The cloud is vital for today’s businesses. In the current environment, with many employees working from home and organizations left in flux awaiting the end of the pandemic, virtual platforms' flexibility is invaluable.

From email and other communications applications to CRMs and other business tools, everyone wants that “anywhere, anytime” access that cloud solutions provide. These apps are typically easy to use with an affordable price point that gives your clients the ability to scale up or down as needed. In a WFH world, the cloud makes life easier for everyone- including end-users, their employers, and the MSPs who help support these virtual services.

Despite all those positive attributes, many of your clients may not be aware of these easy-to-deploy platforms' inherent risks. For example, the “built-in” email security measures for Microsoft 365 or Gmail should be considered a good starting point.

While each platform has safeguards, many of those protections are relatively ineffective against advanced cyberattacks. The increasing barrage of ransomware points to the overall apathy most end-users have towards incoming messages. Human errors and ignorance regarding email messages remain the biggest threats to business security.

According to Verizon’s 2020 Data Breach Investigations Report, one-fourth of data breaches involved phishing. These numbers were likely boosted by the pandemic, which saw attacks rise nearly 600% during the past year. When you consider that the average data breach costs organizations upwards of $8 million, your clients should never rely on the basic protections from Microsoft, Google, and other cloud platforms.

The concern for many MSPs is these market-leading applications are also top targets of cybercriminals. End-user misperceptions about security encourage hackers to exploit these platforms' defenses, exposing corporate and personal data and jeopardizing their compliance with regulations and industry standards.

Make Advanced Protection the New Standard

Microsoft sits squarely in the crosshairs of many malicious actors. As more businesses adopt global cloud platforms, cybercriminals will amp up the attacks on those applications to gain the most financial rewards for their efforts. Hackers always focus on areas where they will get the most return on their investments, and for business email, MS 365 is the top target.

The reality is multifunctional platforms will always require supplemental protection. Most businesses expect comprehensive coverage from companies with deep pockets but, more often than not, end up with their data or networks accessible by cybercriminals.

Selecting ‘off the shelf’ or ‘cloud suites’ with security protections is a positive first step. Hackers have access to the same APIs and toolsets as developers, making those platforms easier to infiltrate for anyone with expertise in that area (including cybercriminals). Adding layers of cybersecurity solutions may not stop every attack, but that action typically slows down attacks and give MSPs time to respond or deter the bad actors from putting those systems in their crosshairs.

Fill Potential Gaps

General security practices tell us any potential point of failure should have at least two defense layers – and that same standard applies to MS 365 and other cloud platforms. MSPs must take on the responsibility of protecting and educating their clients on all the vulnerabilities and latest email threats, including those already being addressed by the suppliers.

That task includes adding layers. Boosting protection prevents your clients from being “low hanging fruit” for cybercriminals. Those layers may consist of:

Inbound and Outbound Filtering

It is essential to add a solution that stops certain information from entering or leaving your clients’ systems. While Microsoft 365 offers basic filtering options, end-users often report receiving a high amount of spam and false positives. Complicating the matter is most cannot easily find blocked messages, which can create a log jam and more support requests for your MSP tech team. No one wants to miss essential emails concerning business transactions or upcoming deadlines, especially if they never realize those messages could be missing. Upgrading to a higher-level filtering system allows your clients to properly sifting through spam, viruses, phishing, and other issues.

Consider upgrading to Mailprotector’s CloudFilter, which not only lets users review potentially harmful content but handles messages more intelligently to reduce false positives. Your clients can also create incoming and outgoing mail policies to prevent sensitive information from leaving the work environment. MS 365 is not naturally intuitive in that area. The addition of email filtering makes it easier for end-users to understand the security issues with suspect messages and improves the visibility of quarantined messages.


A common misconception about email is that these systems are inherently secure. They assume the people they are sending messages to will be the only ones receiving that information.

Human errors create a lot of problems in real life, including sending sensitive information to the wrong party (imagine the accountant sending a copy of the company’s tax forms to a key client). Even without senders making mistakes, malicious actors can still intercept their messages. There is no better way to secure data in transit than with encryption.

For example, Mailprotector’s Bracket® is a useful and intuitive security layer. Only authorized senders and recipients can access the files or text in encoded email messages due to AES256 encryption and two-factor authentication. MSPs can add that layer of security on top of MS 365 without changing MX records, and MSPs can automate the entire setup process.

Of course, filtering and encryption are not the only ways MSPs can secure end-users messages. Archiving and backup ensure employees can quickly locate email conversations and keep everyone working when their systems go down.

Enhance Everything

Microsoft 365 is widely used for many reasons today. However, popularity does not ensure total security. Layering solutions on top of standard email solutions is essential in today’s threat landscape.

With distributed workforces and rising cybersecurity threats, this approach is not only business-critical, but a great way to increase profits for your MSP. These applications can increase Monthly Recurring Revenue (MRR) while giving your clients the protection they need and deserve.

When security becomes an issue, MSPs often get the blame, even when employees are at fault. Avoid that debacle by delivering the best protection possible. Add layers of cybersecurity to ensure you and your clients can sleep better every night.

Author Matt Scully is channel chief at Mailprotector. Read more guest blogs from Mailprotector here.