Hacking in Your own Backyard!

Hacking in Your own Backyard!

By IT Alliance Group

Having compromised IT is way more common than you think. Often those that have been compromised have no idea they are. It is not just overseas companies that are targeted – it is literally in your own backyard. We got our IT Alliance Team together to share some local stories below. Implementing Multifactor Authentication is essential to combat these.

What is MFA (Multi-Factor Authentication)? 

Multi-Factor Authentication is a security mechanism that requires an individual to provide two or more credentials in order to authenticate your identity. For example, you may be required to enter a password as well as a text message code using an authorising app. Other forms of authentication might be a fingerprint or retinal scan. Yes, it can be a little more time consuming, but it can be a whole lot more time consuming and stress-inducing if you end up with a major security breach on your hands. It is especially important if you are implementing remote work or if you are a business (lawyers, accountants, medical professionals) that keep personal information about your clients. Especially since the new laws have been introduced surrounding this.

Cyber Attack in Northland!

“We had an incident today with a law firm in Northland. Like most people, they use Office 365. The hacker simply guessed the lawyers’ password. The hacker looked through the sent emails and found two customers who recently had been asked to pay house settlements. The hacker emailed both these people and asked them to pay the money into a different bank account instead. One of the customers rang to confirm the change as the English had been poorly written. When we looked at the server records, we found they had logged in from Brussels overnight and emailed the two customers. It was such a close call.” – IT Alliance Member from Northland

MFA stops this attack in its tracks. If your password is guessed correctly by a hacker it then asks them to verify with the App on your phone that they are allowed to login. As they don’t have physical access to your phone they can’t get the needed access.

We need to be clear, for almost all businesses today, having MFA in place on your critical systems is not nice to have; it is essential.

Our experience is that some businesses can implement MFA on their 365 accounts largely by themselves, whereas others need help. Use your local IT support to help you come up with an implementation plan, and to ensure all your team feel supported throughout the change.

Cyber Attack in Taranaki

 These types of attacks aren’t just happening in isolated cases. Here is another example of a similar situation.

“We had a client catch an attack shortly before it caused over $1.2 million dollars worth of damage! Essentially, the hacker got into the emails of the CFO and their key administrator. They looked through the sent emails and found correspondence regarding a large amount of money set to be deposited. The hacker then sent the administrator an email asking it to be transferred into a different bank account. It was extremely lucky that this particular administrator was a stickler for detail. The administrator picked up the phone and rang the CFO to check, saving the day! The client was SO lucky!”- Taranaki IT Alliance Member

Risks if you don’t implement MFA:

It’s really important to understand what you are really risking if you don’t implement MFA. We put together a simple checklist to help make it crystal clear what you might be signing up for by not taking actions today!

  • Damage to business reputation
  • Risk of sensitive information being stolen
  • Risk of blackmail if the information is stolen
  • Risk to customers paying into the wrong account
  • Time and money lost trying to recover from hacking
  • Your cyber insurance MAY NOT PAY OUT!

Need some help to Get MFA on your Microsoft 365?

If you are a bit nervous about setting up your 365 MFA (look at all those acronyms!) reach out to your local IT Support provider. You can give us a call on 06 769 9907 or contact us here to get started.

Leave a Reply