Technology Decision Makers

last person joined: 4 hours ago 

A group for those in nonprofit IT decision-making roles to connect with peers and share best practices. This Technology Decision Makers group is for nonprofit IT or MIS Directors/Managers as well as CIOs and CTOs to connect with their peers and share best practices. Topics for discussion include, but are not limited to: hardware and software management, product reviews, emerging technology, best practices, collaborating effectively with other departments, and management conundrums. Membership is restricted to IT staff at nonprofit organizations.

Fellow Office 365 users: how do you deal with spam/phishing emails?

  • 1.  Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 03, 2018 15:15
    My organization has been using Office 365 Enterprise E1 licenses for email for the last 2 years.

    Recently, as in the last few months, we've noticed an uptick in spam and phishing emails getting through to the inbox. I initially chalked it up to tax season, but it hasn't really gone away since April.

    Do you have any tips or tricks, like setting a threshold level or international settings? We are compliant with SPF and DMARC.

    Is it possible we've reached the limit in terms of email filtering vanilla 365 offers, and should consider an additional protective measure?

    Thanks!

    ------------------------------
    Emilio Arocho
    Director, Technology and Digital Strategy
    Food and Drug Law Institute

    Community Organizer, NTEN Nonprofits and Data group.
    ------------------------------
    Tech Accelerate


  • 2.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 03, 2018 15:48

    Speaking of targeted phishing emails, are you providing staff information on the public side of your websites?

    CAHF/QCHF is, and I am trying to get that changed. 


    The targeted phishes are up to date and personal – and aimed at our new Accounts Payable person and the CEO and CFO.

    Do you think moving the names and titles behind the member login will help, or is it already too late?

     

    Thanks –



    ------------------------------
    Beth Camero
    Technology Manger
    Quality Care Health Foundation
    California Association of Health Facilities
    Sacramento, CA
    ------------------------------

    Tech Accelerate


  • 3.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 03, 2018 18:51
    That information may be publicly available anyway, from your IRS filings and such.

    The best thing to do is to educate the staff, and have obstacles in place. For example, at my organization, a large check or transfer cannot be made without signoff from two C-level execs. So there would be no way for a clerk to put through a wire to the CFO "on that business trip in China".

    Making folks aware that this kind of thing can happen is very important. There is no way you could imagine enough possible angles and wordings to catch it at a spam-filter level.

    We had one where the sender claimed to be the CEO, in a meeting so unable to call, but in a bind and needing money wired to Western Union and "I can pay you back when I get back from this trip". Luckily the recipients were suspicious, texted her and/or asked IT and no one wired any money.

    ------------------------------
    Cara Hart
    IT Manager
    Boys & Girls Clubs of Metro Denver
    Denver, CO
    ------------------------------

    Tech Accelerate


  • 4.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 03, 2018 18:54
    We've had good luck with Office 365's spam filtering.

    I've had to educate users that if they release it from quarantine, they shouldn't be surprised if it's spam!

    I've found MS support to be surprisingly responsive. You may want to open a case and see if they have suggestions.

    Cara

    ------------------------------
    Cara Hart
    IT Manager
    Boys & Girls Clubs of Metro Denver
    Denver, CO
    ------------------------------

    Tech Accelerate


  • 5.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 03, 2018 21:37
    Definitely agree that education, ESPECIALLY for c-suite and anyone who can access accounts, is critical, since black hats can sometimes get half a step ahead of even the best electronic defenses.

    But while we're on the topic of O365 email security, has anyone started using this offering:
    Office 365 Advanced Threat Protection (Nonprofit Staff Pricing) $0.60 user/month

    Someone at the local SharePoint User Group brought it up at the last meeting, but haven't had time to look into it yet alone take it for a spin.

    Thanks for all you do to enable your nonprofits with technology!


    ------------------------------
    Tom Anderson
    Founder
    IT4 Causes
    Midlothian, VA
    ------------------------------

    Tech Accelerate


  • 6.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 04, 2018 08:18

    At the end of the day, I think the most important defensive measure is training.

    We use Knowbe4.  There's new hire training, regular intrusion testing, remedial training for those who fail the intrusion tests.  There's also nonprofit pricing.

    We're down to about 4% vlumerability when school is in session, and 1% when my teachers are on vacation.



