make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

3 Reasons You Should Enable Audit Settings for Outlook

07/16/2018  |  By: Brian Goff, Director of Incident Response

Share

Social Logo Social Logo Social Logo Social Logo

Take a moment to think about how much of your company’s business happens through email.

A lot. Right?

For many companies, email serves as the hub around which all other business activities occur. It’s simple, quick, and convenient. But, it can also be dangerous, as it can be an entry point for malicious users or an inadvertent storage location for sensitive data.

There are several things you can do to better secure your company’s email, but one of the least utilized (and most important) is email auditing. Here are 3 reasons you should enable audit settings for Outlook.

1. Email is a common starting point for phishing attacks.

It’s Security Awareness 101: “Don’t click links from unfamiliar senders.” But, what if the link is coming from a trusted address? Hacking into a trusted email account gives a threat agent instant credibility that can be easily exploited with all other users on your network. Maintaining message audit logs can help you determine if a malicious user has infiltrated your network by providing information about where the user logged in from as well as what actions were performed after the login.

2. Sensitive data often resides in user inboxes.

It’s against best practices, but it happens nonetheless. There’s likely sensitive data in your users’ inboxes, whether they intended to put it there or not. And, if a threat agent gets access to that inbox, he has instant access to the data contained within. So, if you can’t keep users from storing information there, you should at least implement tools to help determine if a threat agent is accessing that data.

3. During a breach, knowledge is power.

If a malicious user infiltrates your network, the more knowledge you have, the better. Message audit logs can help you keep watch over user email activities, giving you visibility into the following details:

  • Geographical location of email logins
  • The service used to login (OWA, SMTP, etc.)
  • Creation of new messages
  • Deletion of messages
  • Movement of folders
  • Sending of messages
  • Whether objects/attachments were viewed

With information like this, you can identify potentially phishy (pun intended) user behavior that may indicate a breach. Unfortunately, many organizations don’t utilize message audit logging because they don’t know about it. This is unfortunate, because the details provided in these logs can be crucial in identifying potentially malicious user activity.

Mailbox audit logging should be managed just like any other logs you maintain. Ideally, these logs will be filtered into a Security Information and Event Manager (SIEM), where you can view them for anomalies or potential issues. If you’d like to enable mailbox audit logging at your organization, here are some simple guides from Microsoft that can show you how.

Click here to learn how to enable mailbox auditing in Office 365.

or 

Click here to learn how to enable mailbox audit logging in Exchange 2016.

But, if you’d prefer a simpler solution or simply don’t want the hassle of maintaining the logs yourself, click here to contact us and learn how LBMC Information Security’s Managed SIEM Service can help.

Tagged with: Outlook audit settings
3 Reasons You Should Enable Audit Settings for Outlook

Related People