loader gif

NCSC Finland Releases New Guide on Securing Microsoft Office 365 Against Credential Phishing and Data Breaches

NCSC Finland Releases New Guide on Securing Microsoft Office 365 Against Credential Phishing and Data Breaches
  • The NCSC-FI said that Microsoft Office 365 phishing has become a common threat for many Finnish organizations.
  • This guide outlines a few security measures to prevent phishing, which includes deploying two-factor authentication, ensuring the quality, quantity and retention period of logs, securing email, and other end-user devices, among others.

The National Cyber Security Centre Finland (NCSC-FI) has published a guide on how to secure Microsoft Office 365 against data breaches and credential phishing.

A brief overview

The NCSC-FI said that Microsoft Office 365 phishing has become a common threat for many Finnish organizations. To help organizations’ combat such threats, the NCSC-FI has published a comprehensive guide.

“Especially during the first half of 2018, more and more cases were reported to the National Cyber Security Centre Finland (NCSC-FI) in which organizations were subject to phishing with the purpose of obtaining the email credentials of employees,” the report read.

Prevention against phishing

This guide outlines a few security measures to prevent phishing, which include:

  • Deployment and enforcement of modern authentication such as two-factor authentication
  • Ensuring the quality, quantity and retention period of logs
  • Securing email and other end-user devices
  • Controlling terminal devices, and
  • Providing education and training to employees on how to identify phishing emails

Checklist to follow in the event of an attack

The report also provides a brief checklist of what to do in the event of an attack.

  • Identify the targeted victims and their impacted accounts
  • Block the impacted accounts and change the passwords
  • Launch an initial investigation to determine the scope of the attack
  • Report the incident to the NCSC-FI and the other local law enforcement agencies
  • Delete any contaminated files and data
loader gif