Meet Bob: A Story Of A Critical Security Breach With Microsoft Office 365

Who Is Handling YOUR Microsoft Office 365 Security?

Atlanta businesses are sold on Office 365.

Why?

Because Office 365 is the most comprehensive office productivity software on the planet.

But it’s more than “Office 365 is the best!” — Right?

• You’re using Office 365 because you like the scalability, automatic updates, and predictable budgeting of the product’s monthly subscription format.
• You’re using Office 365 because it was the natural progression from the older Microsoft Suite and your employees were already familiar with the individual applications.
• You’re using Office 365 because it makes collaborating inside your business and with companies across the globe a simple and painless experience.

To put things simply. You use Office 365 because it WORKS.

But what happens when it no longer works?

What happens when cybercriminals turn your Office 365 software against you?

Let’s face it.

Vulnerabilities exist in software.

Because Office 365 is so popular, criminals are constantly trying to find new ways to infiltrate companies by compromising their Office 365 instance.

Just Google “vulnerability of Office 365” and you’ll get 6,320,000 results. Sure, not all of those results are relevant, but how many pages would it take to convince you that you need a cybersecurity professional to oversee the protection of your Atlanta company’s Office 365 data?

Don’t Show Up Late To The Party!

The things you have to know about cybercrime is that hackers don’t fire a warning shot and that one minute too late in securing your business is just as costly as a month too late.

While you are trying to figure out what company to hire for your Office 365 security, someone is trying to figure out how to use your IT systems against you, your employees, your investors, and your customers.

Don’t show up late to the party. The Centerpoint IT team will put their IT professionals to work securing your Office 365 instance and protecting your workflow and investment.

Leaders Learn From the Mistakes of Others        

Recently, an Atlanta healthcare supply company reached out to Centerpoint. They were looking for some information on our Managed Security Services and Cybersecurity Services. The leader of the healthcare supply company – let’s call him “Bob” is a good guy, but to be honest, he takes a while to make a decision.

Knowing Bob’s personality, we gave him a ton of info and answered all his questions, then backed off to let him mull it all over.

We thought, “Let’s check back on Bob in a week, and see if he’s any closer to a decision about his company’s cybersecurity.”

It wasn’t a week.

It was five days later – a Wednesday.

Bob called the Centerpoint mainline all in a panic.

One of Bob’s business partners had opened a phishing email that contained a keylogger.

(For those of you that don’t know, a keylogger is a malicious software that bad guys secretly put on your computer so they can record every keystroke made on that device. This gives them access to — EVERYTHING!)

What did Bob’s cyber-attacker want?

The Office 365 login and password for this key member of the team.

By connecting to Office 365 using IMAP the hacker got busy and wrote a number of rules that sent out phishing emails to Bob’s customers.

Now here’s the deal.

Bob has some very sensitive relationships with high money clients that got sent these phishing emails.

It gets worse…

The hacker was able to make the emails he sent invisible to Bob and Bob’s team. Because of the rules the hacker had written in sending the emails, they didn’t even show up in the “Sent Mail” folder of Bob’s business partner.

It was as if the hacker was never there – but he was.

What tipped Bob off that something was going on?

Clients who had received the phishing emails wrote to confirm that the messages (and the information the emails contained) were from Bob’s organization.

The hacker was good – but just not quick enough. If he had been just a little bit quicker, his activity might not have been noticed at all.

The incoming messages from the clients came through just before the hacker closed the door to incoming emails from the people to whom he sent the phishing emails.

What do we learn from Bob?

Don’t wait.

The criminals aren’t waiting for you to build up your cybersecurity.

What Happened to Bob and His Office 365 Email Security Problem?

Centerpoint technicians reacted quickly when Bob called with his alarming news. We were able to determine the hacker’s activities, remove all the rules the hacker had written to cover his tracks, repair the damage done to their systems, and lock down their network, servers, computers, and cloud assets against future attacks.

Bob is now a very happy Centerpoint client.

He and his forty-six member team are able to communicate with their clients via Microsoft Office 365 securely and without worry about repeating the stress and pain of that very difficult Wednesday. Because of the fast response of the Centerpoint staff, Bob was able to ensure that his clients were protected from the malicious emails that were sent by the cybercriminal.

How Secure is Your Atlanta Business? Could a Hacker Use Your Office 365 Subscription Against You?

“Bob” may not be his name, but his story is true – every word.

The troubles that Bob and his company faced should be a cautionary tale for companies using Office 365.

Office 365 is an amazing set of tools.

But tools can be misused and utilized to cause harm if they end up in the hands of someone who is intent on doing damage.

Make sure your Office 365 instance is secure and that your clients are protected from a scenario like the one Bob’s company faced. Pick up the phone and call the Centerpoint team. We’d be happy to talk.

Want to read more helpful articles? We have them for you HERE.