- The NCSC-FI said that Microsoft Office 365 phishing has become a common threat for many Finnish organizations.
- This guide outlines a few security measures to prevent phishing, which includes deploying two-factor authentication, ensuring the quality, quantity and retention period of logs, securing email, and other end-user devices, among others.
The National Cyber Security Centre Finland (NCSC-FI) has published a guide on how to secure Microsoft Office 365 against data breaches and credential phishing.
A brief overview
The NCSC-FI said that Microsoft Office 365 phishing has become a common threat for many Finnish organizations. To help organizations’ combat such threats, the NCSC-FI has published a comprehensive guide.
“Especially during the first half of 2018, more and more cases were reported to the National Cyber Security Centre Finland (NCSC-FI) in which organizations were subject to phishing with the purpose of obtaining the email credentials of employees,” the report read.
Prevention against phishing
This guide outlines a few security measures to prevent phishing, which include:
- Deployment and enforcement of modern authentication such as two-factor authentication
- Ensuring the quality, quantity and retention period of logs
- Securing email and other end-user devices
- Controlling terminal devices, and
- Providing education and training to employees on how to identify phishing emails
Checklist to follow in the event of an attack
The report also provides a brief checklist of what to do in the event of an attack.
- Identify the targeted victims and their impacted accounts
- Block the impacted accounts and change the passwords
- Launch an initial investigation to determine the scope of the attack
- Report the incident to the NCSC-FI and the other local law enforcement agencies
- Delete any contaminated files and data