    ------------------------------
    Colin Boyle
    Step Up Suncoast
    Sarasota, FL
    cboyle@manateecaa.org
    ------------------------------

    Tech Accelerate


  • 7.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 04, 2018 08:23
    Enabling SPF, DMARC and DKIM are good foundational steps that you can take to help reduce the amount of spoofing and impersonation that you see. Microsoft has been adding some new capabilities into the basic version of Office 365 to help combat this. You can got to https://protection.office.com and then go to Threat Management -> Policy. This default policy provides a basic level of protection. There is some more sophisticated link scanning and attachment analysis that's in the Office 365 E5 plan.

    For some background on all of these terms and an overview of how to configure some of the settings, you can check out this video from Microsoft's Ignite Conference Office 365 ATP


    ------------------------------
    Matthew Eshleman
    Chief Technology Officer
    Community IT Innovators
    Washington, DC
    ------------------------------

    Tech Accelerate


  • 8.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 04, 2018 10:02
    Hi Emilio,
    My organization has been around longer than email, and we have a number of employees who have had the same email address for over a decade, so we get a lot of spam. We use and enterprise spam filter called AppRiver and when I just checked it, it said we're getting about 600 spam emails hitting out domain a day.  The protection that AppRiver provides in addition to the automatic filtering that Office 365 provides keeps the junkmail that hits our inboxes to a minimum, but it's a constant battle.  Appriver allows you to maintain a list of blocked domains and email addresses and we use it.

    ------------------------------
    Rob Foley
    IT Director - The Scholarship Foundation of St. Louis
    ------------------------------

    Tech Accelerate


  • 9.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 04, 2018 18:33
    Thanks to each of you for your responses! Seems like we have a few more things we can try before we look for an additional cyber-security solution. And additional staff training is definitely on the agenda 😀

    ------------------------------
    Emilio Arocho
    Director, Technology and Digital Strategy
    Food and Drug Law Institute

    Community Organizer, NTEN Nonprofits and Data group.
    ------------------------------

    Tech Accelerate


  • 10.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 05, 2018 08:29
    Hi Emilio,

    We are a MSP based in NY.  We recommend AppRiver's enterprise SecureTide as well to all our clients.  We are an AppRiver reseller and offer non-profit pricing for the product.  We also offer free security awareness online training (using case-study based videos) through our partnership with Breach Secure Now to all non-profits.  At the end of the training, your employees will get a certificate showing they have completed the training. Please contact me if you are interested.

    Thanks,

    ------------------------------
    Allen Chu
    Director of Business Development
    TeamLogic IT of White Plains
    White Plains, NY
    ------------------------------

    Tech Accelerate


  • 11.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 08, 2018 12:34
    If you notice any patterns in much of the phishing emails you get, you might be able to write a few Exchange server rules to help prevent them. We had a lot of messages with sender names mimicking our staff's names, but came from email addresses outside the organization.

    I wrote added a few rules in the Exchange server that would add text to the email when the name in the header matched Soandso's name, but came from outside the organization. That helps a lot with staff who read their emails on mobile devices where the email address doesn't show up.

    ------------------------------
    Colin Roberts
    Rainier Scholars
    Seattle, WA
    ------------------------------

    Tech Accelerate


  • 12.  RE: Fellow Office 365 users: how do you deal with spam/phishing emails?

    Posted Oct 08, 2018 12:55
    If you have DKIM, DMARC, SPF, and looked at the email parts of your O365 Security Score https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Office-365-Secure-Score-is-now-Microsoft-Secure-Score/ba-p/182358 then I'd add user training.

    Security awareness training but, more immediately, having users classify what gets through appropriately as spam helps train O365. The data the platform is collecting benefits folks who use that platform. In my experience it's kind of amazing how few staff realize you can right mouse click on a message and identify if it's spam or ham. I've seen this reduce false positives substantially.

    Best of luck and one additional plug for the secure score tool is that it's holistic and I think it can now be weighted to seat size and hopefully someday to sector/vertical.
    --ken
    Ken Montenegro
    Gender Pronouns: he/him
    Information Technology Director
    Asian Americans Advancing Justice | Los Angeles

    1145 Wilshire Blvd  Los Angeles, CA 90017
    T: (213) 977-7500 (213) 241-0219
    C: (323) 545-4904
    F: (213) 977-7595
    advancingjustice-la.org
    Building upon the legacy of the
    Asian Pacific American Legal Center




    Tech Accelerate