Security Enhancements

Techdoz, your Managed Service Provider, has completed security enhancements to your organization’s Microsoft 365 environment to ensure your business is as secure as possible. We are taking an aggressive approach to ensure you are ready for the future.

Below are the features and settings that we have activated and ensured are configured properly for your business.

Quarantined Messages

Microsoft 365 has filters in place to protect users from spam and malicious email like phishing scams. Messages caught by the filters are automatically placed in quarantine.  Users will receive a Spam Notification message once a day, notifying them of any messages that have been placed in quarantine. Any legitimate mail caught by mistake can be released directly from this message (see screenshot below).

Safe Links

Safe Links is a feature of Microsoft’s Advanced Threat Protection which is designed to protect users from phishing attempts and malicious software. Safe Links works by analyzing any non-safe listed links for known malicious sites. If a URL is identified as suspicious or malicious, you might be blocked from opening the URL. Instead of going directly to the site, you might see a warning page. End users can see the original URL in a window when they hover over the hyperlink (see screenshot below).

Organization Branding

Many phishing messages are designed to target Microsoft 365 users. Often, clicking on a link within such a message will take users to a fake sign-in screen designed to steal the user’s credentials. If the user knows that the authentic sign-in screen contains the company logo, then the odds of a non-targeted phishing attack succeeding in getting a user to enter their credentials go way down.

The other reason why branding a Microsoft 365 account might be helpful is that it can remind users which account they are signing into. Many users have both personal and corporate Microsoft 365 accounts. Branding an account might help to prevent user confusion. If you can stop users from entering the wrong set of credentials, you may be able to help prevent account lockouts.

To help your organization combat this, the following changes will be seen when authenticating into Microsoft 365 in the coming days:

  • A background Image representing your business.
  • Logo of the business replacing Microsoft Logo
  • A simple IT support disclaimer to reach out to Techdoz as needed.

Attackers are getting better at recreating the Microsoft Office 365 login screen, so it becomes harder for non-technical end-users to detect phishing sites. But with these changes in your company branding, staff are easily able to recognize the fake login screens and take necessary measures immediately.

External Email Tagging

DISCLAIMER: Depending on your organization, this feature may not be enabled due to internal policies.

Adding a disclaimer to emails helps to mitigate risks for the organization to provide clarity to the recipient as there could be potential risks with the content of the email, we can add an exception to the rules for replies and forwarding if your company requires this.

In the last few years we have seen many businesses of all sizes fall victim to cyber-attacks and 2024 is no different. One such method is spoofing/phishing emails. Phishing is an attempt to steal personal information or break into online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing email might look like it’s from your bank and request private information about your bank account.

Effective immediately all new external email that is received by staff will now contain a warning outlining the source of the email as external. This feature is being included to help staff filter unnecessary spam and to avoid spoofing of internal email addresses. An example of this banner being effective would be if an external user spoofs an email as HR asking for updated banking information, with the banner this internal user would know right away that this is not the internal HR email.

Always Be On The Lookout

What is Phishing:

Phishing is used most often by cybercriminals because it’s easy to execute and can produce the results they’re looking for with very little effort. Fake emails, text messages, and websites are created to look like they’re from authentic companies. They’re sent by criminals to steal personal and financial information from you. This is also known as “spoofing”.

What it does:

Trick you into giving them information by asking you to update, validate or confirm your account. It is often presented in a manner that seems official and intimidating, to encourage you to take action. Provides cyber criminals with your username and passwords so that they can access your accounts (your online bank account, shopping accounts, etc.) and steal your credit card numbers.

What Can You Do:
Always be on the lookout. See below for ways to watch for these types of emails. If anyone has any questions both work-related or personal concerning phishing or how to stay protected please feel free to reach out by email (support@techdoz.ca)

As a Techdoz Managed IT Service Client you have exclusive support channels for your business.

Please do not hesitate to reach out with any questions you may have on our updated security enhancements.