Let’s talk email security and one simple trick that I always recommend to my customers when discussing their email or online accounts. The first question I always ask my clients “If I have access to your email, what else can I get access to?” Many times, my clients say “Eh, mostly correspondence with employees and customers.” This normally leads into a tangent of what an attacker can do if they leverage your email account. That tangent always involves the discussion of lateral movement – what can I get to if I pretend to be you? Can I authorize your accounts payable employees to send me a check for thousands of dollars for “product I sold you?” Ever use your email account to reset your account password for your bank account? Hopefully those two examples got you thinking from a hacker’s perspective.

Many times, my clients tell me they have great password 8 to 10 characters long and they keep them secure. Essentially, doing all the right things with password management but sometimes your password still just makes it out there through forms of social engineering, phishing, or database breaches. That’s why the best authentication has two forms of authentication:

1. 1. 1. Something you know – a good password
      2. Something you have – a key card or a verification text to your cell phone to prove its you

This is known as 2FA or MFA. Two factor authentication or multifactor authentication. Implementing MFA on your online accounts can do wonders for keeping your accounts secure. When someone trying to access your account tries to login, they will hit a brick wall since they do not have access to your phone or your finger print.

So how do you enable MFA on your accounts?

All mainstream platforms that are worth their weight should offer MFA. The steps below are to enable MFA on a few platforms we see a lot of our clients using.

Microsoft 365

New Office 365 tenants will have MFA enabled by default. If your organization does not have MFA enabled you can ask your IT administrator to enable MFA for your account. You can enable it on your account yourself by following these steps

1. Log into office.com and click your account icon in the top right of the screen.
2. Select view account
3. Under security info select update info.
4. Add sign-in method
5. Choose a method that works best for you. I recommend phone as it can be the easiest.

Google Account

1. Log into your google account.
2. Navigate to https://myaccount.google.com/security
3. Under Signing in to Google Select 2-Step Verification
4. You will be prompted to enter your password
5. Enter your phone number and select Text message. Select next
6. Enter the code texted to your phone to verify
7. Click turn on

Facebook

1. Sign into your Facebook account.
2. Click your profile picture in the top right of the screen and select settings & privacy
3. Click settings
4. On the left side of the screen select security and login
5. Under Two-factor authentication select use two-factor authentication.
6. Select a security method. Text message tends to be the easiest
7. Enter your password
8. Enter your phone number and click continue
9. Enter the verification number sent to your phone

Let recap

Some would argue that MFA, 2FA, etc. Takes to much time and it can be a hassle. I would agree with that, it definitely takes a few extra clicks and a little more effort to access your data. But that’s the point! Whether you want to believe it or not, email compromises have led to real issues. I have seen where email compromises lead to a wire transfer of well over 6 figures simply by an attacker taking over a mailbox. It’s a costly mistake and it is definitely worth taking the extra time to sign-in to your accounts.

Not sure if your company is using best practices? Has your email been hacked? Call us to see how we can help!

By Jake Sears – Engineer, CCNY Tech

CCNY Tech has been in business since 1988 and has built many long term relationships with companies, universities and other organizations by providing great value and outstanding customer service. Call CCNY Tech at 1-800-566-4786 or fill out the Contact Us form to learn how we can improve your IT requirements.