and spam, is another way hackers try to convince the recipient that it’s a legitimate email. A way to check this out is to review the email address of the sender. If the address looks unrealistic, has a domain that you don’t recognise or isn’t related to the sender’s name or company, then this email should not be trusted.
The email’s content
With the amount of emails we all receive each day, it can be hard to spot what is genuine. Two common traits in spam emails are requests to provide sensitive information and offers which seems too good to be true.
If anything about the email’s content makes you unsure, don’t click any links and get in touch with the sender company to find out if it’s legitimate.
Strange attachments and links
Company emails will often have a call to action, in the form of a link or attachment, prompting you to find out more. Spam emails providing links and attachments can infect your PC with damaging viruses and spyware.
To check this, you can hover over email links to see if they look genuine or not. It’s a good way to see if they are malicious, without actually clicking on the link. Implementing an email and web threat protection to help to prevent end users from clicking on malicious links. Nimbus have a number of options available for this.
Ensuring your customers safety
Though spam is a major concern, this shouldn’t prevent businesses from taking advantage of using email as a way of effectively communicating. Being aware of how to spot spam, and implementing an email security solution, which can identify and remove 99% of spam before it reaches the mailbox, as well as ensuring emails are safe by implementing a backup storage solution will protect users from risks and give them confidence online.
Microsoft Office 365 – NOT Automatically backed up
There is a common misconception amongst customers that once they have an Office 365 subscription in place then they are covered for a quick restoration in the event of a security threat or event such as a user error, file deletion (intentional and unintentional) or indeed a ransomware attack. However, this is not the case and while you have high availability to access your data at any time, when you encounter a security threat or event you need a solution that will insure you have quick access to your Office 365 data, greatly improve your RTO (recovery time objective) while keeping you compliant with your retention and data loss policies.
Office 365’s popularity makes it the #1 target for cybercriminals.
Hackers can easily exploit the productivity suite by concentrating on known weaknesses in the out-of-the-box security tools from Microsoft. These days it’s so easy to fall prey to cyber criminals. A hacker sends an exclusive offer with an attachment loaded with malware and, before you know it, you’ve lost crucial data and they’ve scored easy money. But why should you back up your data as a defence against these foul predators? We’ve got five reasons you should hear…
The Cost of a breach has the potential to wreak significant damage to SMBs.
Cost is a big factor for small to medium-sized businesses. Many SMBs are less likely to spend on cyber security because they don’t think they’ll ever be targeted. Since they only hear about large breaches in the news, they believe hackers only go after corporate money. But 47% of small businesses have already reported a cyber-attack in 2019, an increase of 14% from 2018 (Hiscox, 2019). If your business were to suffer from a data breach, those hours of lost productivity and loss of customer confidence due to reputational damage could fold a small to medium-sized business overnight. The cost of purchasing a backup solution for your Office 365 data far outweighs the risks of going without.
Layered security is the best approach.
Your Office 365 email is automatically secured with standard protection; known as Exchange Online Protection (EOP). But due to advanced exploits, EOP can’t protect you against social engineering techniques that land in your inbox. Think about how you would protect your business from intrusion; safety alarms, changing the locks on windows and doors, keeping your valuables in a safe place and out of reach are all valid ways to secure your safety. So, choosing additional security tools – such as email security and backup – to protect your Office 365 data is the best way to keep your business safe.
Office 365 is vulnerable to attack.
The number of compromised Office 365 accounts are growing. More than 1.5 million malicious emails were delivered by hackers in March 2019 using 4,000 compromised accounts (Barracuda, 2019). These are infiltrated by tricking the user with a combination of social engineering tactics, brand impersonation and phishing methods to successfully retrieve their credentials. Unfortunately, since most people use the same or similar password combinations for other accounts, these were also compromised too. It’s a vicious circle. But even if you were to fall foul to these techniques (and everyone does), having additional security software and a robust BCDR (Business Continuity and Disaster Recovery) process in place could make all the difference
The Data Protection Act 2018 (the UK’s implementation of GDPR) stipulates that any data should be ‘handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.’ Businesses that do not comply could be faced with hefty fines, risking reputational damage and more. 86% of SMBs feel they cannot adequately defend themselves against cyber breaches (Ponemon, 2018). Implementing an effective cyber security strategy, including data backup, can help alleviate that pressure and aid your data compliance.
What is the solution?
SkyKick Cloud Backup is a market-leading backup solution that helps protect your Office 365 data. Featuring unlimited backup storage, powerful search mechanics and one-click data restore, it’s one of the fastest and easiest ways to get your productivity back on track. If you’re using Office 365 for your email, to store files in the cloud via OneDrive for Business, or to communicate and share files with your colleagues via Office 365 Groups and SharePoint, SkyKick will back up everything automatically up to six times per day. So, even if you delete a file by accident, chances are that it will be saved on a previous backup and can be easily recovered.
