One of the hottest sale items on the Dark Web are login credentials. Those user name and password combinations can get a hacker anywhere from $12 to $120 each, and Office 365 login credentials are among the most lucrative.
One of the most important best practices when it comes to cybersecurity is to ensure you’re using good password habits. If you’re working with outsourced IT services in Houston or another city, they’ll tell you that this includes using a strong password and not reusing passwords in multiple places.
But while most people know they should be more vigilant about password security, juggling the multiple login passwords used every day makes that a challenge.
Passwords are reused an average of 5 times each.
According to a password security report by the Ponemon Institute, 51% of people say that passwords are too difficult to manage. The conundrum is that there are so many different passwords people use daily, and making them all “strong” with a combination of letters, numbers, and symbols, makes them harder to remember.
But that user password is often the only thing standing between a hacker and all the data stored in your Office 365 account.
Once login credentials are hacked or stolen, hackers can do things like:
A newer scam that’s been seen on eBay is to sell a license for Office 365 for much less than the list price using stolen login credentials to access it, which gives cybercriminals even more reason to go after Office 365 passwords.
How do you balance needing to secure your Office 365 account with the difficulty in managing user password security? The answer is using multi-factor authentication (MFA).
Multi-factor authentication is a setting in Office 365 (and multiple other cloud services) that you can turn on for all users. Once turned on, it will require users to set up MFA and link it to their mobile device or another code delivery method.
MFA requires another factor of user authentication to ensure that the person is authorized to access an application.
There are three main factors of authentication:
Unless multi-factor authentication (also referred to as two-factor authentication) is enabled, then a system is just using a single factor to approve a login, which is the username/password.
When you enable MFA in Office 365, once a user logs in, they’re then sent a code to their phone, which has to be entered to complete login and gain access. This greatly reduces the chance that a hacker can breach your system with a stolen password because they won’t be able to get past that second authentication factor.
Google did a study on how well adding a second factor of authentication worked, and the results showed that it significantly reduced the chance of a data breach.
Their findings showed that enabling MFA and using an SMS code for the second factor:
When an on-device prompt was used for the second factor instead of SMS, the number rose to 90% of targeted attacks blocked.
Office 365 has become the most popular cloud service by user count, which makes it a big target for hackers looking to steal and resell credentials, access sensitive information in cloud storage, or use its email capabilities to send out millions of spam messages from your organization’s domain.
The popularity of Office 365 has given rise to phishing scams that are specifically targeting platform users and admin users. These include:
Multi-factor authentication adds an important layer of security that protects your accounts even if a user login has been breached and helps you ensure account security despite poor password practices and the ongoing barrage of Office 365 phishing attacks.
Are your cloud services at risk of a breach? Don’t leave your data at risk, Digital Crisis offers expert Houston IT services, including ensuring the security of your Office 365 accounts and any other cloud solutions you use.
Contact us today to make sure your accounts are protected. Call 713-965-7200 or reach us online.
