Business email hacks are on the rise. The compromise of a single email account can give hackers access to an entire business network on which bad actors can move about laterally to phish inside and outside of the organization. It’s a relatively simple scheme with equally simple risk mitigation measures – but many businesses are still falling prey.
Some of those hit hardest in 2018 were organizations using Office 365, a popular cloud-based suite of subscription services offered by Microsoft.
“In 2018, we saw a huge increase in Office 365 breaches and business email compromises,” commented Linda Hamilton, client operations manager at Proven Data. “This is a trend we expect to continue in 2019, especially in the build-up to tax season.”
Global data recovery firm, Proven Data, provides ransomware assistance, data recovery and digital forensic services to companies worldwide. It works with insurers, brokers and individual companies to minimize downtime after cyber incidents and restore business functionality as quickly as possible.
“A common problem we come up against when dealing with Office 365 breaches is that businesses are not turning on the audit logging function,” Hamilton told Insurance Business. “This means that not all logs are being recorded, so when it comes to doing a post-breach investigation to see where the hackers went in the network and what they did, businesses don’t have the right logs.
“It’s also really important for businesses to turn on two-factor authentication for all of their business email accounts. It’s a simple, but essential step organizations can take to reduce their cyber risk in 2019, but it’s something that not all businesses are doing at the moment.”
Organizations are particularly vulnerable to email compromise attacks during the holiday season (when cybersecurity attention is lax) and the tax season. In the build-up to the tax season in 2018, there was a significant uptick in attacks where hackers sent phishing emails disguised as tax-related alerts to trick people into giving up their passwords.
Incidents like that highlight the importance of employee education, according to Hamilton. All it takes is one employee clicking on a bad email link and a business can find itself in seriously hot water. Advising staff to vet their emails and apply some sort of content filter are two things businesses can do to mitigate their risks.
“Business owners and risk managers should be coming up with cyber incident response plans for their business. As more data breach regulations are enforced, it has become really important for businesses to plan how they might respond to a ransomware attack or a data breach and to figure out who they should contact for assistance,” Hamilton added.
“It’s also beneficial for businesses to start putting checks and balances in place. For example, during the tax season, does your CPA (certified public accountant) change something in your bank account without calling you to double-check? When they do double-check, do they call you or will they just send you an email? If your email has been compromised, you could face serious financial loss if you don’t have appropriate checks and balances in place.”