A housing association based in the north of England, First Choice Homes Oldham (FCHO) currently manages 11,500 properties and has plans to expand their portfolio with an additional 700 affordable new homes by 2025. Achieving the highest standards of client service delivery and operational efficiency means FCHO employees rely heavily on email for business communication.
The challenge: Detecting impersonation attacks and preventing data loss without impacting productivity
With phishing attacks continually evolving to bypass traditional defenses and the ongoing risk of human error, FCHO’s IT team identified the opportunity to deploy intelligent email security in their Microsoft 365 environment.
“We have a secure email gateway (SEG) implemented in our Microsoft 365 environment, but we were aware that advanced phishing attacks can get through its signature-based and reputation-based detection,” explains Bharat Velji, Head of IT at FCHO. “At the same time, we recognized that we also needed to deploy greater security controls to prevent data loss for outbound email.”
FCHO’s SEG enabled them to create allow and block lists, however as many of their clients use webmail addresses, such as Gmail, they were unable to block communication to and from these domains. As a result, FCHO identified that the organization was vulnerable to inbound attacks sent from these addresses that contained payloads undetectable by their SEG, such as newly created phishing websites used for credential scraping, or that relied on social engineering to convince employees to take an action.
“The two biggest threats to our security were impersonation attacks and credential harvesting,” Bharat continues. “As a public-facing organization, it’s easy to find out about our senior leadership. Through employee reporting, we knew that we were being targeted by cybercriminals setting up webmail accounts in the names of our CEO and other senior managers to ask employees to take certain actions, such as pay fraudulent invoices or purchase gift cards, share their credentials, or click on a phishing link. Display name spoofing meant that it was difficult for people to always notice that these emails were being sent from fraudulent addresses.”
FCHO also recognized that they needed to enhance their outbound email security to detect and prevent accidental and intentional data loss. As part of service delivery, employees are required to communicate with clients about personally identifiable information (PII) and other protected class information, such as health data, as well as share this and other corporate-sensitive data internally. This data was at risk primarily from human error and FCHO particularly wanted to stop mistakes caused by Outlook autocomplete and failure to use the Bcc field for large recipient lists.
“We actually trialed turning Outlook autocomplete off for the entire organization,” states Bharat. “However, we couldn’t tolerate the inefficiency of colleagues having to manually type or copy and paste addresses every time they needed to send an email. We also hadn’t solved the fundamental issue, as mistakes could still happen, such as mistyping an email address or selecting the wrong one from their list. Mistyping was the bigger risk, as colleagues routinely communicate with webmail accounts and there’s a greater chance that different configurations of an address are registered somewhere in the world, while corporate domains are more likely to result in a bounce back.”
It was great to speak with a single vendor that offered intelligent email security for both inbound and outbound.
The solution: Egress Intelligent Email Security for Microsoft 365
Team members at FCHO already used free Egress Protect accounts to send and receive encrypted emails with Oldham Council. In November 2021, they contacted Egress to learn about their anti-phishing product, Egress Defend, and email DLP solution, Egress Prevent.
“We already knew about Egress, so we contacted the team to find out how they could improve our defenses in Microsoft 365,” continues Bharat. “It was great to speak with a single vendor that offered intelligent email security for both inbound and outbound threats.”
Defend uses AI models to detect advanced phishing attacks, such as impersonation attacks, CEO fraud, and business email compromise. Taking a zero-trust approach, Defend analyzes all inbound mail flow and, in addition to inspecting technical aspects, such as sender domain and header information, the solution also examines message body and content using natural language processing and natural language understanding to detect social engineering. Defend applies heat-based warnings to phishing emails, which act as real-time teachable moments to educate users using real, neutralized attacks.
Similarly, Prevent analyzes all emails as they’re composed, using machine learning algorithms to deeply understand each individual user’s behavior and detect when an abnormal event has occurred, such as adding an incorrect recipient or attaching the wrong file. This includes identifying when recipients suggested by Outlook autocomplete have been added to an email by mistake, as well as other outbound security use cases, such as failure to use the Bcc field for large recipient lists and replies to phishing emails. The solution provides in-the-moment advice through a discreet prompt that alerts users to their mistakes, while riskier or intentionally malicious behavior can be blocked altogether.
“After a thorough evaluation we knew Defend and Prevent were the solutions for us,” declares Bharat. “Unlike other solutions we looked at, Egress proved it worked effectively without adding extra complexity. It was important we found a solution that made our IT team’s lives easier, not harder; could add extra security beyond our SEG; and was offered at the right price point. Egress ticked all these boxes, plus it brought the added benefit of enhancing colleagues’ security awareness through its real-time teachable moments.”
Egress is incredibly light touch; we don’t have to worry about it - it just works!
The results: Enhanced threat detection without business disruption
After trialing Defend and Prevent with a pilot test group, FCHO conducted a phased deployment throughout the organization, giving colleagues the opportunity to feed back on the products.
“We wanted something low maintenance for our IT team to look after – and Egress has delivered on that promise while providing advanced detection capabilities,” says Bharat. “The deployment was incredibly smooth, and Egress has been easy to manage ever since. Only one member of the IT team was required to run the deployment project, with the products being easily rolled out through Intune to small groups. This phased approach was designed to reduce any potential tickets for our helpdesk, but in reality, there was very little friction.”
Egress’ advanced detection capabilities and self-learning technology minimizes day-to-day administrative overheads, with no need for management of email quarantine or lists and policies. Additionally, by using real-time banners and prompts, Egress educates users at the point of risk, enhancing security awareness and improving organizations’ overall security posture.
“Egress is incredibly light touch; we don’t have to worry about it – it just works!” concludes Bharat. “Colleagues have responded positively to the fact the products add value by identifying more phishing threats than our SEG alone and by spotting outbound email mistakes, without being an extra tool that needs lots of IT tickets. I also regularly review our statistics in the Egress Security Center, so I can see the value that the products are adding.”