Managed Security-Header

The Value of a

Hacked Email Account

The Value of a Hacked Email Account

Many businesses are at risk of hacked email accounts. It’s difficult to realize how much is invested in business email accounts until those accounts are in the hands of cyber-criminals.

Microsoft Office 365 has taken a dominant role as the productivity solution of choice for enterprise data: 58.4 percent of all sensitive corporate data in the cloud is stored in Office 365. There’s value in your corporate inbox.

Your business keeps so much sensitive and proprietary information all in one inbox: photos, contracts, business plans, invoices, tax forms, reset passwords, and payslips are just a few of the details which can be found in your users’ professional inboxes. By simply breaching their emails, a malicious hacker can get access to all these vital documents.

Sit up and pay attention

Here are some stats that should cause you to sit up and read more:

Almost three quarters (71.4 percent) of corporate Office 365 users have at least one compromised account each month, according to a report by Skyhigh Networks.

The average organization experiences 2.7 threats each month within Office 365:

  • 3 compromised accounts each month – such as an unauthorized third party logging into a corporate Office 365 account using stolen credentials
  • 8 insider threats each month – such as a user downloading sensitive data from Sharepoint and taking it when they join a competitor
  • 6 privileged user threats each month

On average the cost of a data breach is $3.9M.

Insider threats are more damaging particularly if it’s a compromised account, careless employee misuse or a malicious insider. The cost of such a data breach could be up $8.76M.

Microsoft takes security seriously

Microsoft takes Office 365 security seriously and has made significant investments in service-level security. However, users can still perform either accidental or malicious high-risk actions within Office 365 which can put your business at risk. Also, account credentials can be stolen through phishing scams and then used by third parties to get access to your data.

Email accounts are hacked by cyber-criminals because they are often a weak link in an organization’s security pipeline. The diagram below, adapted from Krebs on Security is a clear overview of the value of your corporate email account.

Managed Security-krebs
Overview of the value of a corporate email account, source: SoftwareONE

Think about it – when anyone signs up for an online service, the user must enter an email address, and whoever controls that email address can reset the password and take over the account, all without the immediate knowledge of the account’s owner.

Then there’s Phishing – the fraudulent practice of sending emails pretending to be from reputable companies in order to coerce individuals to reveal personal information, such as credit card numbers, account numbers and passwords. All phishing emails have a link provided that if clicked on will either direct the user to site and infect your PC with malware (such as ransomware) or direct you to a website asking for personal information.

How to stay safe

A three-pronged approach is needed to keep your corporate email account safe.

First focusing on security. Secondly focusing on back up, thirdly focusing on user awareness training because employees can be a weak link in security. If they are trained properly and educated to spot a phishing attempt, this could prevent some threats.

This post will focus on the first two elements of staying safe – backup and security, which aren’t interchangeable concepts.


An effective Office 365 security strategy will begin with an Office 365 Security and Cyber-Threat Assessment and provide you with a security configuration score. Followed by a recommendation on best practices and guidance on successfully implementing Office 365 security features.

Such a strategy will need to cover:

  • Proactive threat reporting and monitoring of your Microsoft 365 environment
  • 24 / 7 reactive and proactive security support
  • Bi-monthly reporting with insights for improving your security standing
  • A plan for setting up, enhancing and maintaining threat detection, threat protection, and threat response capabilities
  • Identification of security and compliance gaps

Addressing the security skills gap within your IT team will be the most necessary and pivotal step towards protecting your business inbox.


Should data loss or theft occur, then you want the peace of mind of knowing that you have preserved business continuity.

When you consider that 75% of data loss is caused by user error, then you begin to understand why Microsoft recommends you have a third-party capability to back-up your Office 365 data. (Source: IT Compliance Policy Group)

Even though Microsoft hosts the Office 365 platform, they are not responsible for maintaining a backup of your business-critical data. With Office 365, it’s your data – you control it – and it’s your responsibility to protect it.

An effective and secure backup solution for Office 365 will do the following:

  • Protect your Office 365 data from accidental deletion, security threats, and retention policy gaps
  • Quickly report individual Office 365 items across Exchange, OneDrive and SharePoint
  • Drill down through backups by date or keyword search to quickly locate and recover
  • Backup all or specific groups of user
  • Ensure that data stays in your cloud environment and you have the control to restore when you need

A comprehensive Office 365 backup solution can give you peace of mind, should the unnecessary occur.

Setup an effective Office Security Strategy

Download our “Office 365 Security and Cyber Threat Assessment” brochure to figure out a security configuration score and to see best practices.

Get your copy
  • Managed Security
  • Cyber-Crime, Office 365, Data Security, Cyber-Threats, Cyber-Attacks

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

Cybersecurity Update March 2021
  • 13 април 2021
  • Bala Sethunathan
  • Cybersecurity User Awareness, Cyber Threat Bulletin, Cybersecurity, Managed Security
  • Cyber-Threats

Cyber Security Update March 2021

About 80% of breaches occur due to poor passwords. Keep your business protected and learn how to improve your password security.

How to Improve Your Microsoft 365 Security
  • 24 март 2021
  • Bala Sethunathan
  • Managed Security, Cybersecurity
  • Microsoft, Microsoft 365, Security, Azure, Identity Protection, Windows Hello

How to Improve Your Microsoft 365 Security

Your most sensitive data passes through your M365 deployment - but is it protected? Read this to ensure your assets are safe from malicious actors.

Cyber Security Update February 2021
  • 22 март 2021
  • Bala Sethunathan
  • Managed Security, Cybersecurity, Cyber Threat Bulletin
  • Cyber-Threats

Cyber Security Update February 2021

Do you know the latest cybersecurity attack motives and methods? Read more about how hackers tried to steal data and disrupt business.