How to Protect against Ransomware in Microsoft Office 365

How to Protect against Ransomware in Microsoft Office 365

by

Office 365 ransomware protection is becoming a top concern for organizations around the world. The rapid transition to remote working and the increasing use of cloud services have given cybercriminals more opportunities to expand their operations on cloud-based platforms, including Microsoft Office 365, one of the leading office suites in the world.

This article discusses how ransomware infects Microsoft Office 365 data and what protection tools you can use to protect your data.

How Ransomware Infects Office 365 Environments

Ransomware is a type of malware that encrypts your computer or IT environment until you pay a ransom. In 2020, 84% of organizations surveyed worldwide have been victims of ransomware or believe their businesses will be attacked soon.

It has now been determined that ransomware can infect cloud-based Office 365 data through device synchronization or direct access to the cloud. When a local device is infected, corrupted files are synced to OneDrive and SharePoint through the client sync tool.

For direct access, ransomware can’t get in without your permission. Here are three ways criminals can trick you into giving them access to your Office 365 environment:

  • Identity theft. In 2020, 54% of ransomware attacks are caused by phishing emails with malicious attachments or links to malicious websites. Furthermore, Microsoft tops the list of most imitated brands for phishing attacks. In Q2 2021, 45% of all brand identity theft attempts disguised themselves as Microsoft to steal user logins, personal information, and payment information.
  • Infected applications Although Microsoft constantly scans AppSource for malware, there is still the risk of installing an application that will infect your environment. Criminals can exploit vulnerabilities in existing applications or create new applications that look and function as they should.
  • Insider threats. Your employees can cooperate with criminals outside the company and give them the necessary access or even install malware. Alternatively, your employees may decide to get rich overnight and purchase a ransomware toolkit on the dark web.

As criminals become more cunning, identifying ransomware attempts can be a daunting task. For example, a phishing email may appear as a permission request that appears to be from Microsoft, but will encrypt your Exchange Online mailbox when you click the “Accept” button.

To ensure the security of your cloud environment, you need a comprehensive ransomware protection strategy for Office 365. This strategy should include ransomware awareness techniques as well as reliable data protection and recovery tools. Let’s explore each ingredient in detail.

ransomware awareness

Since phishing emails are still the most common source of ransomware, your organization’s vulnerability largely depends on employee awareness of ransomware. Employees should understand ransomware threats and know how to mitigate them. Here are some examples:

  • Employees must know how to set secure passwords and update them regularly.
  • Employees must know how to recognize suspicious emails and be careful with attachments and links.
  • When surfing the web, employees need to pay attention to the page’s URL and the padlock icon.
See also  Here’s how to get Redfall Bite Back Edition for free from Nvidia

Ransomware awareness shouldn’t be limited to employee training. Microsoft’s shared responsibility model states that data protection, recovery, and access management are the responsibility of the user. This means that you must be aware of the potential risks and vulnerabilities in your Office 365 environment.

Make sure to update your system and devices regularly. Usually, updates and patches fix bugs and security issues, improving your system’s resistance to ransomware attacks. Additionally, you can enhance Microsoft’s native ransomware protection with antivirus software that will regularly scan your environment for potential threats.

Genuine Microsoft anti-ransomware protection

Microsoft offers several data protection tools, including Exchange Online Protection (EOP), Microsoft Defender, and OneDrive ransomware protection for Office 365. Let’s take a closer look at each tool.

Exchange Online Protection (EOP)

Exchange Online Protection (EOP) is enabled by default. This tool allows you to filter incoming email based on sender’s reputation, domain and IP address, keywords, and Microsoft analysis algorithms. You can configure filtering policies and rules, create lists of blocked senders, choose unwanted attachment types, and reject emails written in other languages.

In addition, EOP filters outgoing email for spam. This protects the Office 365 community from spammers and prevents the use of compromised accounts for spam attacks.

Microsoft Defender

Microsoft Defender (also known as Advanced Threat Protection) allows users to detect and remediate malware and phishing emails. This feature is only available in the Office 365 E5 plan.

Unlike regular antivirus programs that can only identify threats added to the antivirus database, Defender can protect against new unknown ransomware patterns. This tool monitors for suspicious behavior and can filter incoming email for malware and phishing attempts.

Microsoft Defender protects users from two common phishing techniques:

  • Spoof email or domain names. A spoofed address looks similar to the sender’s real address, but they’re not the same. For example, [email protected] instead of [email protected] or [email protected] instead of [email protected]
  • Fake email. Criminals use spoofing to change email headers so that a fake address is shown to recipients. For example, [email protected] it will be displayed as [email protected]

Defender also allows smart mailboxes to build a database around a user’s communication habits to track down new and suspicious senders.

