FSB Cyber Protection: Phishy business

Blogs 26 Nov 2020

When a phishing attack exposed sensitive information for an FSB member, FSB Cyber Protection we able to help

All names and details have been withheld to protect identities

What happened?

An FSB member reached out to the FSB Cyber Protection helpline looking for assistance following an incident in which an email account had been hacked, allowing the attacker to access a significant amount of HR information.

The incident had occurred following a migration of the HR departments systems from on premises to the cloud and ported to Office 365. Some of these systems had weak passwords attributed to them which had never been intended to be assigned to accounts accessible off premises, and exploiting this had allowed the attacker to gain access. They had specific questions around the forensic abilities that Office 365 had in order to understand the extent of the attack.

What did FBS Cyber Protection do?

Our helpline informed the member that Office 365 does have event logging capabilities, and advised them to reach out to Microsoft Support to ensure that this had been enabled on the account.

We advised the member to change all passwords attached to the account and enable two factor authentication to ensure that future incidents can be mitigated.

What was the outcome?

FSB Cyber Protection armed the member with all the necessary advice and expertise necessary to enforce preventative measures against similar attacks going forward, including changing passwords, enabling two factor authentication and performing a full audit of accounts.

If you’re concerned about your email security, you can read our guide to protecting yourself against phishing scams.


Your best defence against cyber-attacks

Protect against unseen threats. Help your business stay in the clear with cyber security support and advice you can trust, backed up by cyber insurance designed for small businesses.