With the rise of Office 365 email accounts, a new kind of hack is becoming more common. Microsoft expects to have 120 million users by the end of 2018, so a hack targeting these users is likely to spread quickly. Knowing what to look out for is your best defense against having your Office 365 email hacked. Here’s what you need to know to guard against having your own email hacked, and your company hobbled by an Office 365 Cyber Attack.
How An Office 365 Account Gets Hacked
The link, which looks legitimate, is actually malicious. We are all used to seeing links in blue, and generally expect that a link with a URL (web address) in the text actually goes to that URL. Well, that is not necessarily the case; in this case, the link to Portal.office.com instead leads to a fake login page.
Once you arrive there and enter your real Office 365 username and password, the malicious software immediately begins its work.
Typically, that includes…
- Setting up forwarding rules so that every email you receive gets silently forwarded to people who monitor your email. These bad guys are looking for other account usernames and passwords, communication patterns, contact email addresses, and more. The more information someone has about you, the easier it is for them to launch increasingly more dangerous attacks.
- With this additional contact information, more emails are generated, ensuring the attack spreads within your organization and among your contacts.
- If someone with Office 365 administrative privileges falls for this ruse, the entire Office 365 account is now at risk, and even more dangerous and malicious attacks could happen.
How to Prevent An Office 365 Attack
Microsoft has developed tools to help organizations prevent Office 365 Attacks. They have set up a Security and Compliance Center where they can score the security of your Office 365 setup and provide suggestions to make it more secure.
Some of the features of this security center are only available for larger installations, but some are extremely effective and should be implemented on all Office 365 implementations, including…
- Enabling “Multi Factor Authentication” for all users. That means all users must take additional steps to log in. Steps might include entering a one-time PIN sent via text message to a cell phone, using a fingerprint scanner, or answering challenge questions. While this is often inconvenient for users, it makes it nearly impossible for hackers to log in to an Office 365 account.
- Enforce very strong passwords. No more “Password” or “123456” as your password. Long passwords that include punctuation, capital and lowercase letters, and numbers are now required to prevent brute-force hacking attacks.
- Block forwarding within your Office 365 account.
Microsoft encourages you to visit the Security and Compliance Center at http://protection.office.com. However, you might find it difficult to implement all of Microsoft’s recommendations on your own. That’s where we can help. We’re experts at configuring Office 365 security measures, as well as other network security features, to help protect your business from hacks and threats of all kinds.
Of course, your entire business infrastructure becomes more secure with proper training. We at Digital Uppercut can also provide cybersecurity training to all of your employees. It is a very inexpensive service compared to the cost of a hack that disrupts your business or the cost of cleaning up a hacked system.
Secure Your Business Today
Call Digital Uppercut today and let’s talk about securing your business. We offer plans of all sizes for all kinds of companies. And while they’re all designed to help secure our clients and prevent hacks, they are also designed to help you run your business “as usual” and without overzealous security measures that could actually prevent your people from getting work done. Call us today at 818-713-1335 or contact us here for a free preliminary Security Analysis and consultation.
