Overview

Overseas Successful Login

The overseas successful login alert is triggered when a login is completed from a country outside the set home tenancy, or outside of the other allowed countries.

Banner Image 2 1

For a Successful Login

  • Protect user accounts
  • Detect suspicious behaviour
  • Lower time to intrusion detection
  • Monitor logs for integrity
  • Provide additional assurance
Access control and configuration

Impact

Real world impact

Problem Faced

Elizabeth is located in Australia, and normally works from the office or home. Elizabeth’s logins will normally be showing as from Australia. If Elizabeths’ account is showing as logged in from a different country – say the USA, then it may be an early sign that the account username and password has been compromised. If Elizabeth isn’t travelling, then in this situation we would advise an immediate password reset, and further investigation into the source of the login, and any other damage done.

Solution

It is critical that successful overseas logins are identified and verified as legitimate (or fraudulent) as a matter of priority.   If it is a fraudulent login, then immediate action is required – the longer it is left, the more damage that could be done. The more data that could be stolen,  the more staff, clients, and end-users that could be impacted. This is not a situation that you want to find out about weeks, months, or even years later.

Prevention

What are the main questions you should consider when working out how to manage this risk?

  • Do you have a system or solution in place to detect overseas logins?
  • If there was an overseas login from one of your users today, would you find out?
  • How long do you think it would take to find out that one of your user accounts was logged in from an overseas location?
  • Have you ever checked your system for overseas logins?
  • What would the impact be on your organisation if a user account was compromised for an extended period of time without detection?
Problem Faced Elizabeth is located in Australia, and normally works from the office or home. Elizabeth’s logins will normally be showing as from Australia. If Elizabeths’ account is showing as logged in from a different country – say the USA, then it may be an early sign that the account username and password has been compromised. If Elizabeth isn’t travelling, then in this situation we would advise an immediate password reset, and further investigation into the source of the login, and any other damage done.
Solution It is critical that successful overseas logins are identified and verified as legitimate (or fraudulent) as a matter of priority.   If it is a fraudulent login, then immediate action is required – the longer it is left, the more damage that could be done. The more data that could be stolen,  the more staff, clients, and end-users that could be impacted. This is not a situation that you want to find out about weeks, months, or even years later.
Prevention What are the main questions you should consider when working out how to manage this risk? Do you have a system or solution in place to detect overseas logins? If there was an overseas login from one of your users today, would you find out? How long do you think it would take to find out that one of your user accounts was logged in from an overseas location? Have you ever checked your system for overseas logins? What would the impact be on your organisation if a user account was compromised for an extended period of time without detection?

More

Blog

How to Enable End-to-End Encryption for Microsoft Teams Meetings?

SharePoint Permission Levels and Best Practices in Microsoft 365

SIEM For Office 365 Security: Why Consider?

Microsoft Office 365 Secure Score Limitations for MSPs

MS365 Block Lists & Email Quarantine Management

Improve your Office 365 Security Governance New

The truth behind MFA and 365 security

365 Security in 2023

Welcome, and what a time to launch

CatchBefore it is too late!

Your data is actively being targeted. Safeguard your information with proactive measures.

Book a Demo
Contact Us