Many people are unaware of the amount of work IT leaders in education dedicate to keeping their district’s data safe and secure. That’s why at ManagedMethods, we care about improving your jobs (and reducing your headaches!)

One of the most appreciated features of Cloud Monitor, as told by our customers, is its ability to control and manage compromised accounts in Google Workspace and Microsoft 365.

When criminals gain access to an internal student or staff account, they can make their activity look legitimate and gain unfettered access to all the data, files, and email addresses the compromised account has access to.

The hacker can then upload malware into your system, send phishing emails to gain control of more accounts, grant OAuth access to malicious apps, and more. These attacks are difficult to detect and can lead to additional cyber risks and data exposure.

“Cloud Monitor caught a dozen phishing attempts and disabled a couple of accounts that had logged in from overseas just this morning. I’m grateful that I have Cloud Monitor to catch and remediate these attacks quickly. The Login Analyzer is particularly helpful because we’re able to see where logins are coming from. There’s no way our small team could stay on top of it all while also supporting our students, faculty, and staff.”
-Stephen Gauss, Systems Engineer, Gadsden County Public Schools
Read the full customer case study here. 

As an IT leader, there are two fundamental questions you need to ask yourself:

1. 1. What login events are happening outside of my geofence?
   2. What login events should I potentially follow up with and investigate further?

1.  

Using Cloud Monitor’s Policy Violations tab, you can see unsuccessful logins, logins from foreign locations outside your geofence, and failed multifactor authentication checks. Cloud Monitor’s highly customizable policy enforcements can also automatically detect successful account takeovers.

Other features include remediating compromised accounts by suspending the user, changing the password, or setting up policies to automate compromised account protection in Google Workspace and Microsoft 365.

Key benefits from Cloud Monitor’s Account Takeover Prevention:

• • View login activity of users who have violated policies

• • View logins outside of the district’s geofence

• • Login Analyzer shows all login events – whether they are suspicious or not

• • Filter out unapproved login successes

• • View where Google approved a suspicious login

• • Suspend risky accounts or change someone’s password
  • Automate account login remediation

Cloud Monitor is highly customizable, scalable, user-friendly, and cost-effective. No matter your skill level or budget, our team can adapt this tool to meet your needs. Discover the power of ManagedMethods and audit your Google Workspace and/or Microsoft 365 for free.

The post Your Headaches, Our Solutions: How To Find & Manage Compromised Accounts in Google Workspace/Microsoft 365 appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods Cybersecurity, Safety & Compliance for K-12 authored by Alexa Sander. Read the original post at: https://managedmethods.com/blog/manage-compromised-accounts/