There really is an app for almost everything — including one that cyber-criminals use to hack into businesses’ systems. Cyberattacks have become so advanced that they are now aided by an app, like this one that poses serious threats to Office 365 users. If you’re using Office 365, here’s what you need to know.

A phishing scam that harvests users’ credentials

The latest cyberattack on Microsoft Office 365 involves harvesting users’ credentials. Scammers use this previously unseen tactic by launching a phishing message to users, asking them to click on an embedded link. What makes this scam more insidious than traditional phishing scams is that the URL within the message links to a real Microsoft login page.

How does it work?

The phishing message resembles a legitimate SharePoint and OneDrive file-share that prompts users to click on it. Once they do, they are taken to an Office 365 login page where they will be asked to log in if they haven’t already.

After they’ve logged in, they’ll be prompted to grant permission to an app called “0365 Access.” Users who grant permission effectively give the app — and the hackers behind it — complete access to their Office 365 files, contacts, and inbox.

This technique can easily trick lots of users since the app that requests access is integrated with the Office 365 Add-ins feature. That means that Microsoft essentially generates the request for permission. No, Microsoft is not aiding hackers to breach systems. Rather, the scam is made possible by a feature that allows users to install apps that are not from the official Office Store.

Ways to protect your Office 365 account — and your business

Given their fairly advanced approach, these scammers could effortlessly prey on careless employees. There are ways to make sure that doesn’t happen.

  • Always check the email’s sender account before clicking on any link or granting apps access.
  • Implement a policy that prevents staff from downloading and installing apps that are not from the Office Store.
  • Regularly conduct security awareness training that covers essential cybersecurity topics. Educate employees on how to spot phishing scam red flags (e.g., unknown senders, grammatical and typographical errors, suspicious requests, and the like). Increase their knowledge about more sophisticated attacks and keep everyone informed about current and future cybersecurity risks.

Successful attacks could result in an unimaginable catastrophe to your company. For tips on how to spot this and other nefarious scams and how to plan thorough security practices, contact our experts today.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Today, Wi-Fi isn’t only crucial for your employees to get work done; it’s also a necessary amenity for your office guests. But there’s a right way and a wrong way to set up guest Wi-Fi, and the latter can result in a frustrating experience for you and your users. So, how do you set up your guest Wi-Fi properly?

Never give guests access to your primary Wi-Fi

Giving your guests access to your company’s main Wi-Fi connection might seem like a good idea, but you should avoid this at all costs.

Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. In addition, if any of your visitors’ mobile devices have been compromised, it’s possible that they can transmit malware to your entire network.

Ways to create secondary Wi-Fi for guests

If your router comes with built-in guest Wi-Fi support (you can check this feature through a quick web search), you can use it to create a separate “virtual” network. This means guests will have access to the internet without directly connecting to your company’s primary network.

If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to the internet, thus preventing any outsider from accessing your company’s private data.

Keep in mind that guest Wi-Fi still uses your ISP connection, so you should limit bandwidth usage on your guest network. Visitors streaming videos can slow down your internet connection, which can affect the productivity of your employees. With that in mind, you can even have your employees use the guest Wi-Fi on their mobile devices to minimize the chance of them hogging company bandwidth for personal use.

Remember, your guest Wi-Fi should only provide outsiders with internet access, nothing more. While the proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it, or if you simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE