Skip links

10 Steps to better email security in Office 365

Email is the go-to communication and collaboration tool for most businesses these days – and rightly so. Over decades, it has forged its position within the digital terrain and weathered the storm of growing cyberattacks, but this doesn’t mean it is perfect. Unfortunately, because of its frequency of use, it is seen as a great access point for threat actors to gain entry to all your sensitive data and files. So, just like you might a new car, it is a good idea to pimp up the security on your email to guarantee your organisation remains protected.

Of course, a platform like Office 365 has you covered with a certain level of protection through their default security settings, but the haze of government and company cybersecurity breaches that happened in 2020 should be a stark reminder that complacency is not your friend. So, whether you have the Standard or Business Premium Licence for your Office 365, there are still things that you can do to bolster your email security.

Multi-factor Authentication

If you think that a password is enough to secure your email from a cyberattack, you’d be wrong. With an increase in email malware and social engineering attacks, the old username/password combination now needs to be reinforced with new multi-factor authentication (MFA) options. MFA is the easiest way to protect your email account and blocks 99.9% of account compromise attacks.


Block Legacy Authentication

Times have changed, and legacy authentication mail protocols, like SMTP, IMAP, POP, and MAPI should be shelved. As these systems don’t support modern security protocols, it makes them an easy access point for attackers, so the sooner you stop using them, the better off you’ll be.

Enable Unified Audit Log (UAL)

This is an online logbook which records all past and ongoing (present) activities across Exchange Online, Azure Directory, Teams, and various other Office 365 services. When enabled, you can access not only an overview of your activities across different services but also reverse actions that have been made.

Enable SPF, DKIM, and DMARC

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) are email security protocols that, when configured correctly, work together to provide further protection from phishing scams and spam.

Disable Auto-forwarding

Automatically forwarding emails to remote domains increases the risk of information falling into the wrong hands. A company domain generally has stringent security settings enabled, so when an email is no longer protected by these settings, it becomes vulnerable to an attack.

Turn On Alerts for Suspicious Activity

Just like a smoke alarm warns you of the imminent danger of your house burning, an email alert warns you of dubious activity. The idea is that by acting on alerts for potential threats, you will be able to decrease the severity of an attack before any real damage takes place.

Use Microsoft 365 Secure Score

Whether you think your organisation is well-prepared for cyberattacks or not, it is a good idea to get an objective evaluation like the one offered by Microsoft 365’s Secure Score. By assessing your organisation’s security performance across Microsoft 365 identities, apps, and devices, Microsoft can provide you with actionable recommendations to enhance your cybersecurity readiness across the board.

Encrypt Business Communications

Business emails often contain sensitive data and information which could be appealing to malicious actors, so they should be encrypted. Office 365 offers a security encryption feature which includes password protected opening, limited access when outside of the corporate network, and restricted printing and copying features.

Turn on ‘Report Message’ function

Enabling the ‘Report Message’ feature gives the account user the opportunity to report potential threats to administrators rather than just deleting the message and moving on. A reported message can be monitored in the Office 365 backend and displayed in the Security Dashboard to ensure the threat doesn’t progress further throughout the organisation.

Educate your Employees

In the second half of 2020, 38% of the total number of reported data breaches in Australia were the result of human error. However, with adequate training programs and information, this number can be reduced. Investing in cybersecurity training is really a further investment in securing your company as your team will have the tools and knowledge they need to ensure both they and the organisation remain secure.

Get more protection for your business

Having a well-developed security approach to your online communications is essential. While there are standard security features built into Office 365, using the multilayered approach detailed above will ensure that your email communication retains the maximum level of protection at all times.

If you’d like to know more about what you can do to make your business secure online, contact the experts at INTELLIWORX today.



This website uses cookies to improve your web experience.