The security of personal data is important to everyone, and yet most people leave themselves exposed to criminals every time they access their inbox. In this article, we will explain just how simple it is to eliminate the threat from some of the most common types of attack and explain how to secure your Office 365 account.
It may sound like technical jargon, but the concept is no different to double-locking your front door. Two-factor authentication is quite simply a secondary layer of security you need to pass through in order to access an email inbox, i.e. in addition to a username & password, you would need to input a time-sensitive code you have just received in a text message.
This secondary layer is the all-important failsafe you need to keep your account secure, and it works even if hackers have managed to obtain your username & password in a phishing attack. Phishing attacks are an everyday occurrence that literally anybody can fall victim to, but as we will explain, Office 365 can be easily adjusted to make sure you don’t become a victim yourself.
What is a phishing attack?
A phishing attack is designed to trick users into giving away their username & password to hackers who will then attempt to use their inbox as a means to commit a crime (usually fraud). It’s very easy for a user to be tricked into giving away these details, i.e. by inputting their login details on a fake portal that looks identical to the real login page for their mailbox. It can even be as simple as downloading one malicious email attachment.
By obtaining a username & password, criminals can send emails to any address in a user’s inbox pretending to be the ‘real’ person. A breach like this is particularly dangerous for a company inbox that might contain multiple correspondence relating to invoice payments, but even for a personal user, it’s likely at some point they would have used their email address for financial correspondence that could contain sensitive information. Using a company as an example, access to an inbox would enable hackers to send an email to a client stating that all future invoice payments should go into a new bank account (controlled by the hackers).
The horror stories
Even globally renowned institutions have fallen victim to phishing attacks, and the numbers are staggering. Italian football club Lazio paid out £1.75m to fraudsters who purported to be another football club who were owed a transfer fee for a player. Like in the example above, it was as simple as hackers sending an email from a domain familiar to the victim and advising a rogue bank account for payment. Even more surprising was the news that both Google and Facebook had been conned out of $100m by a trickster who impersonated one of their major suppliers.
The UK National Audit Office has stated that online fraud cost consumers £14.8bn in 2016, and that over a third of that sum is thought to be from mass-marketed online crimes such as phishing.
Thankfully it is easy to protect you and/or your business from phishing attacks if you use Office 365. First, you must sign into your Microsoft profile and select the “Security” option. On the following page, select “more security options” and you should be presented with a page that looks similar to the below:
Once you select “Set up two-step verification”, you will be given the choice of what you would like to use as your second layer of security (see below):
Microsoft will recommend their own authentication app for Windows Phone, iOS or Android, but this is not compulsory. You may wish to use another authenticator app such as Authy or Google Authenticator (in which case you would select “other”), or you may wish to not use an app at all and instead receive an SMS message to your phone (use the dropdown menu highlighted above to select this option).
Peace of mind
In less than a minute you can all-but guarantee the safety of your inbox from a phishing attack. With these safety measures in place, the only way a hacker could access your inbox would be if they had your mobile phone at the time the confirmation code is received in addition to your username & password.
Protecting the security of others
It isn’t just your own security you need to think of; it is the security of EVERY person you have ever corresponded with using a particular email address. If a phishing attack successfully breaches your mailbox, not only are hackers able to target your contacts with messages that could potentially defraud them out of significant sums of money (as per the examples above); they are also able to send messages that can extract the usernames & passwords from any of your contacts. One successful security breach can become an exponential problem in double-quick time.
The moral of the story…
Don’t be the one who lets the hackers in. Keep them out with two-factor authentication!
If you would like any advice on how to keep your data secure, speak to one of our team on 0121 663 0203
You may also like: 5 Easy Things you can do NOW to make your Business Safer from Hackers
About the Author
Andrew Woods specializes in IT infrastructure services and service management. He is currently Technical Director at Synium IT who help organizations operate efficiently and productively with appropriate, secure and reliable IT Systems.