Phishing attacks are on the rise, and they are targeting Microsoft’s flagship cloud-based products. According to a report by specialist data breach insurer Beazley, hackers have increased attempted and successful attacks on Microsoft Office 365, especially systems used by financial, health care, and professional services organizations. These attacks are deceptively simple, relying on employees and contractors falling for fake, yet well disguised, Microsoft communications, like a HelpDesk message or a survey. Once employees or contractors interact with these communications, they are prompted to enter personal information, which allows the hackers access to confidential information. This information allows the intruders to steal customer data, initiate bank transfers, and gain access to additional employees’ accounts. Microsoft 365’s default settings compound the dangers of these attacks because they decrease the ability to track how many accounts are compromised.
In light of these increasing attacks, companies should employ a two-pronged approach to mitigate the damage and potential costs of these attacks. First, companies should implement the latest data security best practices, including frequent password changes, dual-factor authentication, and employee training to spot fraudulent communications. Second, that preventative action should be paired with insurance that covers liabilities from potential breaches, making sure coverage extends to cloud-based systems and phishing attacks. The increased scrutiny from the public and administrative agencies drives increased liabilities in the event of a breach, and the simple nature of the attacks makes them easy to perpetrate and hard to defend. Making sure your insurance covers your cutting-edge technologies as well as attacks designed to compromise those technologies is essential to protect your company from these potential liabilities, which increase every day.