READ TIME: 5 MINS
What is your business doing to prevent cyber attacks from occurring? Have you heard the recent cyber attacks concerning the Microsoft Office 365 “account-takeover?” If either of these questions is unfamiliar to you, it’s time to listen up.
The Department of Homeland Security recently issued a statement on Microsoft Office 365 cybersecurity stating that many IT consulting companies and MSPs (Managed IT Services Providers) involved in the 365 account-takeover have not appropriately been securing their cloud-based services for their customers.
Before we get into the preventative measures to take to avoid attacks like this in the future, we’ll first bring you up to speed on the attack itself and what many businesses faced if they were a victim.
By the way, if you’re a customer of ours, don’t worry. We’ve got you covered when it comes to the security of your business.
Microsoft Office 365 Cyber Attack: What Happened?
According to Info Security Group, The Office 365 account-takeover attack was a way for cybercriminals to learn how a company operates, how it uses email signatures, and how it handles its financial transactions. After collecting this information, hackers could then successfully launch attacks, as well as gathering additional login credentials to other accounts.
Typically, Office 365 account-takeover attacks begin with social-engineering tactics to entice email recipients to a phishing website. For those of you unfamiliar with the term, a phishing website attempts to steal your account data, password, or confidential information by tricking you into believing you’re on a legitimate website.
After an Office 365 attack, hackers are then able to track company activities and use collected credentials to target other high-value accounts. Hackers who attacked certain 365 accounts were able to steal personal, financial, and confidential information to commit even harsher crimes, such as identity theft and fraud.
As a reminder, cybercriminals don’t discriminate. Many of the hackers involved in this most recent attack also targeted a company’s partners and customers, not just the employees, making this attack a bigger threat and more damaging than others.
How Can I Keep My Business Safe From Cyberattacks?
This unfortunate cyber attack isn’t good for any business or employee. However, instances like this are a great way to learn and implement newer and better ways to protect your business, employees, and customers.
Managed IT services partners that communicate the warning signs and strategies to their customers can undoubtedly differentiate themselves from other, less reputable, companies.
Along with a managed IT services team or partner, it’s also up to you to protect your accounts and data for the sake of yourself, and your company. Take a glance below at some easy ways you can stay safe on the internet.
Hacking or a data breach is when someone gains unauthorized access to your computer and personal information stored on your drive, the network, or cloud. Nowadays, it’s pretty easy for hackers to access your files, even if you think you keep your data secure.
There’s a plethora of tools and techniques online and offline that makes it pretty easy for malicious activities to take place. It’s essential you become extra cautious when it comes to protecting and securing your documents, files or updating your staff with the latest threats.
Hackers can find weaknesses in your security settings, and once they do so, they can gain control over your passwords to gain access to all of your information.
Make sure you’re routinely changing all of your passwords, about every 3 months. This includes your computer login, email, apps, company instant messaging, and your network drive.
Don’t forget you should be incorporating upper case letters, lower case and special characters in your passwords and no two passwords should be the same.
Malware is one of the more common ways to infiltrate or damage your computer. Malware is malicious software that infects your computer, and the most common types are viruses, trojans, spyware, ransomware, adware, and botnets. Here’s a more in-depth description of these common types of malware:
- Virus: Similar to a virus you can contract from another person, computer viruses attach themselves to clean files and infect other clean files, spreading uncontrollably and damaging a system’s core functionality and deleting or corrupting files. Viruses typically appear as an executable file.
- Trojans: Trojans disguise themselves as legitimate software but act discretely to create backdoors in your security, allowing in and installing malware. The tricky thing about Trojans is that they can also infect your computer by tampering with clean or new software, without your knowledge.
- Spyware: Spyware is pretty self-explanatory— it’s malware designed to spy on you. Spyware hides in the background and takes notes on what you do online including passwords, credit card numbers, and surfing habits. You can think of spyware as a virtual way of watching you, then robbing you.
- Worms: Using network interfaces, worms infect entire networks of devices, either local or across the internet. Once infecting one machine, worms can travel and infect other machines. They call them worms because these types of software burrow from one machine or network to another.
- Ransomware: Ransomware is a type of malware that can lock down your computer, preventing you from even logging in to your machine. Ransomware can threaten to erase every single document and piece of information on your machine unless a ransom is paid to the owner. Learn more about Ransomware by reading our article, Don’t Cry! — Tips to Prevent Your Business from Ransomware.
- Adware: Adware is an aggressive type of advertising software that can undermine your security to serve you targeted ads, such as pop-ups. Adware has a way of bringing in other malware as it enters your computer. Most of the time, Adware is a nuisance more than creating harm, but if you get enough on your device, it can slow it down to a crawl.
- Botnets: Botnets are networks of infected computers, made to work together under the control of an attacker. These are very sophisticated programs that have an overall goal to interrupt your network or systems so that a different type of software can be used to break into your hardware, software, or systems.
Wi-Fi eavesdropping is another dangerous method used by cybercriminals to attack and obtain your personal and financial information. Unfortunately, Wi-Fi is not always secure.
On private networks, you can enable encryption to prevent unauthorized people from connecting and reading the traffic as it travels through the airwaves. However, depending upon the security mode you use, connected users may still be able to eavesdrop on each other’s traffic.
Although public networks may use web-based authentication (captive portals or websites), most don’t use actual encryption, and anyone nearby can easily eavesdrop on the hotspot traffic.
Cybersecurity is one of the most essential and vital things you can implement and monitor for the success of your company. The more time you put into protecting your personal and financial information, the more secure your business will be.
Anytime is the best time to be thinking about Cyber Security and threats, but the most important time is now.
Learn even more ways to protect your business by reading our article, Network Security Issues: 10 Tips to Keep Your Business Secure.
At AIS, we continually look for the newest and best information to bring to our current and future customers. Our job is to serve you and help you establish your specific business needs to help you reach your business goals. We want your business to continue its successful growth and are here for you if you have any questions about managed IT services. To speak with one of our business technology consultants, reach out to us, here. We’re here to give you peace of mind, to help you win more business.