Security Data Items
Information below is in relation to security data to be included in the notification emails sent to end-users in the Voleer Office 365 Targeted Security Notifications.
Including this will show if the end user username and/or password has been part of a reported data breach. Given that 65% of people* use the same username/password combination for all accounts, any end user account that has been part of a reported breach should be reviewed. These includes accounts across other SaaS products as well. *2019 online survey by Google.
New or Updated Inbox Rules
Including this will list any new or updated inbox rules in the account. Attackers in a bid to get access to sensitive information may create inbox rules to forward information to an account they have access to (compromised internal or account or external)
Including this will list any emails send with a ‘large’ number of recipients. Once an attacker has breached an account, they may send out mass phishing emails in a bid to gain access to other accounts.
Countries with Successful Sign-ins
Including this will list the locations that have had successful sign-ins into the account. Activity possibly indicating a breach are sign-ins from locations where the user hasn’t been. For example, a US based employee with sign-in records from Russia. Note that sign-ins are from Microsoft data center locations, as such, an office based in Seattle may have sign-in locations logged from Wyoming.
Full Access, Send-As and Send-On-Behalf Including this will list access to or access from other accounts. Attackers move between accounts in an attempt to reach high value accounts such as IT Administrators or C-level accounts. Using different accounts to send highly crafted phishing emails to the target accounts is one such method.
New and Existing Devices
Including this will list new and existing mobile devices associated with an account. With mobile phones being replaced almost every 2 years, ensure to remove corporate data from older devices before they get 'recycled'.
New Administrative Roles
Including this will list new administrative roles added to an account.