Protect your data with ATP
Keeping your data protected…With Office 365 Advanced Threat Protection
Released back in 2017, in the wake of the rise in email born cyber-attacks, Microsoft released ATP as their non-compulsory add-on security service. Clarifying emails, with little impact on productivity, ATP is among the purest of the add-on’s suite to 365, which we strongly advise businesses to adopt.
Together with key features, such as Safe Links, ATP prevents users from inadvertently clicking on malicious links embedded within phishing emails that are untruthfully representing themselves from a genuine source, such as a bank, government body or trusted brand name.
Safe Attachments defends your users from opening possibly damaging email file attachments, which can be embedded with viruses or malicious code that can install software in the background of a PC designed to steal or corrupt data, without the user even apprehending.
ATP has been around since 2017, so what’s new?
A key feature, which has been added to the service’s Anti-Phishing tools, highlights on Impersonation Detection. ATP has been at work to protect against phishing attacks for quite some time, though attacks known as, “spear-phishing” or “whaling”, where offenders mimic a trusted sender often targeting entities within a business that may have access to valuable data, are far more challenging to detect.
If the hacker can get their email dispersed to their envisioned target, they are far more likely to be deceived by domain name impersonation. Where two very similar names are used, so alike in fact, that at first glance most users wouldn’t notice anything wrong with the email.
The new Impersonation Detection service works to detect doppelganger email addresses and domain names that may be used to trick users. Using “mailbox intelligence”, ATP will regulate whether the email being received is from a reliable email sender, or a new email address. Security warnings will then automatically be applied to unknown email addresses, helping to draw user’s consideration to likely risks.
This feature, among all other ATP tools, are contained within the Office 365 Advanced Threat Protection bolt-on product, which are involved as-standard with the Enterprise E5 license.
Could someone impersonate my domain?
Simple response, yes. It is astoundingly easy for those with moderately basic knowledge of cyber hacking to mask your domain and an email address, then start firing out emails set to cut valuable data, or simply cause disturbance & down time.
One definite risk with domain impersonation isn’t necessarily criminals impersonating other people’s domains, but them choosing to mimic your domain, with the one key objective of fooling your own staff.
Recent examples include, a Finance Director’s email account being mimicked – with an precise mask of the name, full email address, and even his email signature! An email gets sent from this forged account to another member of the Accounts Department, demanding them to make payment on a fabricated invoice to a bank account. The email is well written in English and has a sense of urgency. Not wanting to upset their boss, the team members makes the payment as instructed. Losing the business thousands in one simple innocent error.
How can I use ATP to safeguard against this impersonation?
ATP will regularly keep a look out for domains used within email addresses that are emailing your users. It will work to filter-out emails (based on your pre-selected choices) that fall into an untrusted group, perhaps a spoof domain that is very alike to your own (down to simple alterations, such as being one character different), or from an unidentified user/email address that doesn’t exist within your 365 – keeping your team well out of harm’s way.
The threat management dashboard incorporates real-world statistical info on where emails are originating from, domains and users that have been impersonated. With this kind of information, you will be able to keep ahead of the uncertainties.
There is of course the risk that truthful emails may well be filtered out, so you can of course view a list of all the isolated emails and choose to act on them all collectively or by individual email.
What are the next steps?
If you are already a user of the Office 365 suite, you can bolt-on the ATP service almost instantly! Contact the team to receive support in obtaining and best configuring the service to sufficiently protect your data, users and livelihoods.
Who are Initial IT?
Initial IT has been providing technology services and support to small-and medium-sized businesses in Staffordshire & beyond for more than 15 years.
Our mission is to drive value with innovative, customer-oriented solutions that give them the edge to compete with their much larger counterparts.