One of the many benefits of a Microsoft 365 subscription is Office 365 Advanced Threat Protection, which intercepts many emails with malicious URLs and attachments before they arrive in people’s inboxes. Unfortunately, no technology is ever going to be 100% effective, so cybersecurity training is still essential to empower employees to identify malicious emails and act accordingly.
In recognition of this, Microsoft is planning to give administrators a portal through which they can manage mail flow and explicitly allow the delivery of certain emails even if the filtering stack of Office 365 Exchange Online Protection deems them potentially unsafe. In practice, this means that administrators will be able to conduct phishing simulations.
There are a number of reasons why administrators may want to do this. For example, it could be used to identify potential weak points in the organisation, so cybersecurity training can be targeted where it’s most needed, or it could be used within a training programme to give staff a practical example of what to look out for with phishing attacks.
According to the entry on the Microsoft 365 roadmap:
“One of the ways Office 365 ATP protects customers is by blocking malicious attachments and URLs from reaching end users. We understand that from time to time, customers may want to ensure delivery of certain messages containing malicious content for specific reasons, such as phishing simulations and training. In order to provide a way for our customers to easily reconcile this at time of click and during mail flow, we're developing a portal to help you self-remediate. This portal gives admins the opportunity to explicitly allow or block attachments and URLs in your Office 365 tenant.”
The new feature should go live at some point in the third quarter this year.
While there are some great, and indeed invaluable, technologies for bolstering your cybersecurity, phishing remains a common attack vector for cybercriminals to gain a foothold in your networks. The human element is the one factor that remains constant in the world of information technology, and while everyone may have the best of intentions, most cyberattacks are unwittingly facilitated in some way by an employee within the organisation. Quite often when faced with a heavy workload, employees may fail to double check an email, and it unfortunately only takes one mistake to allow a hacker to establish a presence in a network. This is why training is such an essential component of a comprehensive cybersecurity strategy.
At Pro-Networks, we understand the important role that training plays in securing an organisation from the various threats it faces from cyberspace. This is why we offer training sessions as part of our managed IT support services, so your staff can easily identify potential threats even during busy periods when they may normally let their guard down. We can also help you to migrate to Office 365, if you haven’t already, and administrate your account for you.