Cloud-Based Email Compromises are Increasing: Here’s What Businesses Need to Know
Hacking an employee’s email gives a threat actor quick and easy access to that employee’s personal information and opens the floodgates to find out important information about their employer. To improve your businesses’ cybersecurity, we recommend that organizations purchase breach response coverage and also implement best practices for risk management.
Rose & Kiernan, Inc. uses Beazley Breach Response (BBR) Services for a large number of our clients. Recently, Beazley reported an increase in the number of business email compromises, particularly with cloud-based solutions such as Microsoft Office 365. Industries most affected are financial services, healthcare and professional services. The Beazley team says that based on their experience, most incidents are the result of an employee clicking on a link in a phishing email. The link redirects users to a legitimate-looking website where they are asked to provide their email credentials. From there, hackers are able to use this information for a variety of purposes.
It’s no secret that the public is demanding greater accountability for personal data. General Data Protection Regulation (GDPR) went into effect in the European Union on May 25th, 2018. Facebook is still handling the fallout from the Cambridge Analytica scandal, while Cambridge Analytica shut down their operations. Because of this, Katherine Keefe, global head of Beazley Breach Response Services, says businesses need to step it up against attacks. On the employee side, Beazley recommends organizations enforce strong password policies, educate employees on the risks of recycling passwords, alert about different types of scams and train all employees to be on the lookout for phishing attempts.
If your organization uses Office 365, Beazley provides additional recommendations to protect against attacks. Consider two-step verification – an extra layer of security that requires a user name and password, but also something else from a user, such as a code emailed or texted to them. In April, Microsoft introduced Microsoft Secure Score, a feature that gives organizations using Microsoft solutions advice on what controls to enable, shows how your scores compare to other organizations and allows you to rank based on your selected industry. The Security & Compliance Center allows you to audit your security settings; make sure you enable audit logging.
Incidents involving email compromises are increasing because they are easy for hackers to execute and allow them quick access to a lot of data about an employee (and the organization they work for). The advice provided can help protect a business from having their cloud-based email compromised.