Empowering your employees to easily notify IT
security personnel of a phishing attack requires an Exchange rule. This
tutorial explains how to set one up.
In general, IT cybersecurity experts agree that
when it comes to enterprise phishing emails, the most effective defense, and
the only one that will inevitably stop such attacks, is a well-trained and
educated workforce. While technologies like artificial intelligence and machine
learning may stop many phishing emails from getting through to user inboxes,
those tech solutions cannot overcome the careless click of a malicious link by
one of your employees when the technology fails.
As we have mentioned before,
a 2018
report shows that about 50% of an enterprise's
computer using employees will click on a link sent via email from an unknown
user without first thinking of the potential consequences. To overcome this
lack of urgency so prevalent amongst users, IT professionals should task the
entire workforce with the responsibility of immediately reporting phishing
emails when they are uncovered.
The Office 365 add-in, Report Message, allows
Outlook users to report a phishing or other suspicious email with the click of
a single icon on the standard Office Ribbon interface. However, by adding a new
rule to Microsoft Exchange, admins can also receive a copy of the report—with
no additional effort on the employee's part.
This how-to article explains how
to set up a rule in Exchange that will piggyback on Report Message to notify
the proper IT security team in your organization that a phishing email has been
reported.
Set up the Rule
Creating or modifying rules using
the following technique requires Exchange Online Administrator authentication
status. This tutorial also assumes you have installed and enabled the Report Message add-in for
Outlook. (Check out the previous article for details.)
Open the online portal to Office
365 and logon with administrator credentials. Navigate to the Admin Center and
then open the Exchange Admin Center submenu. Click the Mail Flow link in the
left navigation bar. You should see something similar to Figure A. (Note, the
example has no rules yet.)
Click on the Plus button to create a new rule.
Name your new rule (Phishing Submission) and then open the Apply this rule if dropdown
box. Choose the entry: The
recipient address includes. Add these two email addresses to the
list as shown in Figure B.
In the Do the following box, choose
the Bcc the message to entry and add the appropriate security
administrator or team as designated by your intrusion detection policy. Set
the Audit this rule with severity level to medium, as shown
in Figure C and click Save.
Figure C
Once this rule is established, whenever an employee
reports an email using the Report Message add-in, the appropriate security
personnel will receive a copy of the message automatically. This will allow
your security teams to act swiftly and decisively to mitigate and counteract
phishing attacks in accordance with your enterprise's policies.
No comments:
Post a Comment