- Articles
- The scary reason why every business needs the...
Table of Contents
Thanks to digital technologies and the cloud, there are more opportunities than ever for smart people to be their own bosses. Leaving the corporate world as an employee and working as a small business owner has never been easier.
For many small to midsized business (SMB) owners, Microsoft Office 365 is an essential upgrade for their company’s productivity. Microsoft makes it very easy for SMBs to buy an Office 365 For Business subscription direct from them. In minutes, SMBs gain the powerful advantage of having Microsoft Excel, Word, and PowerPoint apps with secure cloud-based email and services to manage customer scheduling, invoicing, referrals, et cetera from any internet-connected device. Since most SMBs have limited IT support resources, the direct purchase of Office 365 with one “credit card swipe” is very appealing. However, one SMB entrepreneur we know learned the hard way that this level of self-service can be very costly if you’re not vigilant when it comes to Office 365 security.
The anatomy of a hack attack against an unsuspecting SMB
A business acquaintance – now customer – recently spoke to us about the nightmare he went through due to a hacker and the default account settings of his Office 365. As the leader of a growing consulting firm, he had purchased Office 365 For Business directly from Microsoft after running into the limitations of trying to run his business with “free” Google apps such as Gmail and G Suite. He found that not only was it easy to transfer his Gmail contacts to Microsoft Outlook, he saw a real advantage to how Outlook automatically organizes information, including emails, meetings, calls, notes, tasks, deals, and deadlines in one place. Relationships are essential in any business, but for small business owners, a good database of contacts is their business.
Like most entrepreneurs running a small business, the consultant’s office has employees who perform multiple roles. It’s common for entrepreneurs who experience success to go from a “lone wolf” to an SMB with several employees in a relatively short amount of time. When that happens, your office manager could also by overseeing your IT. This was basically the setup for the consulting firm and it was something of a shock to him when he received an email that nearly 100 new licenses of Office 365 had been added to his account.
SMBs are prime targets for hackers
Without getting into the specific details, we’ll just say some important configuration steps were missed and a hacker compromised the consultant’s Microsoft Office 365 for Business account. In an extremely short amount of time, the hackers added over five dozen more user licenses—all incurring a per month charge—to his account. The worst part was that the hackers not only bought more Office 365 licenses on his account but also added another web domain so they could use it to expand their criminal enterprise. So, not only was t his small business owner faced with a $2,000 per month bill for software licenses he never ordered, a cybersecurity professional had to come in and undo the damage to the consultant’s firm. IT security professionals charge by the hour, and the bill for the remediation easily exceeded $10,000 .
A completely separate, non-related small business run by a person who thought they were too insignificant to hack was used for a real estate scam, using the small business as a vehicle to create a “Fake Org” and use the fake org to trick real estate brokers, financiers and escrow companies into sending financial and personal information on large property transactions to the scammers. The extent of the email scam was using people who knew each other, and the email content even complained about losing data or lost emails and blamed the IT people, making it plausible.
It is important to point out that we are not condemning the business owners who are hard-working individuals who just happened to fall prey to some clever cyberattacks. Criminal hackers are the ones perpetrating the attacks, but everybody should be aware that what occurred here is a common problem that SMBs face: They either lack any in-house IT resources or their IT support is overstretched, unable to stop the deluge of ever-increasing cybersecurity threats. Overstretched and/or non-existent IT support at your SMB results in a lack of time and effort required to grow your business. While it’s relatively easy to sign up for Office 365 by yourself and go directly through Microsoft, you have to manage every aspect of your subscription. The two business owners above both confided in us that they thought they were “too small to ever get hacked” and now wished they’d ensured they had properly configured all of the security settings that are available within Office 365. both admitted they knew about the option to purchase Microsoft product subscriptions through a Microsoft Partner organization but didn’t understand why they should do this. They both thought they’d be better off buying from Microsoft directly and cutting out the middleman (so to speak). As these two examples show, they couldn’t have been more wrong.
The advantages of managed cloud software through a Microsoft Partner
Although some entrepreneurs often equate the term “managed” with “much more expensive than what I want to spend, “that is really not the case when it comes to managed Office 365”. In fact, you may actually end up saving money and, even if you pay the same, you will definitely have peace of mind. There are two key advantages to a managed Office 365 subscription:
- Your initial Office 365 setup is secure – In the example of the consulting firm, their Office 365 subscription was purchased directly through the Microsoft website. Because of their firm’s limited onsite IT resources, their Office 365 subscription was configured with the defaults to get up and running quickly. However, this default configuration does not automatically enable the powerful multi-factor authentication security for your account. Multi-factor authentication requires users in your SMB to provide more than one way to sign into their Office 365 accounts such as a text message, phone call or the authenticator app on a phone or other mobile device. When Amaxra sets up your Office 365 account, we automatically configure this increased security along with some other important settings. And while this didn’t happen here, the hacker could have even removed our customers admin access to their own Office 365 making it even harder and more costly to remedy.
- The partner is your point of contact – Do you have time in your busy day to call Microsoft directly to resolve issues related to your Office 365 subscription? If you’re a SMB that purchased a managed Office 365 subscription through a Microsoft Partner, the only call (or email) you have to make is to your partner. Amaxra is a certified Microsoft Gold Partner, the highest level a Microsoft partner can achieve. As such, Amaxra can handle your account administration and work with Microsoft to fix issues for you (so you can stay productive and secure) without incurring high remediation costs should something untoward occur. We are invested in and genuinely CARE about keeping you productive, secure, and most importantly, working.
When you have a managed subscription to Office 365, no hacker is going to call and request 100 new licenses with a new web domain without the partner confirming with you first. And the security your partner will configure on your account will significantly lessen your chance to be hacked in the first place. Those advantages make working with a Microsoft Partner a fantastic value for SMBs because it takes the load off any busy business owner’s mind.
You really can’t afford to not have a Partner Manager your Office 365
Amaxra consultants understand the needs SMBs, helping many migrate to the cloud for over a decade. We will work with you to put the correct options in place from just the correct licensing to configuring to fully managing. For most SMBs, Amaxra recommends Microsoft 365 + our additional Office Protect solution (Office Protect costs just $1 extra/user/month) as this combination delivers the best value at an economical price while providing the reassurance that you are less likely to be compromised by those very sophisticated organizations out there.