The time when you’re most vulnerable is when you think you’re not. Think about it. If you think you’re vulnerable, you’re likely to do something about it. But if you think you’re okay, you’re likely to rely on the status quo. And that’s the problem Office 365 users are facing right now. They don’t think they’re vulnerable, but they are.

As a recent article on Help Net Security points out, “Malicious files and links regularly bypass email security products, leaving enterprises vulnerable to email-based attacks.” And no one’s worse at protecting their users than Office 365.

Office 365 comes with Advanced Threat Protection (ATP), a security add-on that supposedly protects users from phishing emails. Since it costs users extra, they probably assume they’re protected. Afterall, it’s Microsoft.

How frequently does ATP miss on malicious emails? Would you believe 23% of the time, on average. That’s right, almost 1 in 4 malicious emails makes it through the ATP defenses. It’s almost like having no protection at all. And the worst part is, the time to detect the miss is 24-48 hours. By then the damage is done.

The cause of this problem? “Increased use of automation allows attackers to create many ‘mutations’ for each malware or malicious file, potentially inundating email security products with new unknown threats.”

Why is ATP so ineffective against phishing emails? It’s hard to know for sure. But one possible explanation is lack of teamwork.

The best way to stop phishing attacks is by joining forces with others who are trying to stop phishing attacks to create the most accurate real-time situationally-aware database of the email threat landscape possible. So, for instance, Phish Protection that queries six real-time threat databases for each email received, will be more effective than a company operating alone, like perhaps Microsoft.

The bottom line is Office 365 with ATP will not protect you from malicious emails. You’re going to need something more. Something that requires no upfront expense, sets up in minutes, works with every email provider and only costs pennies per user per month. Something like Phish Protection.

The secret to protecting yourself is knowing when you’re vulnerable. If you use Office 365, you’re vulnerable. Get protected with