IMPROVING SECURITY FOR MICROSOFT 365® Mitigating Business Email Compromise (BEC) Issues Related to Insecure Microsoft 365® Environments

« Back to Blog
NetDiligence eRiskHub Alert logos

Our partners at NetDiligence / eRiskHub have published the following article regarding Microsoft 365®.

Cyber criminals are increasingly using weak Microsoft 365® (formally called Office 365) security configurations to obtain/falsify the credentials of legitimate organizational users, and then use them to ill effect via Business Email Compromise (or “BEC”) attacks.

BEC attacks tend to involve various types of fraudulent activity, and often include wire fraud where employees are convinced (by email impersonators) to send funds to the bank account of the attacker. These types of incidents represent a continuing source of monetary loss for the victimized companies, as well as their cyber insurance carriers.

Organizations can use the recommendations in this Advisory to harden their Office 365 platform services for improved resistance to BEC attacks.

When your organization moves its traditional in-house IT applications (including email) to a commercial cloud-hosted offering, you need to be keenly aware of the new “division of labor” that exists between your IT administrators and the application-hosting vendor regarding who is responsible for implementing effective cyber security practices. A primary responsibility that remains with your team is the proper configuration of end-user account protections and access control requirements.

Microsoft 365 (“M365”) is a popular platform of hosted office applications used by business organizations of all sizes. Microsoft offers a wide range of security configuration options designed to enhance the protection and privacy of company data. Unfortunately, a sizable percentage of M365 corporate clients fail to properly configure these additional protections.

The frequency and severity of data breaches for companies using M365 have recently become so serious that the U.S. government has issued specific guidance to encourage companies to strengthen their M365 configurations. In direct response to the recent work-from-home trend spawned by the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) within the U.S. Department of Homeland Security has now published eight (8) detailed recommendations.

To read the full article from NetDiligence / eRiskHub please click here.

Improving Microsoft 365 illustration

Make Sure Your Clients Take a Proactive Approach To Protecting Their Business Should a Loss Occur

Berkley Crime logo

Make sure your clients have crime insurance. Take the steps to ensure that your clients are covered by calling one of the Berkley Crime team members listed below.

Michael Beranek
Berkley Crime

Experts focused on your protection.
We deliver.

National Practice Leader
Michael Beranek
(501) 707-6548
[email protected]
Adam Pardi
(212) 497-3704
[email protected]
East Regional Manager
Matt McNamara
(212) 497-3707
[email protected]
West Regional Manager
George Pierce
(917) 747-1141
[email protected]
Patricia Logan
(212) 497-3708
[email protected]
Amanda VanCauwenberge
(312) 730-1101
[email protected]
Cheryl Yorio
(860) 466-7379
[email protected]
Everton Barrington, FLMI
(302) 281-6137
[email protected]
Alexander Doerflein
(212) 497-3724
[email protected]
Jenn Delatorre
(972) 719-2473
[email protected]
Lydia Fulmer
(410) 372-6355
[email protected]
Ben Zubrowski
(410) 372-6322
[email protected]

“News You Can Use” E-Blast

Sign up for the latest news from Berkley Crime.

Let us know how
we can deliver for you!