Our partners at NetDiligence / eRiskHub have published the following article regarding Microsoft 365®.
Cyber criminals are increasingly using weak Microsoft 365® (formally called Office 365) security configurations to obtain/falsify the credentials of legitimate organizational users, and then use them to ill effect via Business Email Compromise (or “BEC”) attacks.
BEC attacks tend to involve various types of fraudulent activity, and often include wire fraud where employees are convinced (by email impersonators) to send funds to the bank account of the attacker. These types of incidents represent a continuing source of monetary loss for the victimized companies, as well as their cyber insurance carriers.
Organizations can use the recommendations in this Advisory to harden their Office 365 platform services for improved resistance to BEC attacks.
When your organization moves its traditional in-house IT applications (including email) to a commercial cloud-hosted offering, you need to be keenly aware of the new “division of labor” that exists between your IT administrators and the application-hosting vendor regarding who is responsible for implementing effective cyber security practices. A primary responsibility that remains with your team is the proper configuration of end-user account protections and access control requirements.
Microsoft 365 (“M365”) is a popular platform of hosted office applications used by business organizations of all sizes. Microsoft offers a wide range of security configuration options designed to enhance the protection and privacy of company data. Unfortunately, a sizable percentage of M365 corporate clients fail to properly configure these additional protections.
The frequency and severity of data breaches for companies using M365 have recently become so serious that the U.S. government has issued specific guidance to encourage companies to strengthen their M365 configurations. In direct response to the recent work-from-home trend spawned by the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security has now published eight (8) detailed recommendations.
To read the full article from NetDiligence / eRiskHub please click here.
Make Sure Your Financial Institution Clients Have the Right Coverage!
Contact any one of the FI insurance experts below for help in making sure your FI customers have the right coverage from a strong, stable company!
Northeast Region Jeanne Shrum 207-415-4587 [email protected] |
Southeast Region Scott Mynatt 770-495-5967 [email protected] |
Midatlantic Region Dave Cassel 443-987-8619 [email protected] |
South Region Scott Harris 512-800-5393 [email protected] |
Midwest Region Sean Gleason 312-469-6990 [email protected] |
Northwest Region Pete Verretto 206-802-3076 [email protected] |