Cloud and Office Suite(s)
Anything hosted in the cloud can be subjected to a number of attacks. One of the most prevalent is Business Email Compromise (BEC). This typically occurs when one of your organisation’s users is targeted with a phishing email that is intended to steal their username and password for the Office suite (Google G Suite or Microsoft Office 365 etc).
Securing these services involves a combination of a number of things:
- Training your people to detect and report phishing attacks
- Implementing strong Authentication (see MFA below) wherever possible
- Being vigilant and periodically reviewing Cloud Access Logs for signs of unexpected activity or abuse
Strong Authentication
Multi-Factor Authentication (MFA) enhances security by combining something we know (i.e. a username and password) with something we have (such as an SMS with a code or rotating number etc.)
The combination of these things helps to make it more difficult for an attacker to simply obtain (through Phishing or other forms of trickery) a password and then use it. Without this second factor of authentication, the attackers access will usually be prevented.
Most modern platforms have options to implement this. Below are a few links as examples:
Recovery Accounts and Codes
As with all technology, there are things that can go wrong. Having recovery accounts and codes can enable you to regain control of a compromised account or service.
Using a password manager such as 1Password can be a secure and convenient way of storing these account recovery codes against a potential disaster.