This is Part 3 of 4 in our awareness series on Microsoft 365 and cybersecurity for small to medium-sized businesses in South Africa. Read Part 1 and Part 2.
We covered in Part 2 the importance of patch management for not only Microsoft 365, but every device, network, and OS across your business ICT infrastructure.
Today, we look at advanced tactics that can form the second-layer of defence in your cybersecurity arsenal against ransomware.
We cover shielding your network with filtered DNS, keeping employees safe with Microsoft SmartScreen, and leveraging Advanced Threat Protection to keep harmful attachments out of your company email.
Let’s take a look:
Domain Name System (DNS) Filtering
Some businesses use DNS to prevent employees from accessing certain types of websites on the company network. For example, social media platforms, gambling, online gaming, torrenting, and adult content. Alongside, DNS can also be utilised to filter/block websites that may carry ransomware and subsequently inflict damage on your Microsoft 365 systems.
Blocking can work two ways:
- By blocking a request when a person attempts to directly access a harmful website via a web browser or app.
- Or, if ransomware is already inside the company, by blocking attempts by ransomware inside the organization to “phone home” outside the organization.
When a device on the network requests a site identified as a ransomware source, the DNS provider prevents access. Instead of a fresh serving of malware, you see a notification that the requested site is blocked, often with a suggestion to contact a network administrator if you believe the site to be filtered/blocked in error.
Read More:
What is DNS Filtering and How Does It Work?
Actionable Tactic:
Switch to a DNS service that actively monitors and blocks known malware sites to reduce the risk of ransomware against your company and Microsoft 365 systems.
Microsoft Defender SmartScreen Policies
Microsoft’s SmartScreen filters work to block harmful sites and downloads at the browser level (much like a DNS provider can at the network level).
The system calculates a risk score, based on a variety of factors, then warns the user of potential harm.
An administrator can configure Microsoft SmartScreen to act either as an advisor or a blocker. When set as an advisor, a person will see a warning when either visiting a potentially harmful site or downloading a potentially harmful file. But the warning can be ignored.
Actionable Tactic:
To ensure that SmartScreen filters are active, have your IT company configure three group policies:
- Configure the SmartScreen filter setting to turn SmartScreen on.
- Prevent bypassing SmartScreen prompts for files.
- Prevent bypassing SmartScreen prompts for sites.
Advanced Threat Protection for Email
Ransomware payloads are often delivered by email.
“Here’s the file you need,” reads the text of the email – with an attachment. Too often, an employee opens the file – and realizes later that it really wasn’t a needed file, but instead a malicious app.
Microsoft 365 gives administrators the ability to block any of nearly 100 different file types. According to a Microsoft Security Intelligence Report, the file types most often blocked by Office 365 Advanced Threat Protection were malicious Word (.doc, .docm), JavaScript (.js), and executable files (.exe, .scr, .com, .pif, .cpl).
You may also block attachments for specific sender or recipient users, groups, or domains. In a school setting, for example, you might choose to prohibit attachments among students, but allow attachments among staff.
Actionable Tactic:
Use Microsoft’s Advanced Threat Protection settings to automatically block email attachments and files likely to be harmful.
Start by editing the default configuration or add additional screening criteria. A core set of executable files that should be blocked by default include: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, and .vbs.
In addition to these defaults, you might also block the following types: .js (JavaScript file extension), .cpl and .pif, to protect against the most common concerns.
Ready to Implement These Tactics for Robust Business & Microsoft 365 Protection?
iSite Computers is here to help.
We are an official Microsoft Partner and a managed IT services provider.
We help small to medium-sized businesses in South Africa with everything from setting up and migrating to Microsoft 365, management and maintenance, cybersecurity, backup, and recovery, as well as employee training.
We offer free, no-obligation consultations on Microsoft 365 and more. Book your consult online and we’ll call you back soon – or contact us directly to get started.
0 Comments