How can I prevent my Office 365 accounts from being hacked?

A recent Beazley report has revealed the number of compromised business emails has risen by 133% in the past year. And last year, we reported on the increase in Office 365 account takeover attacks (ATO).

With this massive rise in email accounts being compromised, which I’ve experienced first-hand working in TSG’s support team, it’s time to talk about preventative measures we can take to protect against these kinds of attacks.

Let me start by explaining exactly what’s been happening.

My Office 365 account has been hacked

Joe Bloggs has clicked on a link from his good friend in the marketing department of his own company. It’s a real email and it really has come from his own company.

That link has lead to a very realistic landing page asking him to log in, so he does.

His email account is now compromised. Joe Bloggs has just unwittingly passed his username and password on to scammers. His account then fires out an email, from his real account, to every single person he has ever emailed in the past and it’s now with you. You trust Joe, so you open it. And so it goes on…

It’s a scam known as phishing and, while learning to spot the signs of a suspicious email, sometimes no amount of vigilance will protect you from every way in which an attack like this can take place.

So how can you protect your staff, your clients’ trust in your business and your data?

How to fix a hacked Office 365 account

Two-factor authentication (2FA) renders your username and password almost useless to an attacker who is looking to obtain access to your accounts. No need for physical security.

2FA allows you to set a second factor, such as a verification text, that an attacker must also have access to before they can get into your account. If the attacker doesn’t have your email address, your password AND your personal physical device, they’re not gaining access to your accounts.

I work on TSG’s service desk, helping customers with reactive responses to raised tickets. A small portion of what I’m tasked with is dealing with hacked accounts, so I witness the fallout that comes as a result of these issues on a near-daily basis.

Without security measures such as 2FA enabled, it’s no longer a question of if you’ll get hacked, it’s when. I’ve seen everything from bank transfers being sent to attackers, to emails going to 4000 contacts of an individual person and even new domains being created in Office 365 accounts for the purpose of sending out further scam emails.

We respond incredibly quickly to any security concerns raised and react immediately to these cases, but the fallout as a result of the initial attack can take weeks or months to be dealt with by the hacked person or management.

Enabling 2FA is simple. You need to supply a phone number for the user that a text can be sent to, add the licence to the user on Office 365, then it’s as simple as hitting the ‘enable’ button. Or, better yet, we’ll do all of the setup for you as your managed IT services partner!

It’s tiny steps to take that will result in a massive amount of protection. TSG uses it across all of our internal applications and services and it doesn’t cause any hassle to our users, it just protects our accounts.

If you’re one of our customers, please speak to your account manager about enabling 2-factor authentication as soon as possible, or use our short form to request a callback. If you’re not a customer, you can also request a callback from one of our security experts to see what we can offer.

Not using Office 365?

Your Office 365 account is a prime target for hackers because it’s the core tenant you use to do your job. It’s not just your email, it’s all of your Word, Excel and PowerPoint documents in your OneDrive storage and all of your Office apps. Microsoft Office 365 comes with Microsoft Teams, offering hackers more opportunities to share malicious documents.

But it’s not just Office 365 subscription accounts that are appealing to cybercriminals. Even if you’re on Office 2019 or an older version of Office, simply getting access to your email is enough to wreak havoc.

But even though your Office 365 account and office applications are a target for hackers, they’re also straightforward to protect. What’s more, if you purchase an Office 365 licence, you’ll pay monthly, get 1TB of cloud storage, apps on multiple devices as well as your desktop apps and real-time, automatic updates to ensure your apps are secure.

Interested in buying Office 365 licences for your PCs or Macs? Get in touch with TSG today.