atp

Protect your data… with Office 365 Advanced Threat Protection

In the wake of the rise in email born cyber-attacks, Microsoft released ATP as their non-compulsory add-on security service. Filtering emails, with little impact on productivity, ATP is among the toughest of the add-on’s suite to 365, which we strongly urge businesses to implement.

Including key features, such as Safe Links, ATP prevents users from unintentionally clicking on malevolent links embedded within phishing emails that are misleadingly representing themselves from a genuine source, such as a bank, government body or trusted brand name.

Safe Attachments protects your users from opening potentially malicious email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even realising.

 

ATP has been around since 2017, so what’s new?

A crucial feature, which has been added to the Anti-Phishing tools, focuses on Impersonation Detection. ATP has been working to protect against phishing attacks for a long time, however attacks known as, “spear-phishing” or “whaling”, where criminals mimic a trusted sender often targeting individuals within a business that may have access to valuable data, are far more intricate and difficult to notice.

If the hacker can get their email delivered to their proposed target, they are far more likely to be fooled by domain name impersonation. Where two very alike names are used, so similar in fact, that most users wouldn’t notice anything wrong with the email to begin with.

The new Impersonation Detection service works to detect doppelgänger email addresses and domain names that may be used to hoax users. Using “mailbox intelligence”, ATP will determine whether the email being received is from a trustworthy email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s attention to possible risks.

This feature, among all other ATP tools, are included within the Office 365 Advanced Threat Protection bolt-on product, which are included as-standard with the Enterprise E5 license.

 

Could someone imitate my domain?

Yes, regrettably. It is disturbingly easy for those with comparatively basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to steal valuable data, or simply cause disturbance & down time.

One specific risk with domain impersonation isn’t essentially criminals impersonating other people’s domains, but them choosing to impersonate your domain, with the one key objective of fooling your own staff.

Current examples include, a Finance Director’s email account being impersonated – with an accurate mask of the name, full email address, and even his email signature! An email gets sent from this fake account to another member of the Accounts Department, asking them to make an imbursement on a fictitious invoice to a bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple unknowing mistake.

 

How can I use ATP to protect against this impersonation?

ATP will automatically keep an eye out for domains used within email addresses that are contacting your users. It will work to filter-out emails (based on your pre-defined choices) that fall into an un-trusted category, perhaps a spoof domain that is very similar to your own (down to simple variances, such as being one character different), or from an unknown user/email address that doesn’t exist within your 365 – keeping your team out of the firing line.

The threat management dashboard contains real-world statistical information on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the threats.

 

There is of course the risk that honest emails may well be filtered out, so you can of course view a list of all the isolated emails and choose to act on them all collectively or by individual email.

 


What are the next steps?

If you are already a user of the Office 365 suite, you can bolt-on the ATP service straight away! Contact the team to receive support in obtaining and best configuring the service to sufficiently protect your data, users and livelihoods.

 

Need some support for peace of mind?

If you’re bewildered by the prospect of reviewing your IT Security, we can help.

We’re Net Platforms and we have years of experience in supporting small-medium businesses across London and Essex with such technology challenges.

Net Platforms provides a full range of professional IT services, including a full suite of cloud products, including support with Microsoft Office 365 & Microsoft Azure.

Please contact the team today on 0207 993 9035 or hello@netplatforms.co.uk.