Attackers frequently target email accounts for compromise because of the wealth of sensitive information that is often available, and because email access can be used to reset passwords for almost any other account, giving the attacker control over much more information and the ability to initiate financial transactions. For these reasons, it is extremely important to protect email account access with more than just a password. Multi-Factor Authentication (MFA) using a mobile app that generates one-time passcodes is much stronger than password authentication and should be used to protect all corporate email accounts. IT professionals who are responsible for setting up email access should ensure that no “legacy authentication” methods (such as SMTP, POP3 and IMAP) are allowed to bypass the MFA requirement. Security analysts should also review any suspicious login events coming from IP addresses that are unusual for the user of the account, but with remote workers traveling, that analysis can be difficult and is always a step behind the attackers. Proactively locking down access to accounts using MFA is a much more effective approach.

For more information on the Iowa City incident, please read: https://www.kcrg.com/2020/11/18/mercy-iowa-city-reports-data-breach-over-60000-iowans-affected/