Go to Outlook on the web > Settings > Mail > Rules and review inbox rules for anyone in finance, HR, or leadership. Then go to Microsoft 365 Admin Center > Users > Active users > select user > Mail > Manage email forwarding to check whether forwarding is turned on at the mailbox level. Remove any rule or setting that auto-forwards messages outside the company unless it is clearly approved.
Why It Matters
Attackers love mailbox forwarding rules because they let them quietly monitor invoices, payroll notices, password resets, and other sensitive emails without drawing much attention. Microsoft treats suspicious forwarding activity as a common enough attack pattern to have dedicated investigation guidance for it.
Go to Microsoft Entra admin center > Enterprise applications > All applications. Review the list for anything unfamiliar, overly broad, or no longer needed, especially apps tied to email, files, or user data. Click into any app you do not recognize and review its permissions and consent settings before removing or investigating it.
Why It Matters
Consent phishing can trick a user into approving a malicious app instead of giving up a password. That gives attackers a quieter way into Microsoft 365 data, including mail and files, while making the activity look like a legitimate app connection.
March 2026 Browser extensions and notification permissions
Go to Chrome > Extensions > Manage Extensions or Edge > Extensions > Manage Extensions and remove any extensions you no longer use, especially AI assistants, coupon tools, screen capture apps, and PDF editors.
Why It Matters
Browser-based attacks remain a common entry point for threats. Tightening notification permissions is an easy cleanup step when so much work now happens in the browser.
Go to Chrome > Settings > Privacy and security > Site settings > Notifications or Edge > Settings > Cookies and site permissions > Notifications and remove any websites you do not trust.
Why It Matters
CISA says recent alerts cover active cyber threats and campaigns that need rapid response, and browser-based attacks remain a common doorway into day-to-day work. Tightening notification permissions is an easy cleanup step when so much work now happens in the browser. This last sentence is an inference supported by CISA’s focus on ongoing web-based threat activity.
February 2026 Shadow extensions and emergency Windows patch
Open your primary browser and go to your Extensions or Add-ons manager. Remove any extension you have not used in the last 30 days, especially free PDF converters or coupon finders.
Why It Matters
In 2026, malicious extensions are a leading way for hackers to bypass MFA through session hijacking. Even legitimate extensions can be sold to bad actors who push out updates containing spyware. If you are not using it, it should not have access to your data.
Manually trigger a Windows Update. Go to Settings > Windows Update > Check for updates and install all available patches. These flaws let hackers bypass security warnings by tricking you into clicking a link or a Word doc.
Why It Matters
Hackers are actively using these vulnerabilities to gain administrative control over business PCs. Waiting for the automatic update may be too late.
January 2026 Ghost subscriptions and critical Windows patch
FIX 01
Audit Your Software Subscriptions (You’re Probably Paying for Ghosts)
Pull up your business credit card statements from the last 3 months. Highlight every recurring software charge and ask: does anyone on the team actually use this? Cancel subscriptions nobody remembers, remove licenses for employees who left, and consolidate duplicate tools.
Why It Matters
The average business wastes 30% of their SaaS budget on ghost subscriptions. Beyond the money, every unused account is a security vulnerability that nobody is monitoring.
FIX 02
Update Windows Now (Hackers Are Exploiting This Flaw)
Go to Settings > Windows Update > Check for updates and install all available patches immediately. One vulnerability (CVE-2026-20805) is already being actively exploited in the wild.
Why It Matters
CISA added this flaw to their Known Exploited Vulnerabilities list. This January update fixes 114 security holes, including 8 critical vulnerabilities. The longer you wait, the more exposed your team is.
December 2025 Windows security feature and smart out-of-office settings
FIX 01
Turn On Microsoft’s Silent Security Feature Finally Activated
Go to Windows Security > App and Browser Control > Exploit Protection Settings and verify Control Flow Guard (CFG) is enabled. Microsoft silently turned this on in recent updates, but some systems may need manual verification.
Why It Matters
Control Flow Guard prevents memory corruption attacks that hackers use to hijack programs. Microsoft built this protection in 2017 but only started auto-enabling it in December 2025. This free built-in protection blocks entire classes of exploits.
FIX 02
Set ‘Out of Office’ Auto-Replies in Email (But Do It Smart)
Before setting your out-of-office reply, remove details about how long you will be gone and who is covering for you. Just say “I am currently out of the office and will respond when I return.”
Why It Matters
Out-of-office messages tell attackers exactly when you are gone, how long, and who to impersonate. Scammers monitor auto-replies during holidays to send fake urgent requests to whoever is covering for you.
November 2025 Unused employee accounts and backup testing
Log into your Microsoft 365 or Google Workspace admin panel and check the Last Sign-In date for every user. Disable any account that has not logged in for 60 or more days, then remove the license to stop paying for it.
Why It Matters
Every unused account is a security risk and wasted money. Hackers target old employee accounts because no one is monitoring them. You are also paying monthly license fees for people who no longer work there.
FIX 02
Set Up Automatic Backup Testing So You Know Your Backups Actually Work
Schedule a monthly automatic restore test for your Windows backups. If you are using Veeam, Acronis, or Windows Backup, set up an automated test that restores a random file to a separate test folder and verify the file opens correctly.
Why It Matters
60% of businesses discover their backups do not work when they are trying to recover from ransomware or hardware failure. By then it is too late. Monthly testing catches problems while you still have time to fix them.
October 2025 QuickBooks ransomware riska nd backup schedules
FIX 01
Move Your QuickBooks File Off the Desktop Before Ransomware Finds It
Move your QuickBooks company file off your desktop or downloads folder. Store it on a network drive with automatic backups, or upgrade to QuickBooks Online. Ransomware targets desktop files because they are easy to encrypt.
Why It Matters
QuickBooks files contain your entire financial history, customer data, and vendor information. Losing access means you cannot invoice, pay bills, or run payroll.
FIX 02
Verify Your Backup Schedules Handle Daylight Saving Time Correctly
Before clocks change, verify your backup systems adjust automatically. Some older backup software does not handle time changes well, causing backups to run at the wrong time or skip entirely.
Why It Matters
Missing even one night of backups during a critical window could mean losing a full day of business data if something goes wrong.
September 2025 Hidden Windows setting and Microsoft 365 storage scam
FIX 01
Turn On This Hidden Windows Setting to Stop 73% of Malware
Go to Windows Security > App and Browser Control > turn on Block under Check apps and files. This free built-in protection blocks most malware downloads automatically.
Why It Matters
Many businesses never enable Windows’ built-in security features. This one setting blocks the majority of malware before it ever runs on your machine.
FIX 02
The Microsoft 365 "Storage Full" Scam Targeting Small Businesses
Getting emails saying your Microsoft 365 storage is 99% full? Before clicking Upgrade Now, log into your real Microsoft 365 admin center directly. Criminals use storage fears to steal business account passwords.
Why It Matters
89% of small businesses use Microsoft 365, making it a perfect phishing target. Always navigate directly to admin.microsoft.com rather than clicking links in unexpected emails.
Want these fixes handled for you automatically?
GiaSpace monitors, patches, and secures your systems so your team never has to think about it.
