25 Jan

Attention Office 365 Users: Protect Your Email from this New Hacker Tactic

By Witold Stanislawski and Ray Miner, Technology Solutions Advisors. 

Continuous access to e-mail communications is at the core of every Small and Medium Sized Business (#SMB) today. There is an emerging vulnerability, which could allow a hacker to encrypt your email system data within seconds and make all your information inaccessible.

If successful, these hackers could:

  • Demand a ransom to unlock the access to your email.  Companies are paying $100,000+ in many cases.
  • Block users from accessing email for hours until the ransom is paid .
  • Delete all email messages whether the ransom is paid or not.  They can’t be trusted….
  • Bankrupt your company.

How do you avoid and/or mitigate the impact of this attack?  Network It Easy, Inc. recommends:

  1. Disable a capability within O365 that allows “Integrated Apps”. “Integrated Apps” allows a third-party applications to read user profile details, edit or delete their files, read items contained in the collections and send email as that user.  In essence it gives those applications control of your email.
  2. Enable Multi Factor Authentication (MFA) for all your mailboxes which requires the entry of an automatically generated, temporary and unique verification code that is sent to a separate device like a cell phone.  MFA is included with Office 365 but not enabled. It must be enabled and configured.
  3. Sign up for a cloud mailbox backup (Office 365 does not provide a mailbox backup). This backup will allow you to restore the mailbox data and go back as far as your backup retention policy allows for, even if the e-mails get encrypted.  This will allow you to NOT pay ransom.
  4. Engage with a Managed Services and Security Provider (MSSP) like Network It Easy, Inc. and get all the above plus pro-active security and vulnerability scanning and training as a monthly subscription.

For additional information, contact us at (630) 435-4000.

Share this

Leave a reply