Protect OneDrive Ransomware

Microsoft monitors your OneDrive data in real time for ransomware and notifies you of suspicious files. In the event of a blackmail attempt, you have 30 days to restore your files to their previous, uninfected version.

See also  How Can You Support Small Businesses in Weston, FL Right Now?

On the other hand, ransomware can delete the version history along with the original file. There is still a chance of recovering the original file from the recycle bin, but the chance is not something you can rely on. The best option in this case is to have third-party backups that allow point-in-time restore and allow you to go back in time before the attack occurred.

Read here how a reliable backup solution can take your Office 365 ransomware protection to the next level.

Other protective gear

Microsoft allows you to limit permissions and unauthorized access using role-based access control and multi-factor authentication. In fact, multi-factor authentication can prevent ransomware attempts even if a user opens a phishing email or link, so make sure it’s enabled.

Another useful feature that you should enable is testing. Microsoft monitors events and records user and administrator activities across Office 365 services in audit logs. Audit was originally designed for compliance purposes, but you can use it to monitor suspicious activity and monitor access, permissions, downloads, password changes, etc.

As attacks become more sophisticated, Microsoft tools may not be enough to provide Office 365 protection from ransomware. In this case, recovery solutions come in handy.

Office 365 Ransomware Recovery Solution

Effective Office 365 ransomware protection must include data recovery tools to ensure business continuity when ransomware enters your environment. You can use Microsoft’s original recovery tools (versions, retention policies, and recycle bin) in conjunction with third-party backup solutions. Let’s consider each of them.

versioning

SharePoint allows you to save up to 50,000 versions of site and document libraries and SharePoint lists. However, this tool is limited to advanced application data files (you can enable versioning for some but not all applications) and is not available for sites and metadata subsite. OneDrive protection and ransomware recovery is also version dependent.

Note that instance generation that includes full (non-incremental) snapshots takes up a lot of storage, and 1000 instances will increase your memory usage by 1000x. This makes versioning an expensive solution as you will have to pay for additional memory. Sometimes administrators turn off version history to save it in memory. If this happens, the version and together with the recovery version will not be available.

retention policy

Retention policies are available in Office 365 E3 and higher plans. They allow you to keep copies of your data for a certain period of time. However, unlike third-party backups, Microsoft’s retention policy is based on versions that cannot be scheduled by the user. This can lead to data loss.

Additionally, any preserved files can be downloaded but not restored to their original location. So if you need to recover many files at once, it can take a lot of time and effort.

See also  How to Set Up an HR Department from the Ground Up?

Trash can

The dustbin provides standard retention after mopping. When a user deletes a file, it can be restored within 93 days. Note that the recycle bin is also version-based, so if version history is turned off, restoring won’t be possible.

After 93 days, you can still restore files from Microsoft SharePoint Online’s daily backup for the next 14 days. If OneDrive for Business files are stored in a SharePoint site collection, you can also restore them. For this, you need to contact Microsoft support and request a full site restore. Please note that in some cases it may take several days for your request to be approved. You also won’t be able to restore specific versions or individual items.

After 107 days, your data will be permanently deleted and cannot be recovered unless you have a third-party backup.

Third-party backup solutions

Microsoft’s original recovery tools have limitations, including limited retention time and no point-in-time restore. Retention configuration and recovery can be complex and time consuming. In addition, retained files can take up a lot of storage space and increase the total cost of Office 365 services.

Adopting a secure third-party backup solution can improve your recovery time goals and reduce damage caused by ransomware or human error. Even Microsoft recommends a backup solution to keep your data safe.

Today’s backup solutions based on incremental backups only store changed blocks of data and allow you to save storage space. Flexible automation, scheduling, and scheduling tools prevent data loss and ensure business continuity. Finally, third-party solutions allow you to store your backups offline, improving your resistance to ransomware attacks.

Terminate

Companies can fall victim to ransomware even if their data is stored in the cloud. Microsoft Office 365 has many tools to prevent unauthorized access, phishing, and malware. However, as cybercriminals become more sophisticated, you need a more sophisticated approach to protecting Office 365 from ransomware.

To reduce data loss and improve your resilience to ransomware attacks, your data protection strategy should include ransomware awareness training, use Use Microsoft’s native protection solutions and third-party backups.

Categories: How to
Source: tiengtrunghaato.edu.vn

Rate this post

Related posts:

  1. How to Summarize an Article
  2. How to Write Terms and Conditions
  3. How to play with your Buddy in Pokémon Go
  4. How to save your weapons and gear in Deathloop
  5. How to join the Vanguard in Starfield
  6. How to downgrade from macOS Sonoma to an older version
  7. How to right-click on a Mac
  8. Snapchat Recap 2023: how to find your year in review
  9. How to create multiple user accounts on the Apple Vision Pro

Leave a Comment