How to make my Office 365 account unhackable

Two Factor AUthentication

How to make my Office 365 account unhackable

Two Factor Authentication Graphic

The security of personal data is important to everyone, and yet most people leave themselves exposed to criminals every time they access their inbox. In this article we will explain just how simple it is to eliminate the threat from some of the most common types of attack and explain how to secure your Office 365 account.

Two-factor authentication

It may sound like technical jargon, but the concept is no different to double-locking your front door. Two-factor authentication is quite simply a secondary layer of security you need to pass through in order to access an email inbox, i.e. in addition to a username & password, you would need to input a time-sensitive code you have just received in a text message.

This secondary layer is the all-important failsafe you need to keep your account secure, and it works even if hackers have managed to obtain your username & password in a phishing attack. Phishing attacks are an everyday occurrence that literally anybody can fall victim to, but as we will explain, Office 365 can be easily adjusted to make sure you don’t become a victim yourself.

What is a phishing attack?

A phishing attack is designed to trick users into giving away their username & password to hackers who will then attempt to use their inbox as a means to commit crime (usually fraud). It’s very easy for a user to be tricked into giving away these details, i.e. by inputting their login details on a fake portal that looks identical to the real login page for their mailbox. It can even be as simple as downloading one malicious email attachment.

By obtaining a username & password, criminals can send emails to any address in a user’s inbox pretending to be the ‘real’ person. A breach like this is particularly dangerous for a company inbox that might contain multiple correspondence relating to invoice payments, but even for a personal user, it’s likely at some point they would have used their email address for financial correspondence that could contain sensitive information. Using a company as an example, access to an inbox would enable hackers to send an email to a client stating that all future invoice payments should go into a new bank account (controlled by the hackers).

The horror stories

Even globally renowned institutions have fallen victim to phishing attacks, and the numbers are staggering. Italian football club Lazio paid out £1.75m to fraudsters who purported to be another football club who were owed a transfer fee for a player. Like in the example above, it was as simple as hackers sending an email from a domain familiar to the victim and advising a rogue bank account for payment. Even more surprising was the news that both Google and Facebook had been conned out of $100m by a trickster who impersonated one of their major suppliers.

The UK National Audit Office has stated that online fraud cost consumers £14.8bn in 2016, and that over a third of that sum is thought to be from mass-marketed online crimes such phishing.

The solution

Thankfully it is easy to protect you and/or your business from phishing attacks if you use Office 365. Synium can help you set up Two Factor Authentication for you, just give us a call on the Helpdesk and we will set it up.

Once activated, you will be given the choice of what you would like to use as your second layer of security (either via Text, or by using a separate app on your phone – which is the recommended method).

Microsoft will recommend their own authentication app for Windows Phone, iOS or Android, but this is not compulsory. You may wish to use another authenticator app such as Authy or Google Authenticator (in which case you would select “other”), or you may wish to not use an app at all and instead receive an SMS message to your phone (use the dropdown menu highlighted above to select this option).

Peace of mind

In less than a minute you can all-but guarantee the safety of your inbox from a phishing attack. With these safety measures in place, the only way a hacker could access your inbox would be if they had your mobile phone at the time the confirmation code is received in addition to your username & password. 

Protecting the security of others

It isn’t just your own security you need to think of; it is the security of EVERY person you have ever corresponded with using a particular email address. If a phishing attack successfully breaches your mailbox, not only are hackers able to target your contacts with messages that could potentially defraud them out of significant sums of money (as per the examples above); they are also able to send messages that can extract the usernames & passwords from any of your contacts. One successful security breach can become an exponential problem in double-quick time.

The moral of the story…

Don’t be the one who lets the hackers in. Keep them out with two-factor authentication!

If you would like any advice on how to keep your data secure, speak to one of our team on 0121 663 0203

Learn more about how to keep your business’ IT safe with our full suite of IT Security solutions.

Two Factor Authentication Graphic

(Thanks to Jethro Seghers for the image in this article)

Simon Tonks
simon@synium.co.uk

Owner and MD of Synium who loves his job, his life and the wondrous outdoors - especially when on a golf course, or a bike of any kind (but preferably on a mountain bike going downhill fast).Please get in touch if there is anything IT related I can help you with (or if you want to talk golf or bikes :-)