Outlook’s Web App allows your organization to decrease IT costs and increase employee productivity. However, it does open your corporate structure and exchange server up to hacker attacks through the OWA interface.
Thankfully, there are ways to reduce this risk. Take a look at the 4 options below to find out the best method for you (note: they’re usually more effective when combined!).
#1 Ensure Strong Passwords and Lockouts Are Created and Used
Your security system should start with your passwords. Employing a strong password policy ensures hackers find it much harder to guess or work out. Generally, they include special characters, capital letters, and numbers to make the combination as unexpected as possible.
Once a clever password has been generated, you can add a lockout mechanism to further secure your OWA. This will time a user out after they have made 5 (for example) login attempts.
However, it’s important to understand that this does make it easy for hackers to log out a huge number of users in a very short space of time. So, you should employ other security measures in tandem to negate this negative consequence.
#2 Employ 2-Factor Authentication
Two-Factor Authentication, known as 2FA in the cybersecurity industry, is an added protective layer utilized to ensure those trying to get into an online account are actually who they claim to be.
The first step (or factor) is for the user to input their username and password. There’s nothing new or fancy about this. The extra security layer is employed in the next step (factor).
This aforementioned second factor can be one of these:
An Item You Own —
This could be a smartphone, credit card, or a token. The 2FA will ask the user to perform a certain action with the item to check the person’s identity.
Secret Bit of Knowledge —
This is set by the user during initial registration. It could be a certain PIN (personal ID number), answers to specific questions only you’d know, or a variety of pre-determined keystrokes.
Something Only You Are —
You don’t normally find this one since it’s rather advanced. It could be a voiceprint, fingerprint, or an eye scan.
Implementing two-factor authentication adds a hard-to-break second layer of security, that prevents access even if a hacker got a hold of your password. In other words, even if someone stole your device and/or knew your password, the likelihood of them also knowing your second answer is very slim.
#3 Try Geo-Blocking
Usually, attempted break-ins to your Outlook Web App will occur from a certain geographical location. Implementing a geo-blocker or manually blocking users from ill-intentioned places can vastly increase your security.
The first method is to allow verified users inside a corporate VPN (a virtual private network) to access your Outlook Web Apps from wherever they are in the world.
The second method is to restrict access even more by only letting users based in your company’s normal operation zones. We’d argue that this is the best way to ensure forbidden users don’t infiltrate your system from other locations. However, you’ll have to ensure it doesn’t affect your organizations’ user experience too much.
#4 Use a CAPTCHA
CAPTCHAs are used by many companies to help secure against automated login attempts. You’ve likely come across this security tactic in the form of checkboxes marked “Tick this to ensure you’re not a robot”.
However, you should think about the potential negative impacts on user’s experience before setting up this security measure. Why? Since CAPTCHA adds an extra (sometimes lengthy) step to the login process, your users may quickly become frustrated (especially when using a mobile device).
For those of you who believe that their Outlook Web Apps users will be unhappy with this addition, think about adopting a dynamic CAPTCHA approach. This will only appear once a user has failed to log in two or three times. Depending on the CAPTCHA you choose, you can set the limit to suit your preferences.