Is Your Data Safe from Your Employees? Microsoft Office 365 Admins Must Be on Multi-factor Authentication by Default

When it comes to data breaches and other cybersecurity threats, many people discuss the risks from outside hackers.  

While outside hackers are a huge concern, Internal employees can do a lot more damage to an organization’s IT infrastructure. Recently, an IT employee stole the credentials of a colleague after he was fired. He decided to steamroll through his former employer’s Amazon Web Services (AWS) accounts and deleted twenty-three servers. The company lost big contracts with transport companies as a result.  

Police say that the wreckage caused an estimated loss of $700,000 at the time. The company reportedly was never able to retrieve back the deleted data.  Also, it took months to track down the culprit. 

A Few Statistics  

$2.4 million  

The average cost of a malware attack on a company 


The net increase in the average annual number of security breaches 

50 days  

The average time to resolve a malicious insider attack 

191 days 

The time it takes for organizations to identify data breaches

Could Have, Should Have, Would Have  

The company could have done a few things to protect itself from this sort of nightmare.Voova CEO, Mark Bond, admitted to the court that the company should have implemented Multi-factor authentication (2FA), 2FA would have made it much harder for this to have happened. 

Set a Two-Step Verification Process:

Two-step verification helps by making it more difficult for someone else to sign in to your account. It uses two different forms of identity: your password, and a contact method (also known as security info) like: 

  • Something you know (typically a password)  
  • Something you own (a trusted device that is not easily duplicated, like a phone) 
  • Something you are (biometrics) 

  • Azure Multi-factor Authentication strengthens security preventing the outflow of sensitive data

For Example: When you log in to your account, you will type a unique code from your phone to get access to Microsoft 365. MFA can prevent hackers from taking over even if they know your password.  

You should educate your users about MFA

Since most users are familiar with using only passwords to authenticate, it is essential that your organization communicates to all users regarding this process. You should experience this in your business by enabling this for a couple of users first. Then extend the capability to all users, including your IT admins. 

The authentication process keeps productivity high

MFA makes it easy to access business applications from anywhere, at any time, safely.  

Make sure you have a plan in place for when employees leave that covers everything from physical access to your property and hardware like laptops, phones, and access tokens, to email, call forwarding, and logins for all the company software and services they had access to.

Give us a call at 914-355-5800 to find out more about Multi-Factor Authentication and other Microsoft security products. 

Share This Post

    Talk to an Expert Now !

      Privacy & Cookies Policy

      Domain is not available in your country