Battle of the Week - Person Data Exfiltration
A Company’s Email Service
Limiting the use or disabling the use of email forwarding for users within the company.
Multiple alarms were coming in showing emails being forwarded to an external recipient. Upon a review of the alarms from an analyst, the amount of data being sent out was abnormally large. The company was notified and contacted the owner of the account to verify if the activity was legitimate. The activity from the account was legitimate.
By having an admin set filter policies on Office365 you can help prevent possible data leaks. Setting the filter policy to either automatic, to allow for internal email forwarding, or setting the policy to off, to prevent all forwarding, is usually the best practice set by other companies
By restricting external email forwarding you can help prevent sensitive data from being leaked.