Take a moment to think about how much of your company’s business happens through email.
A lot. Right?
For many companies, email serves as the hub around which all other business activities occur. It’s simple, quick, and convenient. But, it can also be dangerous, as it can be an entry point for malicious users or an inadvertent storage location for sensitive data.
There are several things you can do to better secure your company’s email, but one of the least utilized (and most important) is email auditing. Here are 3 reasons you should enable audit settings for Outlook.
1. Email is a common starting point for phishing attacks.
It’s Security Awareness 101: “Don’t click links from unfamiliar senders.” But, what if the link is coming from a trusted address? Hacking into a trusted email account gives a threat agent instant credibility that can be easily exploited with all other users on your network. Maintaining message audit logs can help you determine if a malicious user has infiltrated your network by providing information about where the user logged in from as well as what actions were performed after the login.
2. Sensitive data often resides in user inboxes.
It’s against best practices, but it happens nonetheless. There’s likely sensitive data in your users’ inboxes, whether they intended to put it there or not. And, if a threat agent gets access to that inbox, he has instant access to the data contained within. So, if you can’t keep users from storing information there, you should at least implement tools to help determine if a threat agent is accessing that data.
3. During a breach, knowledge is power.
If a malicious user infiltrates your network, the more knowledge you have, the better. Message audit logs can help you keep watch over user email activities, giving you visibility into the following details:
- Geographical location of email logins
- The service used to login (OWA, SMTP, etc.)
- Creation of new messages
- Deletion of messages
- Movement of folders
- Sending of messages
- Whether objects/attachments were viewed
With information like this, you can identify potentially phishy (pun intended) user behavior that may indicate a breach. Unfortunately, many organizations don’t utilize message audit logging because they don’t know about it. This is unfortunate, because the details provided in these logs can be crucial in identifying potentially malicious user activity.
Mailbox audit logging should be managed just like any other logs you maintain. Ideally, these logs will be filtered into a Security Information and Event Manager (SIEM), where you can view them for anomalies or potential issues. If you’d like to enable mailbox audit logging at your organization, here are some simple guides from Microsoft that can show you how.