Managed Security-Header

The Value of a

Hacked Email Account

The Value of a Hacked Email Account

Many businesses are at risk of hacked email accounts. It’s difficult to realize how much is invested in business email accounts until those accounts are in the hands of cyber-criminals.

Microsoft Office 365 has taken a dominant role as the productivity solution of choice for enterprise data: 58.4 percent of all sensitive corporate data in the cloud is stored in Office 365. There’s value in your corporate inbox.

Your business keeps so much sensitive and proprietary information all in one inbox: photos, contracts, business plans, invoices, tax forms, reset passwords, and payslips are just a few of the details which can be found in your users’ professional inboxes. By simply breaching their emails, a malicious hacker can get access to all these vital documents.

Sit up and pay attention

Here are some stats that should cause you to sit up and read more:

Almost three quarters (71.4 percent) of corporate Office 365 users have at least one compromised account each month, according to a report by Skyhigh Networks.

The average organization experiences 2.7 threats each month within Office 365:

  • 3 compromised accounts each month – such as an unauthorized third party logging into a corporate Office 365 account using stolen credentials
  • 8 insider threats each month – such as a user downloading sensitive data from Sharepoint and taking it when they join a competitor
  • 6 privileged user threats each month

On average the cost of a data breach is $3.9M.

Insider threats are more damaging particularly if it’s a compromised account, careless employee misuse or a malicious insider. The cost of such a data breach could be up $8.76M.

Microsoft takes security seriously

Microsoft takes Office 365 security seriously and has made significant investments in service-level security. However, users can still perform either accidental or malicious high-risk actions within Office 365 which can put your business at risk. Also, account credentials can be stolen through phishing scams and then used by third parties to get access to your data.

Email accounts are hacked by cyber-criminals because they are often a weak link in an organization’s security pipeline. The diagram below, adapted from Krebs on Security is a clear overview of the value of your corporate email account.

Managed Security-krebs
Overview of the value of a corporate email account, source: SoftwareONE

Think about it – when anyone signs up for an online service, the user must enter an email address, and whoever controls that email address can reset the password and take over the account, all without the immediate knowledge of the account’s owner.

Then there’s Phishing – the fraudulent practice of sending emails pretending to be from reputable companies in order to coerce individuals to reveal personal information, such as credit card numbers, account numbers and passwords. All phishing emails have a link provided that if clicked on will either direct the user to site and infect your PC with malware (such as ransomware) or direct you to a website asking for personal information.

How to stay safe

A three-pronged approach is needed to keep your corporate email account safe.

First focusing on security. Secondly focusing on back up, thirdly focusing on user awareness training because employees can be a weak link in security. If they are trained properly and educated to spot a phishing attempt, this could prevent some threats.

This post will focus on the first two elements of staying safe – backup and security, which aren’t interchangeable concepts.


An effective Office 365 security strategy will begin with an Office 365 Security and Cyber-Threat Assessment and provide you with a security configuration score. Followed by a recommendation on best practices and guidance on successfully implementing Office 365 security features.

Such a strategy will need to cover:

  • Proactive threat reporting and monitoring of your Microsoft 365 environment
  • 24 / 7 reactive and proactive security support
  • Bi-monthly reporting with insights for improving your security standing
  • A plan for setting up, enhancing and maintaining threat detection, threat protection, and threat response capabilities
  • Identification of security and compliance gaps

Addressing the security skills gap within your IT team will be the most necessary and pivotal step towards protecting your business inbox.


Should data loss or theft occur, then you want the peace of mind of knowing that you have preserved business continuity.

When you consider that 75% of data loss is caused by user error, then you begin to understand why Microsoft recommends you have a third-party capability to back-up your Office 365 data. (Source: IT Compliance Policy Group)

Even though Microsoft hosts the Office 365 platform, they are not responsible for maintaining a backup of your business-critical data. With Office 365, it’s your data – you control it – and it’s your responsibility to protect it.

An effective and secure backup solution for Office 365 will do the following:

  • Protect your Office 365 data from accidental deletion, security threats, and retention policy gaps
  • Quickly report individual Office 365 items across Exchange, OneDrive and SharePoint
  • Drill down through backups by date or keyword search to quickly locate and recover
  • Backup all or specific groups of user
  • Ensure that data stays in your cloud environment and you have the control to restore when you need

A comprehensive Office 365 backup solution can give you peace of mind, should the unnecessary occur.

Setup an effective Office Security Strategy

Download our “Office 365 Security and Cyber Threat Assessment” brochure to figure out a security configuration score and to see best practices.

Get your copy
  • Managed Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

  • 21 October 2020
  • Bala Sethunathan
  • Managed Security

Protect Enterprise Mobile Devices

Despite their size, mobile devices pose a huge threat to enterprises. Here are a few threats to start protecting against today.

  • 14 October 2020
  • Bala Sethunathan
  • Managed Security, Cybersecurity

Security is Not Privacy: Ways to Keep Personal Data Secure

Organizations must know the difference between data security and privacy, the ways your data could be compromised, and how to keep it secure.

Improve Network Security with VMware NSX

Network Virtualization with VMware NSX

VMware NSX enables firewalls to be implemented even for the smallest segments - and thus considerably increases IT security.