Office 365 is a must-have software for all industries in today’s world. The ease of use and value of Office 365 applications are great for users on both the individual and business end. The subscription-based service allows individual users access to Microsoft apps such as Microsoft Office. For businesses Office 365 it offers a bit more. Email and social networking services essential in 2017, along with Skype for business, SharePoint, and Office Online are invaluable communication tools in the business environment. However, Office 365 is an out of the box software that lacks customization and enhanced security that could lead to potential problems for its clients.
One of the critical downfalls of Office 365 is that it lacks support for branding the login page. Why is this a major problem when it comes to security? It is almost daily we hear of a major organization being breached by outside hackers even though they believe all the necessary security is in place, such as firewalls, to prevent that from happening. Phishing is a popular tactic used by cyber hackers for getting organizations’ confidential information. Schemes usually involve some sort of email sent to users claiming that something is wrong with their Office 365 account. Next, the hackers will conveniently provide a link that takes the user to something that looks identical to the Office 365 login page. Since Office 365 lacks support for branding the login page, users are easily coerced into giving their login information away as this page looks no different than their typical login page. This could be easily avoided with enhanced customization on Office 365 login pages.
Since there isn’t an option for customization, phishing runs rampant on Office 365 users. Some employees brush off the needed customization as “they can recognize phishing attack miles away”, but most people working at their desk daily aren’t savvy enough to tell the difference. All users at any company can be phished and risk the well-being and stability of that company. It usually only takes one misstep for millions of people to have confidential information breached. To see what an Office 365 phishing email looks like, check out this article.
How can this flaw in Office 365 be mitigated? A rather simple and logical answer is to engage with a third-party vendor to allow customizable branding for the login page. Doing so will allow the login pages to be unique, thus making it far more noticeable to a user if something is visually different. For example, the typical login page for Company Z has a green background with Company Z logos plastered all over it. If an employee of Company Z were to receive a phishing attempt email that directs them to an Office 365 login page that has a purple background and just the Office 365 logos, the employee should realize something is questionable. If Company Z customizes their Office 365 login page, the chance of getting hacked diminishes greatly.
According to this article security company, AppRiver has collectively seen over 100 million phishing attack attempts targeted directly at Office 365 users in 2017 alone. Over 100 million attempted attacks just this year, on just one service! Incredible, but true. It should now be quite clear that any security advantage for Office 365 would be helpful and worth the investment. What better than adding a customizable login page feature that would make many phishing attempts obsolete due to how different each login page would be.
The reason why it is challenging for hackers to crack down on customizable login pages is because there isn’t any commonality between organizations login pages. As of now, there is only one style for the out of the box Office 365 login page and that makes phishing incredibly easy. Hackers only must duplicate one page which can lead to countless passwords in the wrong hands. Luckily PortalGuard, a third-party vendor, has the solution to offer. PortalGuard frequently integrates with Office 365 and allows a large amount of customization on their Single Sign-on page which acts as a secure front door. This amount of available customization makes it highly unlikely that an Office 365 user will fall for a phishing scam. PortalGuard also comes equipped with self-service password rest, two-factor authentication, contextual authentication and many other features.
Check out PortalGuard for all your Office 365 security needs!