We spend time installing Antivirus, Firewalls and encryption on your laptop and browsing safe online and we forget that while our computer is off, someone could still be trying to access our email accounts online.
Who would benefit from hacking me? This is the most common asked question after it has happened.
The truth is, it doesn't matter. Sometimes it's a kid in their early teens just trying to see if they can hack, other times it's more serious.
The most common symptoms after a successful attack is your email address has been used to contact everyone from your contact history (that's right, not your contact list). Your contact history is almost everyone you have ever emailed.
How would someone get my email password, I don't share it out? Well, we don't always know afterwards, the most common is that you clicked a scam email link or you used the same password on another website or...and this is the worst...A large company like Microsoft, Google or Yahoo etc. just gave away your passwords and will probably get round to admitting it in a few years.
What can you do that won't cost money? The solution is to turn on MFA (Multi-Factor Authentication) for all your email accounts or at least the important ones, and definitely, use it on the Global Administrator Accounts.
How do I do it?
Here are the guides
Set up multi-factor authentication in the Office 365 admin centre
Set up 2-step verification for Office 365
Create an app password for Office 365