Quick Tech Tip: Turn On Account Activity Alerts Before A Bad Login Gets Missed

Most people think about account security after something already feels wrong: a password stops working, a phone gets a login prompt, payroll will not open, or a bank alert shows up after money moved.

A better habit is to turn on account activity alerts before there is a problem. These alerts are not a replacement for strong passwords, MFA, passkeys, or a password manager, but they give you an early warning when someone tries to sign in, change recovery information, add a new device, or perform a sensitive action.

For small businesses, this is especially useful on accounts that control money, email, customer records, websites, domains, backups, remote access, and payroll. A single missed sign-in alert can turn into a bigger incident if nobody knows who is supposed to review it.

What To Turn On First

Start with the accounts where a bad login would create real damage.

• Email accounts because email often controls password resets for banking, vendors, payroll, shopping, and cloud services.
• Microsoft and Google accounts used for work email, files, admin portals, shared calendars, and business devices.
• Banking, credit-card, and payment accounts including merchant services, PayPal-style accounts, payroll, accounting, tax, and invoicing tools.
• Website, domain, and DNS accounts because an attacker who controls your domain can redirect email, websites, and customer traffic.
• Password managers and MFA apps because changes there can affect every other account you protect.
• Remote access and security tools such as VPNs, endpoint security dashboards, camera systems, and backup consoles.

The Alerts Worth Enabling

Every service labels alerts differently, but the important ones are usually the same.

• New sign-in or new device alerts so you know when an account is used from a browser, phone, app, or location you do not recognize.
• Password changed alerts so you can respond quickly if a password changes without your involvement.
• Recovery email, phone, or MFA changed alerts because attackers often try to add their own recovery method after getting in.
• Payment, transfer, or invoice alerts for banks, credit cards, payroll, and accounting tools.
• Admin role or permission change alerts for Microsoft 365, Google Workspace, website hosting, domain registrars, and security software.
• Large download, sharing, forwarding, or mailbox-rule alerts where your business tools support them.

Step-By-Step: Make Alerts Useful Instead Of Noisy

1. Pick the top five accounts first. Do not try to fix every account in one sitting. Start with email, banking, Microsoft 365 or Google Workspace, payroll/accounting, and your domain registrar.
2. Sign in from a trusted bookmark. Do not use a link from an alert email or text to change security settings. Open your saved verified bookmark, type the known website address, or use the official app.
3. Open the security or notification settings. In Microsoft consumer accounts, the Recent activity page shows sign-in activity. Microsoft work and school accounts can show sign-in activity through My Sign-ins or the Authenticator app when enabled by the organization. Google Account Security Checkup and Recent security activity help users review security events and account protections.
4. Enable security alerts to at least two places. Use an email address you actually monitor and a phone/app notification where available. For businesses, make sure alerts do not go only to one person who may be on vacation or locked out.
5. Turn on financial alerts separately. Banks and card issuers often have their own controls for purchases, transfers, low balances, online activity, card-not-present transactions, and unusual activity. Set thresholds low enough to catch problems early.
6. Review recovery information while you are there. Confirm the recovery email, phone number, backup codes, passkeys, security keys, and MFA methods are yours and still accessible.
7. Test one harmless alert if possible. Some services let you send a test notification. If not, sign in from a normal device, confirm the alert path works, and document where alerts show up.
8. Create a short response note. Write down who checks alerts, what counts as suspicious, and when to call IT, the bank, payroll, or the vendor. This matters when the alert arrives during a busy workday.

What A Small Business Should Document

A personal account can be handled with a simple checklist. A business should be a little more deliberate.

• Owner: who receives each alert and who is the backup person.
• Account: bank, Microsoft 365, Google Workspace, payroll, domain registrar, accounting, backup, security software, website hosting, and remote access.
• Alert types: new sign-in, payment, password change, MFA change, admin-role change, forwarding rule, large download, or unusual activity.
• Where alerts go: monitored email inbox, phone app, SMS, ticketing system, admin console, or shared security mailbox.
• Escalation: who can freeze a card, disable an account, reset sessions, revoke tokens, or call the vendor.

This does not need to be fancy. A one-page table is better than relying on memory when someone gets an alert at 8:30 on a Monday morning.

Cautions That Matter

Do not blindly click alert links. Real services send security notifications, but scammers imitate those alerts. If an alert says something urgent happened, open the official website or app yourself instead of clicking the message link.

Alerts can be delayed or filtered. Email filters, Focus modes, spam folders, dead phone numbers, app notification settings, and old recovery addresses can all make a real alert easy to miss. That is why testing and backup contacts matter.

Too many alerts can train people to ignore them. Start with high-value alerts. If every routine sign-in triggers panic, adjust the settings so the important notices stand out.

Location can be approximate. Security alerts may show a city, region, IP address, or device name that is not perfect. Treat unknown activity seriously, but confirm carefully before assuming every odd location is a compromise.

Shared accounts make alerts weaker. If five employees share one login, nobody can tell who really signed in. Use individual accounts wherever possible, especially for email, admin portals, finance tools, and customer-data systems.

What To Do When An Alert Looks Suspicious

1. Do not approve any MFA prompt you did not start. Deny it if the app gives you that option.
2. Open the account from a trusted bookmark or official app. Avoid the link in the alert until you are sure it is legitimate.
3. Check recent activity. Look for new devices, unfamiliar sign-ins, password changes, recovery changes, mailbox rules, forwarding, app permissions, payment changes, or admin-role changes.
4. Change the password if the account may be compromised. Use a strong unique password from your password manager, then sign out of other sessions where the service allows it.
5. Review MFA and recovery methods. Remove anything you do not recognize and make sure your backup methods still work.
6. Call the financial provider directly for money-related alerts. Use the number on the card, statement, or official website, not the number inside a suspicious message.
7. Report phishing attempts. The FTC recommends reporting phishing to ReportFraud.ftc.gov, forwarding phishing texts to 7726, and forwarding phishing emails to the Anti-Phishing Working Group.

When To Call An IT Professional

Call for help if you see sign-ins you cannot explain, repeated MFA prompts, account recovery changes, new mailbox forwarding rules, unfamiliar OAuth/app permissions, admin role changes, payment destination changes, or alerts involving a shared business account.

You should also call before making broad changes in Microsoft 365, Google Workspace, payroll, DNS, hosting, remote access, or backup systems. Those accounts can affect the whole business, and a rushed cleanup can lock out legitimate users or erase evidence needed to understand what happened.

Useful Source Links

• Microsoft Support: What is the Recent activity page?
• Microsoft Support: What happens if there is an unusual sign-in?
• Microsoft Support: View work or school account sign-in activity
• Google Account Help: Make your account more secure
• Google Account Help: Investigate suspicious activity on your account
• FTC Consumer Advice: How to recognize and avoid phishing scams
• CISA Secure Our World: Turn on multifactor authentication

Bottom Line

Account alerts are a small setup task with a big payoff. Turn them on for the accounts that control money, email, admin access, domains, and customer data. Then make sure someone knows how to respond when an alert shows up.