- Run searches to steal personally identifiable information.
- Steal bank information to send e-mails requesting fraudulent wire transfers.
- Search the inbox to determine what HR and benefits self-service portal the employer uses, and then request a password reset for the user in that system. Once in the self-service portal, the attacker redirects the employee’s paycheck to one of their accounts.
- Send spam e-mails to all of the user’s contacts in an attempt to get others to give up their credentials as well.
- Change passwords regularly
- Have dual-factor authentication
- Remove auto-forwarding or auto-delete rules
- Teach your employees how to detect bogus-looking e-mails. If unsure, one of the best ways is to look at the sender’s full e-mail address and see if it comports with the e-mail address of a known entity, like a bank.
- Require two-factor authentication for access to Office 365.
- Use the Secure Score tool. This Microsoft tool can be used by anyone who has administrative privileges for an Office 365 subscription. It assists not just in analyzing, but also with implementing best practices regarding their Office 365 security.
- Enforce strong password policies. Educate employees about the risks of recycling passwords for different applications.
- Alert employees who have access to accounts-payable systems or wire transfer payments about these types of scams.
- Train all employees to beware of phishing attempts.
- If you use cloud-based platforms, investigate what logging is available and make sure it is enabled. For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration. In Office 365, you must turn on audit logging in the Security & Compliance Center.
- Work with your cloud provider’s technical team to determine what activities are logged and ensure you have the visibility you need, for the monitoring period you need.
Related Posts
Basics of a Strong Lockout/Tagout Program
A lockout/tagout program will not be effective if your employees are not properly trained in how it works, and if you don’t have consequences for them if they fail to follow the program. Every year, hundreds of workers in the United States die because they don’t follow lockout/tagout procedures or their employers did not have […]As Wildfire Risks Increase, Insuring Businesses More Difficult
Business property coverage is getting more difficult to come by for operations located in areas that are susceptible to wildfires. The devastating wildfires of the last few years, along with the thousands of homes and businesses that have been burned or damaged due to these events, has resulted in insurers becoming more selective about the […]CALIFORNIA: Bureau Recommends Workers’ Comp Rates Drop 5.4%
Workers’ compensation insurance rates will likely continue sliding in 2020 after California’s rating agency submitted its recommendation that the state insurance commissioner reduce the average benchmark rates by 5.4%. If the recommendation is approved, it will be the ninth consecutive rate decrease since 2015 (some years had two decreases), which have resulted in the average […]A Lesson in Timely Claims Reporting
A recent appeals decision denied coverage to a company on its directors and officers (D&O) liability insurance policies for taking too long to file the claim. In this case, the 5th U.S. Circuit Court of Appeals in New Orleans sided with an insurer that had denied a claim a company had made after being sued […]Discipline Should Be Part of Your Safety Program
Does your injury and illness prevention program spell out the disciplinary action your company will pursue if its safety rules are not adhered to? Addressing disciplinary issues can be a very sensitive and stressful process for most managers, supervisors and employees. However, if disciplinary issues are avoided or handled poorly, it can lead to serious […]
Leave a Reply