Data security in Office 365 depends on employee attention (Remote Working)

Once you work from home (working remotely) has become indispensable for many companies, banks si institutions, the strategy of cyber attackers has also changed.
Microsoft warns that more and more have appeared malicious applications concerning the accounts Office 365, and the method of OAuth token security is canceled if the user accept the access of such applications to the account Office 365.
It is a phishing method "Fashionable" in this period, which is based on inattention and ignorance of users.
An e-mail is sent contains a link to an "interesting" application, which at first glance does not arouse suspicion. Moreover, it can come as an installation recommendation from the company or bank where the user is employed.
But if the user falls into the trap and gives the application access to Microsoft Office 365, in the future that application will no longer be blocked by OAuth. They can hide behind applications API through which numerous queries can be made to the account Office 365. Account from which attackers can obtain confidential information and extract sensitive data using the application, without the user noticing this.

Everything works on the same system through which in the past the applications from Google Play for the "flashlight" requested access including the contact list. Once the user's permission was received, the application could transport confidential data to third-party malicious sources in the background.
Facebook has also faced such problems in the past, when third-party applications had access to more data than they needed, data that turned out to be sold to various communications agencies.

Regarding the users of Microsoft Office 365 who works from home these days, it is good to know that any mail received inviting you to install an application for Office 364, must be checked in advance by an IT department. Only after this department gives its approval, the application can gain access to your account Office 365.

The best protection against phishing is always user caution. Links and applications received by e-mail and opened or installed without verification can cause large data loss and compromise careers.

Passionate about technology, I enjoy writing on since 2006. I have a rich experience in operating systems: macOS, Windows, and Linux, as well as in programming languages and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, PrestaShop).

How to » AntiVirus & Security » Data security in Office 365 depends on employee attention (Remote Working)
Leave a Comment