Bailiwick Data Protection Advisory

Published: 23 July 2024

Criminals are becoming increasingly adept at bypassing common security measures – including multi-factor authentication (MFA).

The Office of the Data Protection Authority (ODPA) has seen a recent spike in reports from organisations indicating that their Microsoft 365 systems have been compromised following phishing attacks.

According to Microsoft, MFA can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available.

ODPA would nonetheless advise organisations to adopt a layered approach to security, including several complementary measures to further reduce the risk of compromise, as it has been seeing examples where MFA has been bypassed.

  1. Mail filtering. This solution scans incoming emails and quarantines suspect ones. By preventing phishing emails from reaching your mailbox, the likelihood of a user clicking on a malicious link or attachment is greatly reduced.
  2. Web filtering. This is software that controls the websites that users can access, reducing the likelihood that users will be taken to malicious sites when links are clicked.
  3. Multi Factor Authentication. It has already been mentioned that this is not foolproof – no security measures are - but MFA does greatly reduce the risk of compromise. Consider using a more secure method of MFA, such as a hardware authentication device.
  4. Conditional access controls. This involves stipulating further conditions (such as geo-location) before granting user access.
  5. Monitoring and alerting. Configure your IT system so alerts are sent to the administrator when suspicious behaviour is observed. Those alerts should be taken seriously and acted on.
  6. Training and awareness. Ensure that staff know how to identify a malicious email and are aware of what to do in the event that one is received.

The ODPA has produced guidance with more information about phishing attacks: Four principles to protect against phishing · ODPA

The National Cyber Security Centre also has a wealth of resources: www.ncsc.gov.uk