Your Office 365 credentials are on the Dark Web. No sweat!
I just received an alert from my organization’s identity monitoring service stating one of my employee’s Office 365 email credentials were found on the Dark Web. Now let us get real for a minute. When the prince of Nigeria emails you requesting a transfer of $1000 dollars and provide your credentials, you help a brother out! But once you have provided all your personal information and your transfer is complete, it is probably prudent to change your password. So, in this case I will help the employee change their password, but I will wait until after they return from lunch.
Why, you ask, am I not overly concerned about getting the password changed before they return from lunch? Well, because I happen to know they have 1 simple slider option (Security Defaults) turned on in their Office 365 tenant. This option helps prevent the account from getting compromised by enforcing 2 REALLY impactful settings; it enforces multi-factor authentication and it blocks really old and insecure applications from accessing your Office 365 tenant.
*For those of you who do not know what multi-factor authentication is, it simply generates a code from your mobile phone on top of your password to provide an additional layer of security. That way if your password is stolen, the “bad guy” would also need your phone.
So now you know! 1 slider option that removes most of the stress of having a password compromised. The slider is not fool proof, but it allows you some time to go in and reset your password if it gets stolen. Microsoft’s telemetry tells us that 99.9% of organization account compromises can be stopped by simply using multi-factor authentication and that blocking old insecure applications correlates to a 67% reduction in compromise risk.
So what are you waiting for?!
Well, while the slider is enabled by 1 click, it will most definitely impact end users. You will need two groups of people involved: your IT team and your end users. Here is what will need to be done before turning it on.
- The IT team should verify you are not using any legacy versions of the Office suite below Office 2016 or that you have any outdated line of business applications or scanners utilizing email sending.
- You will want to coordinate turning on multi-factor authentication with your end users by making sure everyone has a smart phone and everyone is prepped with setup instructions once it is enabled.
With a basic plan, this can be fairly painlessly enabled and will immediately improve your organization’s security posture as it relates to your Office 365 tenant.
*Bonus Tip: If your email password is compromised, this will not protect you from a “bad guy” accessing other services where you have utilized the same password. It is best practice to utilize a password manager tool so that each website you use can utilize a completely different and complex password.
Let's Work Together!
Schedule a FREE Cybersecurity Consultation with one of our Specialists to learn more about how to improve your business’s security, and start taking action!