Your Company Just Enabled a Remote Workplace. . . but is it Secure?
By: James Pray
The rapid spread of COVID-19 in the US has forced many companies to establish remote access to their systems in order to continue to operate. As an attorney working with clients on data security matters, I am seeing an uptick in compromised Microsoft Office 365 accounts as companies make the transition. Office 365 is a great platform that allows users to log in from any remote location. However, not all Microsoft licenses are created equal. Lower-end Office 365 licenses—popular with many small to medium-sized businesses—do not have as many security features, including Microsoft’s excellent Advanced Threat Protection. It is also apparent that not all companies are adding two-factor authentication to their systems as they make this transition. This can and will result in hackers stealing credentials and taking over company employee accounts. Once they are in the system, a hacker can run campaigns against company contacts in the inbox and launch invoice fraud or impersonation scams to get company funds redirected to the hacker.
In addition to compromising Office 365 accounts, hackers are ramping up attacks while company IT departments are distracted by the increase in workload caused by the need to allow employees to work from home. The hackers are also working overtime to get employees to click on malicious links that will either steal credentials by faking an Office 365 log-in account or trigger ransomware attacks that will put the company out of business.
How can you fight back?
- Install two-factor authentication. If you don’t take this step, count on being hacked, sooner than later.
- Hire a reputable IT security company to check your firewall, Office 365 settings, and general digital security.
- Disable automatic forwarding of emails. This is a common method used by hackers to harvest and monitor breached accounts.
- Train employees to spot phishing emails. There are several companies that offer very low-cost training programs. If you are not training your employees, they will click on malicious email links.
In the current pandemic environment as well as in a job market where remote working opportunities are becoming widely adopted, it pays to take the necessary steps and security measures to protect your business. If you have any questions or would like additional information, please contact me or your BrownWinick Data Security and Privacy attorney.