Office 365 Migration

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents that we have been involved in over the past six months involve a hacker successfully phishing an employee of the company (most of the time someone who is an executive in the company) and then spoofing the Office 365 credentials box, so the victim puts his or her user name and password into the hacker’s spoofed O365 pop-up, allowing the hacker full access to the email box.

Once the hacker gets into the email box, he places forwarding rules in the email box so all emails that the victim receives are forwarded to his email account. That way, he can monitor the existing email account, and gain access to all new emails sent to the executive to try to figure out how to either implement a wire fraud scheme, a man in the middle scheme, or steal personal information of the victim or others if such information is flowing through the email traffic.

When the executive or the IT department discovers the incident, usually a forensic firm is hired to review the situation and try to figure out when the hacker was able to get into the system, what data was available, and if any information was ex-filtrated.

Almost every forensic analysis we have been involved in with an O365 incident comes to the same conclusion: the incident could have been prevented if multi-factor authentication had been utilized up front when migrating to O365. Following each O365 incident, the recommendation by the security experts is to implement multi-factor authentication. Learn from these other companies who have been victims of these schemes.

In addition, when the forensic firm requests the O365 logs, in only a few cases were we able to access the logs in order to determine the date the intruder was able to access the system. This is because apparently when companies implement O365, the auditing function for the logs is turned off by default, and the company has to manually turn the logging function on. Most companies have no idea that this is the case and assume that the logging is turned on by default and that the logs are or would be available for a security incident. This is not the case, so learn from these companies and turn the logging function on when migrating to O365.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide