Hacking in Your own Backyard!
By IT Alliance Group
Having compromised IT is way more common than you think. Often those that have been compromised have no idea they are. It is not just overseas companies that are targeted – it is literally in your own back yard from [Kaitaia to Invercargill]. We got our IT Alliance Team together to share some local stories below. Implementing 2FA is essential to combat these.
What is 2FA (2 Factor Authentication)?
2FA (or Multi-factor) authentication is a security mechanism that requires an individual to provide two or more credentials in order to authenticate your identity. For example, you may be required to enter a password as well as a text message code using an authorising app. Other forms of authentication might be a fingerprint or retinal scan. Yes, it can be a little more time consuming, but it can be a whole lot more time consuming and stress-inducing if you end up with a major security breach on your hands. It is especially important if you are implementing remote work or if you are a business (lawyers, accountants, medical professionals) that keep personal information about your clients. Especially since the new laws have been introduced surrounding this.
Cyber Attack in Northland!
“We had an incident today with a law firm in Northland. Like most people, they use Office 365. The hacker simply guessed the lawyers password. The hacker looked through the sent emails and found two customers who recently had been asked to pay house settlements. The hacker emailed both these people and asked them to pay the money into a different bank account instead. One of the customers rang to confirm the change as the English was poorly written. When we looked at the server records, we found they had logged in from Brussels overnight and emailed the two customers. It was such a close call.” – IT Alliance Member from Northland
2FA stops this attack in its tracks, if your password is guessed correctly by a hacker it then asks them to verify with the App on your phone that they are allowed to login. As they don’t have physical access to your phone they can’t get the needed access code.
We need to be clear – for almost all businesses today, having 2FA in place on your critical systems is not a nice to have; it is essential.
How to Get 2FA on your Microsoft 365
Getting 2FA is more simple than you think. Here is the step by step actions you need to take if you have a Microsoft 365 account.
Step 1: Download App on your smart phone – Microsoft Authenticator (Available in Apple Store or Play Store)
Step 2: We turn on 2FA (Two Factor Authentication) on your account
Step 3: When you login to portal.office.com it will ask you to setup 2FA with the Authenticator app on your phone
Step 4: Once every 6 months it will prompt you to confirm with the App, or if you login for the first time in a new location.
Our experience is that some businesses can implement 2FA on their 365 accounts largely by themselves, whereas others need help. Use your local IT support to help you come up with an implementation plan, and to ensure all your team feel supported throughout the change.
Cyber Attack in The Naki!
These types of attacks aren’t just happening in isolated cases. Here is another example of a similar situation.
“We had a client catch an attack shortly before it caused over $1.2 million dollars worth of damage! Essentially, the hacker got into the emails of the CFO and their key administrator. They looked through the sent emails and found correspondence regarding a large amount of money set to be deposited. The hacker then sent the administrator an email asking it to be transferred into a different bank account. It was extremely lucky that this particular administrator was a stickler for detail. The administrator picked up the phone and rang the CFO to check, saving the day! The client was SO lucky!”- Taranaki IT Alliance Member
Risks if you don’t implement 2FA:
It’s really important to understand what you are really risking if you don’t implement 2FA. We put together a simple checklist to help make it crystal clear what you might be signing up for by not taking actions today!
Damage to business reputation
Risk of sensitive information being stolen
Risk of blackmail if information is stolen
Risk to customers paying into wrong account
Time lost trying to recover from hacking
Your cyber insurance MAY NOT PAY OUT!
Need some help?
If you are a bit nervous about setting up your 365 2FA (look at all those acronyms!) reach out to your local IT Support provider.