It will come as no surprise that the threats from hackers, phishing, ransomware, and spambots has increased dramatically over the past few years. In 2023 we addressed the security at the desktop by implementing SentinelOne EDR as part of our MSP standard (It was rated the #1 EDR product in 2024). This past year we have been working on new standards to secure our clients cloud services. Some of the improvements are the implementation of required two-factor authentication (2FA), disabling of legacy insecure protocols, improved auditing, and email authentication services. Entering 2025 we will be implementing the next steps in our security improvement plan for our clients.

Improvements rolling out now (Q4, 2024)

External Email Tagging

The most visible of the changes is the labeling of email from outside your organization with an ‘External’ tag in Outlook. This message will replace the ‘Outside organization’ banners in the body of emails as hackers have found ways to remove that warning.

First Time Sender Alerting

To help identify spoofed internal emails a new banner will show in Outlook if you have not received an email from the sender before. This is to protect against hackers changing the display name to an employee in phishing emails.

Man-in-the-Middle Microsoft 365 Protection

One of the most common ways hackers get into your organization is by having employees log into a fake Microsoft 365 login page, stealing their credentials and bypassing 2FA protections. We are implementing verification checks, that if not passed, will overlay potential fake login pages with the below colors and text to alert users to the hack attempt.

Other improvements

In addition to these alerts we have also implemented auto expiring guest access to SharePoint sites, the automatic enabling of online-archiving (for Exchange 2 licensed accounts), and backing up of Microsoft 365 Teams data for all clients with cloud backups (no additional cost).

New Security Standards for 2025 

With the increase of ransomware and AI generated attacks we will be updating our standard security requirements to require Defender for Microsoft 365 for all email accounts by March of 2025. While there is an increased cost for the Microsoft licenses it is much less than the price of a successful attack on your organization. This license will allow for the following protections for your Microsoft 365 tenant.

Improved Spam Filtering

Enhanced content filtering of email messages will lower the amount of spam in that reaches your inbox and also allows us more control over what to filter.

Safe Links

Safe Links scanning protects your organization from malicious links that are used in phishing and other attacks. Specifically, Safe Links provides URL scanning and rewriting of inbound email messages during mail flow, and time-of-click verification of URLs and links in email messages, Teams, and supported Office 365 apps.

Safe Attachments

Safe Attachments uses a virtual environment to analyze attachments in email messages before they’re delivered to recipients (a process known as detonation).

Zero-Hour Auto Purge

Zero-hour auto purge (ZAP) is a protection feature that retroactively detects and neutralizes malicious phishing, spam, or malware messages that have already been delivered to your inbox in real-time. This protects against previously unknown threats that were not detectible at the time of initial email delivery.

Improved Impersonation Detection

Protection from both domain and user impersonation attempts.

• Domain impersonation: Contains subtle differences in the domain. For example, lila@ćóntoso.com impersonates lila@contoso.com.
• User impersonation: Contains subtle differences in the email alias. For example, rnichell@contoso.com impersonates michelle@contoso.com.

Coming in 2025

Enhanced Backups & Disaster Recovery (Q1)

We are in the process of the implementation of multi-tiered immutable backups for all our clients who utilize our cloud backup service. There is no additional cost and no action is needed. These are backups that cannot be poisoned by ransomware and are not accessible over the Internet (even by us) to keep them from being modified or deleted.

SOC / MDR Services (Q2-Q3)

We continually evaluate new security technologies and services to see what would benefit our clients . We are in the process of evaluating multiple vendors that provide enhanced 7x24x365 services that would allow us to collect realtime information from various datapoints (SentinelOne, Firewalls, Microsoft 365, etc.) into one central location to allow us a better view of the ‘big picture’. These services enable us to implement AI driven actions such as locking suspected breached accounts in seconds, auto password reset when hacked account credentials shows up on the dark web, detecting suspicious log ins based on behavioral analysis, ransomware exfiltration protection, access to an incident response team around the clock, and much more. These types of services are what is in use in hospitals, governments, and Fortune 500 companies. If we determine that a vendor meets our requirements we will offer it as as an optional enhanced security service for our clients.

-Tim