Microsoft Warns Customers of Government-Backed Email Hacking
by Jaap van Duijvenbode on April 11, 2016
Hacking has become an everyday part of doing business. Enterprises face the potential of hacking by rival corporations. All organizations face hackers in search of valuable data stores (like consumer credit card info), as well as hacking by various activist groups and even by those who just do so for entertainment purposes. But what if the hacking is done by the government? Not just your government -- but any government that might have an interest in what you're up to, who you're up to it with, and where you might go.
A Change in Microsoft Policy
Popular Microsoft products that governments might use to spy on people include Hotmail email accounts, Outlook email platform, and cloud products like OneDrive or Azure.
This past December, Microsoft made the announcement that they would now begin warning users of their email products (such as Hotmail) when they had reason to suspect that the email user was being hacked by a government agency or entity. This announcement marked a change in procedure for the software company, which had not alerted about a thousand Hotmail users of suspected surveillance by the Chinese government that occurred beginning in 2011.
The issue is tricky. In some cases, Microsoft (or other software companies that have cause to notice when hacking or surveillance is underway using their products, such as Yahoo!, Google, and others) risks angering the government in question. That could be their own government, or it might be another government that has reason to suspect the email user of some activity against their interests. On the flip side, not alerting an email user of suspected government hacking could lead to them being punished severely of some perceived misdeed. It's a tightrope walk, for sure.
Generic Warnings Versus Personalized Warnings
Some companies have toyed with the generic warning, which reads like a mass-distributed notification and does not mention any specific users who might be spied upon, nor any governments that might be engaged in hacking. These emails can often spur users to change their passwords or begin taking other more serious precautions, such as utilizing two-factor authentication techniques. These generic warnings aren't as potent in convincing the users to take additional security precautions, but they are better than not alerting the email user of the hacking at all.
Microsoft's new decision (which is similar to policies already in place with other software companies, like Google and Yahoo!) is to opt for a personalized notification from now on, instead of the generic warning. When the company believes the user is being hacked by a government, they will warn the user of "state-sponsored" hacking of Hotmail, Outlook, OneDrive, or other Microsoft accounts.
What This All Means to Your Business
If you get a generic notification from any of your software companies, it could be a disguised way of letting you know someone is watching you. Change your passwords and improve your security measures, such as enabling cloud file sharing instead of utilizing email for sensitive communications.
What does this mean from a corporate perspective? It can mean one of two things:
• An executive or other user could be under surveillance by a government agency, putting your data at risk of being leaked.
• Your business may be under surveillance by a government that is suspicious of your activities, has rival interests, or is in some way opposed to your operations, policies, etc.
How can you protect yourself and your business? First, consolidate your company's files using the Azure cloud, so that Microsoft will warn you of any suspected government hacking. Second, empower your users with cloud file sharing, so that they aren't sending your sensitive data across email and other insecure platforms.
You can get the cloud file sharing tools you need at Talon. See how our solutions benefit other businesses in this demo video.