Chinese, North Korean, and Russian hackers heavily targeted small business Office 365 (O365) environments over the past few months. Brute force attacks from servers all over the world were used in an attempt to gain administrative access. Once in, the hackers set up mail rules to get copies of all senior executive emails, set up applications to solicit and accept monies, and used spoofed email addresses to contact customers and suppliers to reroute payments.
Small businesses can proactively and easily use an Office 365 function to defend against these types of attacks: Multi-Factor Authentication (MFA). This is the same as dual authentication offered by banks and a security feature we have written about before. Log into an account as normal, then receive a text to an authorized cell phone with a six-digit access code.
To turn on Multi-Factor Authentication:
- Log into https://www.Office.com as an admin
- Choose Admin Centers
- Choose Azure Active Directory
- Choose Users from the sidebar
- Choose Multi-Factor Authentication in the top bar
- Select all Admin Accounts (click each checkbox)
- Select Enable from the right-hand side
Desktop – Next Steps:
- Log into the O365 account at https://www.Office.com
- Make sure the cell phone number is correct
- Log in for the first time
- Keep a copy of the long password the MFA application creates (write it down)
- Use the long password to log into Skype for Business and Outlook on the desktop:
- You will be automatically prompted for this login
- Choose one of the other Office products to log in:
- Open an Office product (Word, Excel, etc.)
- Choose File
- Choose Account
- Log in again under “User information”
- Enter the six-digit access code sent to the associated mobile device
Mobile – Next Steps:
- Re-log into Skype using the long password the MFA application creates
- Re-log into Outlook using the normal password. Enter the six-digit access code sent to the device
- Special note: Older iPhones and some Android phones require a slightly different login. If you need help, contact EVAN.help and someone can assist you in this process.
Multi-Factor Authentication will stop brute force attacks cold. Not using this feature creates unnecessary risk for small businesses. EVAN.help stands ready to help small businesses understand, set up, and use Multi-Factor Authentication to protect their Office 365 environment.
EVAN is more than just a great source of technology information; we have Master Certified Professionals waiting to meet your IT needs right now.