Everyone uses Microsoft 365 for email – well, not everyone but most individuals and businesses. And as a showpiece of Microsoft software, it must be secure, right? Not necessarily. It depends on the security measures that a user implements to prevent potential data and email breaches.



A recent IT survey concerning Microsoft 365 security was conducted in the UK involving approximately 420 businesses from a range of industry sectors. Of these, 23% – that’s 1 in 4 – claimed that they had suffered an email security breach in 2020. 36% of these breaches were the result of phishing attacks, targeting what some say is the weakest point of any security system, the infamous end-users.




Phishing is arguably one of the most dangerous and exploitative form of cyber-attack out there. It involves applying manipulative social engineering to unsuspecting users, duping victims into opening an email, instant message, or text message. Ultimately, the cybercriminal wants to steal personal data such as login credentials, credit card numbers and identification data. The reasons are obvious. If a user isn’t on their guard, they can easily be fooled into thinking that the email comes from a trusted entity such as PayPal, eBay or Amazon. Clicking on a malicious link can have devasting and life-changing consequences. Computers can be hijacked through ransomware, massive unauthorized purchases can be made and identities stolen, never to be recovered.




Going back to the Microsoft survey, 62% of the respondents stated that breaches were caused by compromised passwords and email phishing attacks. Can Microsoft 365 prevent these breaches from occurring? To add that extra layer of security, you need to implement Conditional Access rules plus Multi-Factor Authentication (MFA). This prevents users from logging into their accounts from unsecured networks. Of the respondents, 54% had not applied Conditional Access while 33% were not using MFA mechanisms.




Of those surveyed, 68% said that they expect Microsoft 365 to keep them safe from all email threats. However, the disconnect is that 50% of all respondents use third-party cybersecurity solutions to supplement email protection. It is believed that gateway platforms such as those offered by Mimecast, Cisco, and Forcepoint are 82% effective in preventing an email breach.

82% IS NOT 100%


As the headline reads, 82% is not a guarantee. If you have any doubt over the integrity and security of your email systems, don’t hesitate to contact Zhero. We have over 20 years of experience in cybersecurity and IT risk mitigation for businesses. We will implement best-of-breed third-party solutions and train your employees so that they don’t fall prey to email hacking. Remember, at Zhero, we love IT and we love what IT can do for people.