IMPROVING SECURITY FOR MICROSOFT 365® Mitigating Business Email Compromise (BEC) Issues Related to Insecure Microsoft 365® Environments

« Back to Blog

NetDiligance Logo eRiskHub alert
Our partners at NetDiligence / eRiskHub have published the following article regarding Microsoft 365®.

Cyber criminals are increasingly using weak Microsoft 365® (formally called Office 365) security configurations to obtain/falsify the credentials of legitimate organizational users, and then use them to ill effect via Business Email Compromise (or “BEC”) attacks.

BEC attacks tend to involve various types of fraudulent activity, and often include wire fraud where employees are convinced (by email impersonators) to send funds to the bank account of the attacker. These types of incidents represent a continuing source of monetary loss for the victimized companies, as well as their cyber insurance carriers.

Organizations can use the recommendations in this Advisory to harden their Office 365 platform services for improved resistance to BEC attacks.

When your organization moves its traditional in-house IT applications (including email) to a commercial cloud-hosted offering, you need to be keenly aware of the new “division of labor” that exists between your IT administrators and the application-hosting vendor regarding who is responsible for implementing effective cyber security practices. A primary responsibility that remains with your team is the proper configuration of end-user account protections and access control requirements.

Microsoft 365 (“M365”) is a popular platform of hosted office applications used by business organizations of all sizes. Microsoft offers a wide range of security configuration options designed to enhance the protection and privacy of company data. Unfortunately, a sizable percentage of M365 corporate clients fail to properly configure these additional protections.

The frequency and severity of data breaches for companies using M365 have recently become so serious that the U.S. government has issued specific guidance to encourage companies to strengthen their M365 configurations. In direct response to the recent work-from-home trend spawned by the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security has now published eight (8) detailed recommendations.

To read the full article from NetDiligence / eRiskHub please click here.

Improving Security for Microsoft 365

Make Sure Your Financial Institution Clients Have the Right Coverage!

Contact any one of the FI insurance experts below for help in making sure your FI customers have the right coverage from a strong, stable company!

Northeast Region
Jeanne Shrum
[email protected]
Southeast Region
Scott Mynatt
[email protected]
Midatlantic Region
Dave Cassel
[email protected]
South Region
Scott Harris
[email protected]
Midwest Region
Sean Gleason
[email protected]
Northwest Region
Pete Verretto
[email protected]

“News You Can Use” E-Blast

Sign up for the latest news from Berkley Financial Specialists.

Let us know how
we can deliver for you!

[email protected]