SkyKick back up and stores your files separately.
With SkyKick, all your files are backed up and stored separately to eliminate cross-file infection. If you’re storing files in OneDrive for Business, once you save the document to your personal drive, the system will automatically overwrite the original and sync the new version. While it is possible to return to an old version with Microsoft’s File Versioning feature, if the file is infected via malware or corrupted, all versions will be affected.
Data Recovered in minutes.
Restoring individual data from Office 365 can take IT Technicians up to 6 hours, due to a long and complicated export and import process. But with SkyKick, your files can be recovered in minutes with the one-click restore feature. The solution also allows your files to be restored in bulk on OneDrive for Business, with SharePoint folders, lists, sub-sites and sites bulk restore available in late 2018. Plus, all your Office 365 data can be recovered to the exact same location it was saved within.
Why Choose SkyKick cloud back up?
Unlimited Backup – No data caps, no retention limits, and up to six daily backups.
One-Click Restore – Powerful search indexing means we can find and restore emails in minutes, not hours.
No File Overwrites – All data is backed up separately to eliminate the risk of cross-file infection.
Exact Location and Data Recovery – Individual or bulk data can be recovered to the same location, so you know exactly where to look.
Aids Data Compliance – Helps you comply with data protection and litigation policies.
Ultra Secure – All data is backed up with encryption in transit and at rest, remaining safe in UK or EA Azure data centres.
Windows 7 – End Of Live – What does it really mean for me?
It has been widely broadcast that Microsoft will stop supporting Windows 7 on January 14th 2020. That means that all security updates, bug fixes, etc will end and will not be provided by Microsoft.
Can I just remain as I am on Windows 7?
Of course there is nothing stopping you from carrying on using Windows 7 after the 14th January and there is no doubt many people and companies will but it is best to be fully informed of what that course of action means to your business and what the likely impact could be if you continue with an unsupported Operating System.
Learning from lessons of the past…
Remember when Windows XP expired but some organisations continued using it long after and fell victim to the likes of the WannaCry ransomware? It is very likely that attackers are working on similar ways to exploit the opportunities to attack when Microsoft ends its support for Windows 7.
Effectively Microsoft will not take responsibility for the Windows 7 product anymore making you more susceptible to hackers as you will no longer have regular patches and security updates. You are then risking losing important data and all the pain that comes with a cyber-attack.
Aside from the security threat aspect it also important to note that 3rd party software providers are unlikely to support their offering to you past this date if you still run a Windows 7 Operating System.
Change is always uncomfortable…
There is no doubting that change is never easy, especially when you are content with Windows 7, an operating system which is one of the most successful every developed by Microsoft. However, in order to continue receiving a better experience with improved features that can save time while producing better outputs from Word, Excel and PowerPoint not to mention closing the security risk then you really need to consider your upgrade options.
It will be short term pain for long term gain….
Nimbus are on hand to carry out a no obligation, non intrusive audit of your IT infrastructure. Using our award winning technology, we can quickly identify what devices need to be upgraded. This upgrade can either be working with the existing equipment right through to a complete refresh and everywhere in between. We can also offer flexible finance options which can alleviate any concerns about up front capital or the impact on cash flow.
Call us on: Belfast +44 (0)28 90080030 or Dublin +353 (0)1 9012099
Sean joins the Nimbus team with over 15 years experience working in the Service Industry within the Private Sector across the island of Ireland.
Prior to joining Nimbus, Sean has worked alongside Nimbus on a number of projects in his previous role in a Managed Print Services company and understands how our business has grown and developed over the years.
The new management role has been created to support the existing business growth within the UK & Ireland market, developing new business opportunities along with building strong client relationships while identifying and developing new sectors and industries.
Our Founder & CEO, Gareth McAlister said “I have known Sean over the past 5 years and am delighted to welcome him to the team here at Nimbus. His experience within the service industry will be invaluable to us as we continue our growth plans into the future”
Who are Nimbus?
Nimbus are experts in Managed IT solutions offering proactive 24/7/365 support to organisations across the UK and Ireland. We also offer high level consultancy services to larger companies on Risk and Cyber Security as well as compiling and implementing Disaster Recovery plans and strategies.
With locations in Belfast and Dublin and a highly skilled technical team of experts operating from state of the art premises, Nimbus is well equipped and experienced to take care of your organisations IT requirements.
Interested in getting a chat about what we may be able to offer your organisation?
Call us on:
028 900 800 30 – Belfast
01 901 2099 30 – Dublin
You can also email Sean at: firstname.lastname@example.org