consigliere of your IT administrationABOVE IT
Subscribe to our newsletter

Communication Security Part 2

In the first part of communication security, I discussed message hygiene, specifically how we can better protect ourselves from the misuse of our email domains and enhance message deliverability. This second section will cover what should be considered to safeguard incoming email traffic and our users from malicious messages.

Attack Methods Are Evolving

Some of today’s email attacks are highly sophisticated, and anyone can fall victim to them. The most common attacks targeting organizations are so-called BEC – Business Email Compromise attacks, where the perpetrator impersonates an employee or partner of the same organization. In the worst-case scenario, a partner’s or colleague’s email account may have been compromised, making it extremely difficult for the user to discern who they are truly communicating with.

Another prevalent method is the “Fake email forward,” where an attacker constructs a fabricated email thread that includes genuine email addresses and fictitious agreed-upon payment instructions, among other things. The attacker then sends this message to an unsuspecting user, prompting them to take action. Examples of such attacks are numerous! The tactics have become increasingly sophisticated. Artificial intelligence further complicates defense efforts, necessitating a natural increase in vigilance.

Five Pillars for Securing Communication

How can organizations enhance their protection today? Below, I have briefly outlined five key areas that form a comprehensive framework for minimizing an organization’s cybersecurity threats and risks. While this overview is not exhaustive, it aims to provide insights and a benchmark for assessing your organization’s current status.

Strategy

Everything begins with a strategy. Without one, efforts tend to be reactive and, regrettably, often belated. A strategy defines and guides, for instance:

  • Legislation and Standards: What potential requirements are imposed on our organization, such as ISO 27001, NIS2, etc.
  • Technical Security Policy
  • Incident Response Plan for Security Breaches
  • Recovery and Continuity Plans
  • Staff Training: How to ensure cybersecurity implementation for end-users
  • Continuous Monitoring and Metrics: For example, how users can effortlessly report detected cybersecurity threats or incidents
  • Cybersecurity Culture: How users are engaged in the organization’s collective cybersecurity initiatives


The development of a cybersecurity strategy is a continuous process that requires regular review and updates. Moreover, it must be an integral part of the organization’s risk management, with commitment from leadership and continuous oversight.

Technical Security Measures

Every Microsoft 365 subscription includes Exchange Online Protection (EOP), which provides basic protection measures.
For instance, the Microsoft Business Basic license only includes EOP. Business Premium, widely adopted in the SMB sector, already incorporates Defender for Office 365 Plan 1, which provides more advanced protection measures. I contend that EOP alone is insufficient today; it should be augmented either a) with a Defender for Office 365 add-on or b) by integrating a third-party security solution. Conditional Access Management for Entra ID is also a crucial component of end-user security, provided it is available under the current licensing.
It is also important to note that both Defender and EOP require configuration to achieve the optimal level of protection, even though default settings allow for initial deployment.

User Training

This is arguably the most critical aspect to address within the strategy. Regular, targeted training sessions should cover current and common cybersecurity threats. The market offers excellent services providing cybersecurity micro-training. It is crucial to keep end-users consistently informed about phishing messages and other cybersecurity threats. However, it is equally important to ensure that the training material is presented in an easily understandable format.

Processes

Processes outline the operating principles for various scenarios. They serve as guidelines for how we act in different situations and regarding communication. Examples include how an organization has documented a process for verifying payment change requests received via email, how to verify an individual’s identity when necessary, and how we generally respond to cybersecurity incidents.

Reporting and Monitoring

Reporting and monitoring may have been overlooked in many organizations. End-users should be central to observing and reporting cybersecurity incidents. For phishing and malicious messages, this could involve, for example, integrating an email reporting button for users directly into the Outlook client within the M365 service. Another approach is to establish a Teams channel where users can report incidents and simultaneously inform other members of the organization. The IT department’s role is to actively monitor these reports and implement necessary adjustments to policies, training, or guidelines as required.

What thoughts did this article evoke in you? Do you perhaps need a sounding board or a consultant on this topic? Please do not hesitate to contact us to discuss further. You can book an appointment directly from my calendar at the bottom of the page.

Search site:

Search site: