Office 365 or User and E-mail Account Breach Advisory Header Image

Office 365 or User and E-mail Account Breach Advisory

GDPR

 

It is your responsibility to report a data security breach to the Information Commissioners Office (ICO), based on the guidance provided by the Information Commissioner. Impact Computing does not provide guidance on whether a breach should be reported.

 

Fraud, Cyber Crime and Phishing Attempts

 

Where you have been the victim or fraud, cyber-crime or a phishing attempt, you can report it to the police using the following site: Action Fraud UK Police Report. We advise with any security incident that you also inform your bank.

 

Office 365 or User/E-mail Account Breach

 

In the event you are the victim of an e-mail or user account security breach, please keep the following points in mind:

 

What you need to do:

  • Keep in mind that an unauthorised 3rd party has possibly had access to all your confidential data, including e-mails and attachments, contacts, files, and financial information, though this is not an exhaustive list. Consider the risks and what the unauthorised party could do with this information.
  • Ensure that any passwords that are reset as part of this breach follow our best practice guidelines for setting passwords.
  • Remind all staff to be security vigilant and ensure e-mail security awareness is part of your induction process for new staff. Please see E-mail Fraud Security Warning for End Users.
  • Pay special attention to any e-mail user receive which asks, or has links that ask, for usernames and password

 

What we will do:

  • We will perform an immediate reset of all passwords on services that we look after for you.
  • We will run a number of predefined checks on your Office 365 accounts to ensure they are secure to our baseline standards.

 

What you should be aware of:

  • We recommend contacting your bank to discuss the potential impact of the account breach.
  • As per your contract, investigation and remediation of these type of events are chargeable by Impact Computing on an hourly basis.
  • Where accounts were breached due to financial, whaling, or Phishing, please see in our article for financial whaling or phishing
  • We recommend turning on two factor authentication for logon to Office 365 services - please contact us to discuss implementing this.
  • We can offer additional paid for Office 365 services, in particular Advanced Threat Protection, that will improve security for your entire organisation - please contact us for details.
  • In instances where the breached account sent out e-mail/malicious content to your clients, we recommend contacting a solicitor to assess your responsibilities, especially in relation to GDPR. Impact Computing cannot advise you on your legal obligations in relation to security breaches.