Phishing attempts have continued to be on the rise year over year, and educational entities are equally targeted by these malicious sources as their commercial counterparts. In fact, recent polling has shown that the industries at the greatest risk currently are education, consulting, and entertainment.
Academic institutions house a large amount of sensitive data including: student and employee personal data (credit cards, social security numbers, addresses, etc.), research data, financial data, and much more. Schools need to ensure that their security posture is developed in such a way as to limit the potential of these intrusions in order to avoid a breach of sensitive information. Data shows that each security breach is now incredibly costly. With all of the recent changes to data security compliance (such as GDPR), network and identity security are at the forefront of IT concerns.
ScholarBuys has a wealth of experience in consulting academic institutions on security software, whether it is focused on the endpoint or on network and identity. We also understand that a more holistic approach is often the best path to a successful and impactful security posture in today’s age of technology. This means not only addressing the issue from a technology perspective, but also from an end-user training perspective. Regardless of where you want to begin, ScholarBuys can provide guidance and affordable solutions to fit every customer’s needs and current technology environment.
In today’s case study, I wanted to focus more specifically on email security and how the use of Microsoft’s Advanced Threat Protection (ATP) for Exchange Online has significantly increased Colorado College’s confidence in their security compliance and ability to combat malicious content being blasted to their end users.
Higher Education Account Executive
Colorado College is a liberal arts institution in Colorado Springs near the foot of the Rocky Mountains, with a rich history full of proud tradition and progressive culture. The mission of Colorado College is to challenge students, one course at a time with unique Block scheduling, to develop habits of intellect and imagination that will prepare them for learning and leadership throughout their lives. With unparalleled access to the outdoors, students at Colorado College are no strangers to the adventurous spirit that flourishes in the Rocky Mountain West.
My security conversation with Colorado College began in earnest near the beginning of the 2018 calendar year, where announcements around GDPR compliance were beginning to take shape. Jeff Montoya – Colorado College’s Information Security Engineer – was tasked with a project investigating what steps their institution needed to take to ensure security compliance.
Through several conversations, it became apparent that there were areas in which he wanted to improve Colorado College’s approach to security with some of their platforms hosted online (such as Exchange for email). This lead us to exploring their current security landscape, and as a Microsoft shop using Exchange it made sense to dive into Microsoft’s current offerings. To address more immediate concerns, we began on the email side of house with Advanced Threat Protection for Exchange Online. This can be procured as a standalone offering, or as part of a larger suite of solutions in Office 365 Plan A5. Something that specifically made this attractive is that Microsoft allows for free student licensing for ATP at a defined ratio with paid employee licensing under Student Use Benefit, as long as you elect to cover 100% of your employees with the solution.
Really the business need that drove Jeff’s need was the sheer volume of phishing emails they were being peppered with.
“We needed to address the amount of phishing emails we received over the last year. Higher education seems to be getting hit more frequently with phishing and spoofed emails in attempts to get credentials or financially impact our institution.”
After working through the licensing with ScholarBuys and how to best outfit their environment, Jeff and his team were able to effectively roll out the solution and saw immediate positive impacts.
“It has reduced the amount of phishing emails and with ATP Safe Links we can confirm embedded URLs are reputable.”
Another benefit that was realized is ATP’s simplicity:
“ATP has been easy to set up and manage. It was a simple process to configure policies. The long term impact has yet to be determined but it has seemed to reduce the attempts to phish our staff, faculty and student population.”
ATP for Exchange Online compliments the security inherently included in Exchange Online Protection and allows you to protect your email, files, and online storage from sophisticated attacks in real time, and is specifically designed to combat phishing attempts and unsafe attachments. This results in better zero-day protection in a world where phishing attempts are increasing exponentially.
ATP is founded on two principal technologies:
- Safe Attachments prevents malicious attachments from impacting your messaging environment, even if there are unknown signatures. All content that is deemed to be suspicious will go through a real-time behavioral analysis that leverages machine learning technology to evaluate the content. Any unsafe attachments are sent to a detonation chamber prior to being passed along to the recipient.
- Safe Links provides time-of-click protection by rewriting the URLs to go through Office 365 while the content is being scanned. If a link is deemed unsafe, the user is notified that they should not visit the site (or the site is blocked). Detailed reporting is available for administrators to assist them in tracking who clicked suspicious links – which can provide a flag for users that perhaps need additional security training.
- Internal Safe Attachments: this feature scans internal email attachments using the detonation chamber, to protect users from attachments which may have been sent from internal compromised accounts (unique to Microsoft’s ATP solution)
- Internal Safe Links: this enables time-of-click protection and functionality of Safe Links for intra-organization emails, protecting users from unsafe URLs sent from internal compromised accounts (unique to Microsoft’s ATP solution)
- Dynamic Delivery of Attachments: this feature provides the ability to deliver email to the user without delay, and provides a preview of the attachment while it is being scanned by the detonation chamber for potential malware.
- URL Detonation – this feature detonates URLs in the detonation chamber to proactively block malicious URLs
- Safe Links for Office Applications – this feature provides URL protection for URLs encountered in Word, Excel, and PowerPoint (including mobile clients)
- ATP for SharePoint Online, OneDrive for Business, and Teams: this feature uses the Safe Attachments detonation chamber to scan documents uploaded into SharePoint Online, OneDrive for Business, and Teams.
ATP is of course just one piece to the overarching security puzzle, but significantly improves IT’s ability to manage the influx of malicious email that your users are receiving on a much more frequent basis than in the past. We did not come to this decision overnight, but after numerous conversations with ScholarBuys we were able to find a starting point to begin addressing the overall security posture at Colorado College.