Locking down email after a phishing attack — and rebuilding trust.
When credentials were used to hijack a manager's email and spam clients, M & M Autopak needed to move fast. Decision1 layered in Microsoft 365 hardening, MFA via Azure, and Defender — quickly, quietly, and at small-business scale.
Locking down email after a phishing attack — and rebuilding trust.
About M & M Autopak
Meet Phil Meek. When he isn't fishing or playing bass, he runs M & M Autopak — an engineering-based firm providing products and services to the manufacturing industry. Located in Dunedin and Sydney, they're a small team of fewer than 15 employees running a three-device network with an additional 10 users — and they did not expect to be the victim of a phishing attack.
The phishing attack
"Like most small businesses we are good at what we do and focus on getting the job done. So when we realised we had been victim to a phishing attack, it took us by surprise. We, like a lot of businesses, snuck under the radar a bit and just didn't think it would happen to us." Credentials were used to hijack manager email addresses and send spam to M & M's client and supplier base. "We deal with mainly blue-chip and corporate clients, so it really wasn't a good look on our reputation."
Aiming for change
M & M took it on the chin and made the changes they needed. They got in touch with their local IT Alliance member — Decision1 — to brainstorm a solution, then called their key client base to let them know what had happened and how they were going to fix it. "It felt very unprofessional. We talk on the phone and to confirm we always follow up with email. Our email is one of the most critical tools we have — our Achilles heel."
Empowering the Microsoft Defence Force
Decision1 set about implementing Microsoft 365 hardening on top of M & M's existing suite. Multi-factor authentication (MFA) was rolled out via Azure. Because the team mostly works on tablets or phones in the field, fingerprint identification made MFA quick and intuitive — just a little training and they were away. Next, Microsoft Defender was implemented to automatically analyse threat data across domains, building a complete picture of each attack in a single dashboard.
The outcome
"Decision1 not only helped solve our issue at the time, they have set us up with security systems that give us confidence in being covered. Our next step is to develop a team policy around our cyber security and have this backed up by our systems. Our advice to anyone running a business: if you don't do it, it will eventually catch you out. We were lucky it was only a few emails sent out, although it was so debilitating — and it feels unprofessional to have to reach out to your client base and fess up. You may not realise till it's too late."
“They not only helped solve our issues at the time, they have set us up with security systems that give us confidence in being covered.”