Why is my outlook account being access from overseas!!!

That was the question I got from one of my contacts this week.

Thankfully they were notified by Microsoft that someone else may have accessed their email account and they asked me to have a look into it.

When I delved into the security logs it found that the email account had been logged-in via web access.  This breach wasn’t just a single access from one location, instead the account was accessed several time over a couple days with connections coming from different countries.

At this stage, the damage is unknown, but who knows what will come from the breach in the future. These hackers have had unrestrictive access to the email account for days, potentially downloaded all the data and are sifting through it to see if there is anything they can use as blackmail or access other systems.

According to the Verizon Data Breach Investigations Report, over 80% of security breaches involve compromised passwords  https://enterprise.verizon.com/en-au/resources/reports/dbir/

We live in an era where our emails, files, social status, money, customers data is all accessible online, so we need to make sure that the systems and apps that we use are secure.

For business it is even more important to secure all apps and systems (secure the hatches so to speak). The business is the custodian of its customers information. When it comes to data breach compliance, there are strict laws around reporting of data breaches and potential penalties.

That takes us to the subject of Multi Factor Authentication (MFA) or commonly seen as Two Factor Authentication (2FA).

MFA adds an additional layer and a very important hurdle between a person or bot and the user access to the system.  Commonly the MFA layer uses SMS to push out a code or an authentication app that changes the code continually. The authentication app is generally the more secure path to take however any MFA is better then none.

Please use this as a timely reminder to:

  • Security audit all your accounts no matter the system or app or service.
  • Check to see if you can enable login security eg block logins after x number of unsuccessful logins.
  • Reset your passwords often.  Every year there are 1000’s of significant data breaches, some very large global companies have had their systems hacked and data stolen, at times this has included username/password data.
  • If MFA is available for that app or service, take the time to set it up now.
  • Check the alerting option of the system to see if alerts can be setup for suspicious activity or unsuccessful logins.
  • If you do get an alert, have someone check the security logs.
  • For business leaders, make sure that MFA is part of the security policy and that it is being enforced across the business.
  • Audit the processes and apps that are being used in the business to see if there are any security holes

Categories: ICT