Starting August 22, 2022, we are in the process of enabling the Suspicious Login Alerts security feature for all administrative and user accounts.
Why are we doing this?
Suspicious Login Alerts act as the last line of defense in the event an account’s login credentials are stolen and the account is accessed by an unauthorized person. This is a vital security feature to protect your users, your organization and other parties.
What are Suspicious Login Alerts?
With the feature enabled, whenever one of your users logs into an SBO Cloud service e.g. Elevate, Online Meeting, ShareSync, Hosted Exchange, MyServices etc. in a way that could be considered unusual, an email notification is sent to the primary email address of the user.
A login is considered suspicious if for example it occurs:
- On a new device or web browser
- From a new location
- At an unusual time (e.g., midnight)
When receiving a suspicious login notification, the user should consider whether it was actually them logging into their account at the listed date & time. If it was, the notification can be ignored as a false positive. If it was not them or there is a reasonable doubt as to whether it was them, then they should follow the instructions in the notification. Their password should be changed immediately to prevent further access by any unauthorized persons and their security team should be notified for further investigation.
What options are available?
The Suspicious Login Alerts feature can be customized on the Security Policies page in the Cloud Control Panel.
You can select any combination of the following options for the email notifications to be sent to:
- The primary email address of the user
- The secondary email address of the user
- A custom email address, e.g. your organization’s security team
Who will be affected by the changes?
All accounts that have Suspicious Login Alerts turned off and have never previously used the feature will now be enabled. If an account has the feature enabled, we will not change any of the current settings. If an account previously had the feature enabled and subsequently disabled it, we will not reenable the feature.
When the feature is enabled as part of the rollout, it can then have its settings changed or be disabled at any time in the Control Panel.