Listen to this article

Many businesses depend on cloud-based email solutions like Microsoft Office 365. One specific feature in particular, Free/Busy, offers relief for time-pressed executives and others who have to juggle multiple meetings and appointments. This platform lets users see when their colleagues are available for meetings or appointments, and shows if someone is available, busy or unsure. It also helps to schedule meetings and improve coordination and time management within teams.

But Free/Busy also introduces significant cybersecurity considerations. Fortunately, trained cybersecurity professionals can help you plug security gaps like this.

One of the primary risks associated with Free/Busy involves unauthorized access to users’ availability information. If a Free/Busy executive has an extended period marked on their calendar as being “out of touch” – perhaps during vacation, a conference or during travel, for example – the blackout period acts as a signal to bad actors that this is the best time to launch a cyber-attack against an organization.

Here is how it works: A nation-state or other advanced bad actor with access to Free/Busy can pretend to be a high-level executive and send a realistic-looking urgent message to an employee, asking them to transfer money, buy gift cards or take other actions. The thing is, the bad actor knows that during the Free/Busy blackout period, the employee will likely be unable to confirm the request with the real executive.

Although small businesses and large ones can be targeted, the odds of a successful cyber-attack actually increase with the size of the organization. That is because in a company with say, tens of thousands of employees and contractors, a bad actor only needs access to one Free/Busy account to pull off the heist.

In fact, in today’s cost-cutting environment, there is a higher chance of a successful cyber-attack, since many companies are using more contractors who often lack the security training that employees undergo. As a result, contractors are more prone to such risky behavior as using the same passwords across multiple platforms and engaging in other unsafe cyber practices.

Mitigating strategies

Partnering with a trained IT support services provider can help your company minimize Free/Busy and other cybersecurity risks. A trusted cybersecurity solutions provider can work with you to implement proactive measures that enhance security and protect sensitive information, helping you to better safeguard your data and systems.

Promoting cybersecurity awareness among employees and contractors is crucial. Well-designed training programs will teach employees about issues like the dangers of sharing availability information, and how to recognize and react to suspicious activities.

More Tech Intelligence

• How to avoid cybersecurity squalls in a cloud migration
• Does your IT provider still fit the bill?
• A human-centric cybersecurity approach
• How to shut the door on big data thieves
• How a layered defense can guard against the dark side of email

Access controls are also important. Strong access controls and authentication methods should be in place to limit access to Free/Busy data. For example, only authorized users should have access to calendars. Cybersecurity professionals can assist you in turning off Free/Busy for freelancers/contractors and other unnecessary users; and can also limit access to specific individuals within a department.

Proactive initiatives, including requiring strong password policies, implementing multi-factor authentication and conducting access reviews periodically, will also strengthen your digital defenses. Trained cybersecurity professionals can also help you use encryption technologies to protect Free/Busy data, improving security during transit and while at rest.

Advanced tools are available to help organizations detect threats, while monitoring systems will allow you to quickly identify and respond to any suspicious activities by monitoring access logs, analyzing user behavior, and leveraging artificial intelligence for anomaly detection.

It is also important to update Office 365 and its apps periodically, since this helps to fix known issues and prevent security risks, while updating with the latest security patches is crucial for maintaining the overall security of your system. Automating patch management will help to ensure that updates are applied properly and on time.

Cybersecurity provider teams can further help your organization to follow such data protection regulations as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and California Consumer Privacy Act (CCPA), which impose strict requirements on the handling and safeguarding of personal and sensitive data, including availability information stored within Office 365. Failure to comply with these regulations can result in severe legal and financial consequences for organizations.

Free/Busy functionality in Office 365 offers undeniable benefits for streamlining communication and collaboration, but it also introduces cybersecurity risks that organizations must address. Your organization can protect Free/Busy functionality and reduce security risks effectively by working with trained cybersecurity professionals to educate your users, control access, encrypt data, monitor activities and ensure compliance.

A comprehensive approach to cybersecurity assisted by trained and experienced cybersecurity professionals can help you protect sensitive data and ensure that business operations run smoothly. This kind of proactive approach will also encourage and expand trust between you and your clients.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken, providing IT consulting and cybersecurity services for businesses ranging from home offices to multinational corporations.