It is safe to assume that, if you are reading this blog, you have received one of those spam messages that state something like “here is your voicemail” or “see attached invoice”.
Proactive Tip #1: End-user Training
Not many people like the “T” word but training your user-base in what to look for in all incoming email can not only help them in their business life, but personal as well. Whether you go for the online training options (KnowBe4 & Proofpoint for example) or hosting a Lunch & Learn; increasing their online knowledge by an attribute point can have a lasting effect.
Proactive Tip #2: Enable Office 365 Advanced Threat Protection
For a rather small amount of money ($2 per month per user) you have the option to open up the advanced protection filters offered in Microsoft 365. Enabling the Anti-Phishing, Safe Attachments, Safe Links, and Anti-spam policies will create a rather comfortable barrier around your Microsoft 365 tenant.
Reactive Tip #1: Monitor your email domain in breaches
Troy Hunt, an independent security researcher has created a reputable website (https://haveibeenpwned.com/) where they upload data from breaches containing user identifiable content (Email, passwords, business title, etc.) for you to run a search against to see if your information has been leaked. What is great is that you can also register your email domain to be monitored; if it appears in a breach you will get a notification email.
Reactive Tip #2: Office 365 Advanced Threat Protection (Plan 2)
Increasing the above-mentioned add-on license to $5 per month per user account will allow you to send internal threat campaigns to see who’s vulnerable to spoof attacks. But the real benefit allows you to use the Threat Management explorer to hard-delete known bad emails that have already been delivered to user’s mailboxes.