Summary:
The COVID-19 crisis and the resulting stay-at-home orders have caused many businesses to rush to deploy remote work solutions for their employees. Although Microsoft Office 365 has been a popular choice for remote collaboration, weakly configured security settings can lead to vulnerabilities that can be exploited by attackers. Although attacks targeting Microsoft users are a major concern, there many simple steps businesses can take to protect themselves and their employees from cyberattacks as we continue to work from home.
Details:
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) recently published a new alert recognizing that security considerations may have been overlooked in the rush to get remote solutions up and running.[1] It advises organizations to ensure that their O365 software has been set up securely and to follow security best practices when it comes to working from home.
The alert comes alongside a wave of phishing attacks impersonating emails from Microsoft teams. As many as 50,000 users were hit with phishing emails masquerading as automated notification emails from Teams. The emails contained a malicious link to a phishing website where they were prompted to enter their O365 credentials.[2] If successful, this attack steals the victim’s O365 credentials and grants the attacker access to even more information due to Microsoft’s single sign-on feature. To help mitigate these and other attacks, CISA recommends the following security configurations when deploying O365:[3]
1. Enable multi-factor authentication (MFA) on all accounts, especially administrator accounts, and disable legacy authentication protocols that do not support MFA.
2. Avoid using the global administrator account unless absolutely necessary and assign administrator roles using Role-based Access Control (RBAC).
3. Enable Unified Audit Log (UAL) to help administrators investigate policy violations or suspicious activity and integrate these logs with your existing Security Information and Event Management (SIEM) system if possible.
1. Enable alerts within the Security and Compliance Center to detect anomalies like logins from suspicious locations or accounts exceeding sent email thresholds.
2. Incorporate Microsoft Secure Score to evaluate your organization’s security posture and enhance security compliance.
In addition to the above recommendations, Trusted Internet recommends making sure updates to Microsoft software are installed regularly. In the May 2020 update alone, Microsoft released patches for 111 different security vulnerabilities, including at least 16 critical vulnerabilities that, if exploited, could allow attackers to install malware or take remote control over systems.[1] It is also important to make sure employee laptops or workstations are running antivirus or endpoint protection, and that users have been trained to follow company security policies related to remote work.
Looking to the future, many employees may continue to work from home even after the COVID-19 pandemic has passed. Twitter announced this week that it will allow its employees to work from home “forever” if they choose.[2] If working from home becomes the new normal, it will be even more important to ensure businesses know how to do so safely.
Conclusion
Implementing solutions like Microsoft Office 365 has been instrumental in allowing organizations and their employees to collaborate remotely and stay online. Taking the time to ensure that your O365 integration has been completed securely is a simple way that your company can maintain its security in this transition. Trusted Internet is a managed security service that can help you deploy secure remote work solutions and protect your business and employees from cyberattacks. If you have any questions or need to report a cybersecurity incident immediately, please call our SOC hotline at 1-800-853-6431 ext. 1 or email support@trustedinternet.com.
[1] https://krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/
[2] https://www.cnbc.com/2020/05/12/twitter-tells-employees-they-can-work-from-home-forever.html
[1] https://www.zdnet.com/article/microsoft-office-365-us-issues-security-alert-over-rushed-remote-deployments/
[2] https://abnormalsecurity.com/blog/abnormal-attack-stories-microsoft-teams-impersonation/