Most people believe their emails to be secure, they will happily transact very important conversations wholly believing they are talking to the intended recipient. Man in the middle attacks are being used more and more, people hack into a users email using various means and then start to intercept certain emails. This might not be too much of an issue if you only email your friend Richard in Australia, but what if you are CFO and are responsible for paying certain invoices….. At the last minute someone you have been conversing with tells you about a bank details change, you think nothing of it as it has the person’s signature, refers to the campsite you had mentioned you are heading to that was mentioned earlier in the week and its been a busy week and you just want to get home and load the car. You send the payment and shutdown your laptop for the weekend, you have just sent 10k to that man in the middle….
At Fusion we have recommended that all our clients use 2FA for accessing Microsoft 365, this means that for someone to log into your account they must use a code sent via text or use Microsoft Authenticator app to finalise the logon. Unless the man in the middle has also hacked your phone then they are unable to progress even if they have worked out your password. Whilst we have recommended this we have ultimately left this to a client to decide if they want to take the risk, some people see 2FA as an inconvenience. Internally we now realise that to ensure complete adoption of this extra security feature we must change our approach and insist that 2FA is non negotiable, we are the trusted party and the client just needs us to do what’s right, you don’t often question anything a doctor recommends do you?
We are seeing more and more of these types of attacks, not only on our clients systems but also in the news, only in the last week the NHS was hit as was Advanced. These attacks are serious and go someway to show you how intelligent these criminals are and no matter what IT spend you have you can be a target.
So ask yourself do I get prompted to put in a secondary form of pin number every now and then when you access your email? If not the chances are you don’t have 2FA enabled and you are extremely vulnerable. Please contact your IT supplier / team or us. We recently surveyed a number of local firms in Brighouse and Huddersfield and out of the 22 that responded to our survey only 6 had 2FA enabled on their email systems.
It very easy to achieve using the built in Microsoft 365 2FA security, some clients may want a bit more and we help them install and configure a Cisco product called DUO Mobile. Please don’t leave this until its too late, act today.