NCSC Finland Releases New Guide on Securing Microsoft Office 365 Against Credential Phishing and Data Breaches

  • The NCSC-FI said that Microsoft Office 365 phishing has become a common threat for many Finnish organizations.
  • This guide outlines a few security measures to prevent phishing, which includes deploying two-factor authentication, ensuring the quality, quantity and retention period of logs, securing email, and other end-user devices, among others.

The National Cyber Security Centre Finland (NCSC-FI) has published a guide on how to secure Microsoft Office 365 against data breaches and credential phishing.

A brief overview

The NCSC-FI said that Microsoft Office 365 phishing has become a common threat for many Finnish organizations. To help organizations’ combat such threats, the NCSC-FI has published a comprehensive guide.

“Especially during the first half of 2018, more and more cases were reported to the National Cyber Security Centre Finland (NCSC-FI) in which organizations were subject to phishing with the purpose of obtaining the email credentials of employees,” the report read.

Prevention against phishing

This guide outlines a few security measures to prevent phishing, which include:

  • Deployment and enforcement of modern authentication such as two-factor authentication
  • Ensuring the quality, quantity and retention period of logs
  • Securing email and other end-user devices
  • Controlling terminal devices, and
  • Providing education and training to employees on how to identify phishing emails

Checklist to follow in the event of an attack

The report also provides a brief checklist of what to do in the event of an attack.

  • Identify the targeted victims and their impacted accounts
  • Block the impacted accounts and change the passwords
  • Launch an initial investigation to determine the scope of the attack
  • Report the incident to the NCSC-FI and the other local law enforcement agencies
  • Delete any contaminated files and data