2 min read

3 Tips to Secure your Organization of Email Attacks during COVID 19

These uncertain times have turned office based employees to remote workers and has now introduced new security challenges. Research by Barracuda has found that spear phishing attacks have increased exponentially since the start of the COVID-19 outbreak. In fact according to the FBI's Internet Crime Complaint Center (IC3) , cybercrime cost $3.5 billion in losses in 2019 alone, with business email compromise causing the most damages. 

Organizations must not only be educated on how to secure your email, but must also seek email cyber-security solutions to combat these threats. Here are 3 steps that organizations can take right now to reduce risks posed by email cyber criminals in the second half of 2020. 

Audit your Microsoft O365 Tenant Security

An audit of your current Microsoft Office 365 email security is time very well spent.  Often, when we initially get involved with client O365 services,  we discover that the O365 tenant settings have not been reviewed by the tenant owners.  Microsoft security settings include alerts, permissions, data governance and reporting that help you secure your email services.  We help guide our clients through these settings to find the right balance of security and productivity.  

  • Review your O365 security rules that govern basic security for the service.   
  • Check how many administrators you have in your organization that can make changes (the fewer the better)
  • Ensure that all IT personnel authorized to make changes uses a domain admin password, instead of their personal credentials
  • Prevent any rule change originating from a source address outside of your domain (this is a common way for criminals to initiate account takeovers).

Build an Organization Compliance Document

This document should provide the framework for how employees handle, share, and store sensitive data within your organization. The policy document  should address password management systems, password policies, how frequently data is backed up, and acceptable use policies for both company owned and employee owned devices, applications, and services. For some templates to start your policy please click the button below. 

Focus on Strong Protection and Monitoring Remote Workers

Post COVID-19, cyber criminal groups have shifted their attention to remote workers as soft targets. Criminals look to exploit easy to guess passwords without additional authentication through brute force techniques. Once they have access, they can elevate their rights to admin level and uninstall security solutions and then run ransomware to encrypt organization data. A proper defense is to block external geo’s and require multi-factor authentication from your remote workers. The addition of a A/D monitoring solution will also provide visibility in real time of criminals that elevate privileges to start attacks.


Contact Datalink Networks

4 min read

Is dropbox HIPAA Compliant?

HIPAA and HITECH regulations with Dropbox

Dropbox creates a secure environment and allows you to switch between a...

8 min read

A Complete NIST Compliance Checklist

A company’s security measures are essential for protecting its environment. Having a company with an unsecure network...

10 min read

What's New for Microsoft Teams in 2023?

With remote work becoming a new normal after the pandemic, digital team collaboration tools have become essential for...