Scenarios

What To Do if Office 365 is Hacked

You are probably well aware that your computer can be hacked via fraudulent websites or by downloading software and apps from unverified sources. Did you know that legitimate programs on your computer can be hacked by cybercriminals? That includes Microsoft’s widely used Office 365. If you suspect your Office 365 suite has been hacked then there are a number of steps to take to protect yourself.

Check the computer’s security

Verify that the computer that you suspect has been hacked has up-to-date antivirus and anti-malware software installed and running.  If there’s no malware protection then now’s the time to install some.  Free malware protection programs can be downloaded from the Microsoft Protection Center website.  Another application you can download from Microsoft to scan your computer for malware is the Malicious Software Removal Tool.

If you encounter any problems, or if you suspect that these measures haven’t worked, then Microsoft offers additional help, with a series of Advanced Troubleshooting steps you should follow.

Reset the password for Office

Changing the password is vital to secure the account against further raids by cybercriminals. Note that it will also end any active session(s). Again, check the Microsoft webpage Admins: Reset a password for one or more users in Office 365, which tells you how to reset a password for one or more users.

Reconfigure delegate access

Allowing another user access to your emails or calendar is known as delegation. This is sometimes used by hackers to gain ongoing access to your computer. Follow the steps that Microsoft outlines on how to configure delegate access in Outlook: Configuring delegate access in Outlook Web App

Review and reconfigure mail forwarding rules

As with delegation, this feature of Outlook can give hackers ongoing access to your email.  You will need to disable mail forwarding rules to external domains and global mail forwarding, as well as eliminate any bogus forwarding rule that might have been created by the cybercriminals who have accessed your machine.

• You may need to go further here, especially if the account that’s been compromised was locked for changes except by an administrator. Check out Microsoft’s advice on mail forwarding when using Exchange and Office 365: Exchange and Office 365: Mail Forwarding

Maximize your security with multi-factor authentication (MFA)

With MFA anyone seeking access needs to use more than one verification method to get into the system. This makes it much harder for cybercriminals to breach your defences and compromise the account.  Microsoft’s articles on mail forwarding and Azure Multi-Factor Authentication will provide you with the information you need to set it up: Exchange and Office 365: Mail Forwarding and What is Azure Multi-Factor Authentication?

Rethink your password complexity and check password expiration dates

Make it difficult for hackers by using strong passwords (for example, passwords that include at least one capitalized letter and one number) and setting the password expiration policy.  This is even more important if you don’t use MFA.  To do this, run this PowerShell command:…..

Activate mailbox auditing and monitor the audit log

If you enable mailbox auditing then you will be able to review user activity and identify any unusual activity.  To turn on mailbox auditing and learn how to identify anomalous activity, check out Microsoft’s blog posts on these topics: Using Office 365 activity data to improve your Cybersecurity stance and capability and Finding Illicit Activity The Old Fashioned Way

Train Users in Security Awareness

Making sure people who have access to programs such as Office 365 (and other software) are educated about how hackers and cybercriminals operate, and make sure that they’re aware of the signs of suspicious activity. User awareness of scams like spear phishing and ransomware is a key defense against cybercrime.

Want more? Check out some of our reviews