Staying Safe With Office 365

Increasingly, cloud services are being targeted by hackers who wish to gain access to your email accounts or target individuals in your organisation for fraudulent purposes.

Below are some items you may wish to consider enabling for your organisation.

If you are using Office 365 for your email, we can enable multi-form factor authentication for your accounts. This means that when a user logs in to Office 365 in the cloud, they are required to not only use their password but verify who they are by either approving the connection on an app on their phone, entering a code sent to them by text or by phone call. This means that even if the users password is compromised the hacker would need the second authentication method as well to gain access to the account. This is free to enable in Office 365. Some configuration and labour is required to enable it on the accounts and on your mobile devices. We charge a fixed price of 15 minutes labour time per user, to reconfigure their local Outlook, mobile phone, and enable the settings on the account.

This helps protect against instances where a user may reveal their password online on an incorrect form, or by clicking on a link that is not really an Office 365 login, but a hacker trying to gain credentials. Also, many users use the same password for multiple sites, if a password is compromised with one provider and it’s the same as Office 365 this may also be problematic.

We also recommend a product from Microsoft called Advanced Threat Protection.

https://products.office.com/en-gb/exchange/online-email-threat-protection

It’s £1.51+VAT per user per month and I would recommend enabling it for all users in the organisation. It provides actionable insights help identify, prioritize, and provide recommendations for addressing potential threats such as phishing and malware and proactively securing your organisation from attacks.

Another common threat is when someone masquerades themselves with a  similar email address for example; daniel.shone@ap3xcomputing.co.uk (note the e has been replaced with a 3) which could be registered, that would not show up as suspicious and if the users doesn’t verify it could be problematic. If requested we can enable a mail rule on Office 365 so that whenever an email comes in from someone external to the company it puts in the subject line *EXTERNAL* that way it’s easy to see if it’s someone masquerading as an external user.

The best protection against these kind of problems is training. We can also offer online training for end users. We can offer an online training portal that is GCHQ certified where end users complete multiple choice questions and get interactive training on how to be Cybersafe. This product is called Mitigate and is priced at £6+VAT per user per month.

We would recommend a backup product for all customers that use Office 365 called Datto. It’s an add on to Office 365 and it costs £2.40+VAT per user per month.

It backs up all of the data in a user’s mailbox, but also backs up other parts of their Office 365 account.

Microsoft will replicate all your information to multiple servers in multiple Microsoft data centres. This ensures that users can readily access their account the event of a failure that affects one of the servers. Outside of this core system protection, when you delete an email for example, it will go into the “Deleted Items” folder and when this is emptied it will move into “Recoverable Items” folder for a short time. If you then need this email back and you are within the time window, you can recover the email. Outside of Office 365’s core backup process, there is no real mechanism to back up a mailbox other than utilising the recommended approaches of Deleted Item Recovery and Recovered Item Recovery and this is where Datto SaaS Protection fits in.

Having Datto SaaS Protection for your accounts will cover you against the following risks:

  • Unintentional deletion – sometimes, for example when a user declutters their mailbox, some important emails can be deleted by mistake. If this then falls outside of Microsoft retention period, there is no way to retrieve the email.
  • Intentional deletion – probably nobody likes to think about this option, but it is possible for employees to delete important emails on purpose. Depending on when this is realised, there could be no way to get the email back.
  • Hardware malfunction or system crash – accidents happen, and sometimes, for no apparent reason, data stored in emails can get corrupted or beyond repair. In some cases Microsoft engineers can get the data back, however this is often a lengthy process and with no guarantee.
  • Malicious software – cybersecurity market is doing its best to protect computers from viruses and other malicious software, but there is always a chance that a virus takes its toll.

Having Datto SaaS Protection enabled is also important for customers who utilise SharePoint and OneDrive. It also has the following advantages:

  • Admins can take any additional backups at any time which is something Microsoft does not do.
  • Datto SaaS Protection does not have a limit on retention times so backups are easily restored.
  • Datto will backup Office 365 files multiple times per day – This includes OneDrive files and folders, Exchange Email, SharePoint, Contacts and Calendars.
  • Datto can restore files, emails and calendars to the end user or to a different location if needed.
  • Datto has built in data encryption.

Datto SaaS Protection, like the cost of your Office 365, is subscription based. The cost to enable this on each Office 365 account is £2.40+VAT per account, per month.

We are now assisting our customers to gain the government backed accreditation for Cyber Essentials.

This helps protect your organisation against cyber-attacks and the most common cyber threats. It also demonstrates your commitment to Cyber Security to your customers.

It can help you to:

  • Reassure customers that you are working to secure your IT against cyber attacks
  • Attract new business with the promise that you have cyber security measures in place
  • Have a clear picture of your organisation’s cyber security level
  • Comply with Government contracts requiring Cyber Essentials certification

We work with an approved accreditation agency called Xyone and will be offering an online Webinar regarding Cyber Essentials on Thursday 2nd May at 10am.

https://www.cyberessentials.ncsc.gov.uk/

You can find out more about it on the link above.

There are two levels of Cyber Essentials accreditation available:

Cyber Essentials: This is completed internally with Apex Computing’s help, in the form of a self-answer questionnaire which is then accredited by Xyone.

Xyone charge £300+VAT for the accreditation

Cyber Essentials Plus: This has the same criteria as Essentials, but it is independently audited onsite by a team of specialists from Xyone.

Depending on the size of your organisation Xyone charge £1500+

In addition to Xyone’s charge, there will be a support charge from Apex Computing to help get your organisation ready for the accreditation. This may include making changes to your systems and processes to bring them in line with compliance for the accreditation.

Cost of support from Apex Computing for Cyber Essentials: £955+VAT

This cost is for our support in preparing your systems for the Cyber Essentials Questionnaire and making you compliant. Any minor changes that are required to make your company compliant for Cyber Essentials would be completed as part of this process.

Cost of support from Apex Computing for Cyber Essentials Plus: £1365+VAT

This cost is for our support in preparing your systems for the Cyber Essentials Plus external Audit and making you compliant. Any minor changes are required to make your company compliant for Cyber Essentials Plus we would completed as part of this process. We would also have an engineer onsite to assist on the day the examiners visit to carry out the audit.

For either accreditation, any larger compliance requirements would be quoted for separately and may incur additional costs.

To register for the Webinar to get more information:

https://www.eventbrite.co.uk/e/webinar-what-is-cyber-essentials-certification-are-you-ready-manchester-tickets-53300842254