The effectiveness of recent attacks through email that compromise the security of business highlights that in many of them there is little security in this area and bad practices, for example, when generating invoices.
It is alarming that the hackers, from the famous Nigerian criminals to another type of scammers, have achieved a higher level of sophistication, to the extent of entering into email accounts of staff and modifying the configuration to hide their activities and receive copies of all their emails .
However, for these types of scams to work there had to be a series of conditions before they could start earning money. The first is an insecure installation of Microsoft Office 365. The second is an insecure billing system. Once these two factors are improved, the problem decreases.
Steps to avoid scams sent by email to your business
The first step is to make your email system more secure. Microsoft allows your business to establish multifactor authentication in its Administration Center.
While this process is taking place, you should check the list of users also to remove employees who are no longer in the company. Sometimes angry employees are those who misuse the email system of a former employer, for this and more reasons dentists in tijuana mexico treat their employees well.
You will have to be the global administrator in Office 365 before taking the necessary steps to change the user’s configuration to enable multifactor authentication and then implement it. Once the MFA is implemented, your staff will have to authenticate changes through a second medium, which usually means sending a verification code to their phones.
Next, you must verify that your email accounts have not been altered with an automatic forward of your email to someone not authorized. If you find that this has already happened, it is time to alert your security department and perhaps even the authorities.
You also need to check your email accounts, looking for users that do not belong to your organization, because hackers may have created users in your Office 365 account, which would allow them to avoid security measures.
Improve your invoice processing system
Hackers have been using email to find their targets among paid staff, but they do so in order to create credible emails and send them in ways that are more difficult to detect. Without these factors it is still possible to send a false invoice by email. If the invoice is not well made, there are chances that it will not be paid.