Microsoft 365 email data breaches take center stage amid work from home in a new report

According to the software company Egress, 85% of organizations using Microsoft 365 have experienced an email data breach.

remoteworking.jpg

Image: GettyImages/Westend61

Over the last year, organizations worldwide have adopted remote work policies to mitigate the spread of COVID-19 in-house. During this time, companies have tapped virtual collaboration tools to enable remote operations with varying degrees of success. On Wednesday, software company Egress released a report titled "Outbound email: Microsoft 365's security blind spot" highlighting email data breaches and IT frustrations during the coronavirus pandemic.

SEE: Security incident response policy (TechRepublic Premium)

"Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see," said Darren Cooper, chief technology officer at Egress. "We can't ignore the risk of email data loss from Microsoft 365 and the limitations of static DLP solutions to mitigate the outbound email security risks that organizations face today."

"Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk," Cooper continued.

Over the last year, the vast majority of organizations (85%) that use Microsoft 365 have experienced an email data breach, according to data security company Egress. The company said that WFH has "exacerbated" email data breach risks and this has "intensified for Microsoft users, with 67% of IT leaders reporting an increase in data breaches" related to telecommuting. About one-third of IT leaders at companies that are not using Microsoft 365 reported increased WFH-related data breaches, according to Egress.

SEE: How to manage passwords: Best practices and security tips (free PDF)

In recent weeks, some companies have started to bring employees back to the traditional in-person office. At the same time, a number of organizations have made long-term commitments to remote work and hybrid work models. About three-quarters of respondent IT leaders believe hybrid or remote work models will make it more difficult to "prevent email data loss from Microsoft 365, compared to 40% of those not using it."

After an email data breach, the vast majority (93%) of organizations using Microsoft 365 reported "suffering negative impacts," compared to 84% of non-Microsoft 365 users, according to Egress. In the last 12 months, only 4% of companies not using Microsoft 365 experienced more than 500 data breaches compared to 15% of companies using Microsoft 365.

Accidental information leaks related to employees inadvertently sending emails are also more common for Microsoft 365 users, according to Egress, with 14% of non-Microsoft 365 users reporting "incidents caused by an employee sharing data in error via email" compared to 26% of Microsoft 365 users.

The switch to remote work has presented no shortage of challenges for IT teams responsible for monitoring network security as employees log on at home via work and personal laptops. A portion of the release focuses on IT cybersecurity related to Microsoft 365.

SEE: How to protect your Microsoft Office 365 environment from cyber threats (TechRepublic)

"100% of the IT leaders that had deployed static email DLP into their Microsoft 365 environment were frustrated by it. 43% reported these tools required a high level of admin to maintain and 26% said they created friction for their users," the release said.

Methodology and full report

Arlington Research conducted the research based on 3,000 remote employees and 500 IT leaders in finance, legal and healthcare markets across the United Kingdom and the U.S. People interested in downloading the full report can do so on the Egress website.

"We don't agree with recent claims made in this marketing report from a competitor in the email security space," said a Microsoft spokesperson via email.

Also see