With the rise of Office 365 email accounts, a new kind of hack is becoming more common. Microsoft expects that they’ll have 120 million users by the end of 2018, so a hack targeted at these users is likely to spread quickly. Knowing what to look out for is your best defense against ensuring that your own Office 365 email isn’t hacked. Here’s what you need to know to guard against having your own email hacked, and your company hobbled by an Office 365 Cyber Attack.
How An Office 365 Account Gets Hacked
A typical attack begins innocently enough, often with a request to reactivate a suspended email account. The email looks a lot like a legitimate communication from Microsoft, except for the fact that Microsoft doesn’t disable email accounts in this fashion.
The link, which looks legitimate, is actually malicious. We are all used to seeing links in blue, and generally expect that a link with a URL (web address) in the text actually goes to that URL. Well, that is not necessarily the case, and in this case, the link to Portal.office.com instead goes to a fake login page.
Once you arrive there and enter in your real Office 365 username and password, the malicious software immediately begins its work.
Typically, that includes…
- Setting up forwarding rules, so that every email you receive gets silently forwarded to people who monitor your email. These bad guys are looking for other account usernames and passwords, communication patterns, contact email addresses, and more. The more information someone has about you, the easier it is for them to launch increasingly more dangerous attacks.
- With this additional contact information, more emails are generated, ensuring that this attack spreads within your organization and among your other contacts.
- If someone with Office 365 administrative privileges falls for this ruse, the entire Office 365 account is now at risk, and even more dangerous and malicious attacks could happen.
How to Prevent An Office 365 Attack
Microsoft has developed some tools to help organizations prevent an Office 365 Attack. They have set up a Security and Compliance Center where they can score the security of your Office 365 setup and provide suggestions on how to make it more secure.
Some of the features of this security center are only available for larger installations, but some are extremely effective and should be implemented on all Office 365 implementations, including…
- Enabling “Multi Factor Authentication” for all users. That means that all users are required to take additional steps to log in. Steps might include entering a one-time PIN code that is sent via text message to a cell phone, a fingerprint scanner, or answering some challenge questions. While this is often inconvenient for the users, it makes logging into an Office 365 account by hackers nearly impossible.
- Enforce very strong passwords. No more “Password” or “123456” as your password. Long passwords that include punctuation, capital and lowercase letters, as well as numbers are now required to prevent brute force hack attacks.
- Block forwarding within your Office 365 account.
Microsoft encourages you to visit the Security and Compliance Center, which you can find here: http://protection.office.com. However, you might find it difficult to implement all of Microsoft’s recommendations on your own. That’s where we can help. We’re experts at configuring Office 365 security measures, as well as other network security features, to help protect your business from hacks and threats of all kind.
Of course, your entire business infrastructure becomes more secure with proper training. We at Digital Uppercut can also provide Cyber Security training to all of your employees. It is a very inexpensive service compared to the cost of a hack interrupting your business, or the cost of having to clean up a hacked system.
Secure Your Business Today
Call Digital Uppercut today and let’s talk about securing your business. We offer plans of all sizes for all kinds of companies. And while they’re all designed to help secure our clients and prevent hacks, they are also designed to help you run your business “as usual” and without overzealous security measures that could actually prevent your people from getting work done. Call us today at 818-713-1335 or contact us here for a free preliminary Security Analysis and consultation.