- Run searches to steal personally identifiable information.
- Steal bank information to send e-mails requesting fraudulent wire transfers.
- Search the inbox to determine what HR and benefits self-service portal the employer uses, and then request a password reset for the user in that system. Once in the self-service portal, the attacker redirects the employee’s paycheck to one of their accounts.
- Send spam e-mails to all of the user’s contacts in an attempt to get others to give up their credentials as well.
- Change passwords regularly
- Have dual-factor authentication
- Remove auto-forwarding or auto-delete rules
- Teach your employees how to detect bogus-looking e-mails. If unsure, one of the best ways is to look at the sender’s full e-mail address and see if it comports with the e-mail address of a known entity, like a bank.
- Require two-factor authentication for access to Office 365.
- Use the Secure Score tool. This Microsoft tool can be used by anyone who has administrative privileges for an Office 365 subscription. It assists not just in analyzing, but also with implementing best practices regarding their Office 365 security.
- Enforce strong password policies. Educate employees about the risks of recycling passwords for different applications.
- Alert employees who have access to accounts-payable systems or wire transfer payments about these types of scams.
- Train all employees to beware of phishing attempts.
- If you use cloud-based platforms, investigate what logging is available and make sure it is enabled. For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration. In Office 365, you must turn on audit logging in the Security & Compliance Center.
- Work with your cloud provider’s technical team to determine what activities are logged and ensure you have the visibility you need, for the monitoring period you need.
Related Posts
DOL Issues New Joint Employer Rules to Ease Burden on Businesses
The Department of Labor has proposed a sweeping new rule that will make it much easier for employers to be compliant with laws governing the use of independent contractors, staffing agencies and temp workers. Joint employment liability has become increasingly murky in light of the gig economy and more employers using staffing agencies and outside […]Don’t Overlook Equipment Breakdown Insurance
Imagine it’s a typical July day. You own a 30,000-square-foot office building that is 85% occupied. And the air conditioning and ventilation systems stop working. The outside temperature is in the 90’s and the humidity is high. It doesn’t take long before the tenants start to complain. The contractor you summon determines that an electrical […]Commercial Auto Rates Face New Headwinds
More accidents attributed to smartphone use while driving, coupled with much higher costs of repairs, have led to double-digit increases in commercial auto insurance rates over the past few years. Distracted driving is just one of many factors that have converged on commercial auto insurance claims, resulting in sustained premium increases. Now there are new […]As Health Deductibles Rise, Employees More Likely to File Workers’ Comp Claims: Study
Sometimes, injured employees are afraid to file a workers’ comp claim after being injured at work because they fear the specter of retaliation by their employer. Experts suspect that up to 10% of workplace injuries are never reported because the workers choose to have the injuries covered by their employer-sponsored health plans. Most employers may […]OSHA Not Letting Up on Inspections, Penalties
Despite expectations, Fed-OSHA under the Trump administration has not backed off on enforcing workplace safety regulations. In fact, the agency is as aggressive as ever and citations are higher than ever as well, after fines were increased substantially three years ago. Based on the agency’s own statistics, a company that’s inspected has only a 25% […]
Leave a Reply