Office 365 hosting an increasing target for hackers
The increasing popularity of Office 365 hosting has a downside; targeting of the platform by hackers.
Just like Microsoft Office software, the wide deployment of Office 365 means it becomes a large target for baddies to try infiltrating. They are succeeding.
A report from Beazley Breach Response Services suggests that attacks against Office 365 are rising. They report a 13% increase in the first quarter of 2018 of email attempts to infiltrate Office 365 hosted customers.
A common attack starts with a fake email from a ‘HelpDesk’ or Microsoft survey. The employee clicks on the email link and is sent to a very sincere looking web site which grabs the employees login and password.
Once they have a valid login, the hackers get into the account and change the password. From there they can email others in the company to get more logins. Any employees they hack might find their pay or benefits redirected to another account, corporate secrets stolen … the list is endless.
Beazley notes that the Office 365 default settings are NOT enough. There’s no proper logging to see who logged in, when and from where.
Among their recommendations is something we’ve been suggesting for years, two-factor authentication.
Getting a second, independent code to login is the single best thing you can do to secure your Microsoft account/s, any email account or other important login. Alas, we’ve found many people find excuses not to make the change, until it’s too late.
Two-factor authentication is important. So important there’s a whole chapter in both Office 2016: the real startup guide and Windows 10 for Microsoft Office users. A practical, step-by-step guide to setting up ‘two-fac’ for a Microsoft account or any other.
Beazley also suggests Secure Score, a tool for Office 365 admins which checks for best practices in security and helps with implementation.
See the full report with other recommendations here.