5 questions you should be asking your IT team about Phishing

Fraudulent Microsoft365 emails and employees clicking on phishing emails could be a significant GDPR risk. The consequences of a security breach are greater than ever, with increasing costs to recover businesses each year. Checking with your IT team the following measures are in place can help decrease your likelihood of a data breach.

1. Do you audit Office365 regularly for security compromises?

Checking for security compromises regularly is important. We recommend a quarterly audit at a minimum, or monthly audits as best practice. This helps your business identify any breaches which could be lying dormant in your system.

2. Do you enforce additional security features such as Multi-Factor Authentication?

There are a multitude of security features which can be added, including conditional access and attack surface reduction. Ensure this is enforced across the estate to add an extra layer of security.

3. Do you know what personal data is within your Office365 tenant?

This is important to understand what information could be exposed if an attacker gains access via a phishing email. Information such as passwords, bank details, date of birth or medical data could be used by cyber criminals to clone an identity.

4. Do you regularly check the security setup of your Office365 tenant?

We recommend checking the security set up at least four times per year, or monthly checks as best practice.

5. Do you train your employees on the risks of phishing emails? 

The biggest cause of successful phishing attacks is due to human error. Training staff regularly and performing phishing simulations can decrease your chances of a breach.