Ms 365 Compromised Account Playbook.
When a Microsoft 365 account is compromised, it can be alarming, but the good news is that there are steps we can take to secure it. This playbook is here to guide you through what happens next, and how we work to ensure that your data and business remain protected. Rest assured, we’ll help you every step of the way.
1. Recognizing the Problem
What to Look For:
- You might notice strange activity, like seeing emails you didn’t send or files being accessed that shouldn’t be.
- You may be locked out of your account, or receive alerts from Microsoft about unfamiliar logins.
If anything seems unusual, let your IT know immediately. Quick action can prevent further damage.
2. Taking Immediate Action
Once we know an account has been compromised, here’s what happens next to protect your account:
2.1 Reset the Password
2.2 Log Out Suspicious Users
3. Strengthening Security
After the immediate threat is stop, make sure your account is even more secure by:
3.1 Enabling Two-Step Verification
3.2 Checking for Suspicious Changes
4. Investigating the Cause
Your IT must investigate how the account was compromised to prevent it from happening again. This includes checking:
- If any sensitive data was accessed.
- Whether the issue came from phishing, weak passwords, or other security lapses.
5. Clear Communication
Keep clear communication with your IT throughout the process. You’ll know:
- What they are doing to fix the issue.
- Any additional steps you need to take, like updating passwords on other accounts.
- How your business data was impacted (if at all).
6. Preventing Future Issues
Engage a Managed IT Service provider. They can help with the following:
- Regular security updates and guidance on avoiding phishing attacks (those suspicious emails asking for personal info).
- Best practices for creating strong passwords and keeping them safe.
- Regular monitoring of your accounts for unusual activity.