Business Continuity – ExchangeDefender Blog

Most Popular Products

EMAIL SECURITY

Services that protects your mail from spam, viruses, and malware.

ARCHIVING

Secure long term message storage and ediscovery reporting.

BUSINESS CONTINUITY

Constantly archiving your sent and received mail.

ExchangeDefender Compliance Archive was designed as a blend of services and products to help organizations achieve regulatory compliance.  This complex process is always evolving with new regulatory requirements, changes in organization structure, and unique reporting requirements.

 

At ExchangeDefender we specialize in helping organizations with their eDiscovery needs. Here are the biggest fallacies we hear all the time:

 

“We have a backup”

Email backups are not sufficient for nearly any modern regulatory compliance requirements for email retention. Not only can the messages be deleted before backups run, but running reports across the entire organization is next to impossible, not to mention excessively expensive. We recently assisted a partner managing a small 15 employee office in their backup and restore process to locate a message from 5 years ago, costing the organization over $18,000 in IT labor alone.

 “We have a product/compliance service” 

Having a product or a service subscription is different from being in compliance with regulatory requirements. The difference between having a product and being in compliance is similar to “We have a CPA” and “We have filed our tax returns on time” – mistaking the two can be costly and dangerous.

“We are never going to need that” 

Most organizations downplay the importance of long term email archiving and eDiscovery. An overwhelming majority of subscribers to our eDiscovery service don’t have a specific regulatory requirement at all, they do it to effectively defend themselves from legal threats that are all too common these days. With email being the gateway for all corporate communication, it is the first place record retentions, legal holds, and subpoenas are issued for electronic records and there needs to be a system in place to effectively deliver that information.

“What we have is enough”

Regulatory compliance goes far beyond poorly interpreted recommendations and laws. It is a process of producing reports, identifying problems, and assuring that corporate communications policies are being followed, or at least addressed, in case there is an issue. If the organization does not have people in charge of managing the compliance on a monthly basis or there are no current reports searching for dangerous or sensitive content or there is no ongoing maintenance or an established incident record – the organization is likely out of compliance even if they purchased the right software or signed up for the right service at one point.

“We have a someone managing that”

Someone is not a good person to rely on when you get a subpoena and they are even more difficult to get into a courtroom. Plus, how much would you trust them to demonstrate expertise and defend the implementation of the compliance archiving and eDiscovery solution? Many organizations make a mistake of thinking that just signing up for a service or purchasing a product is sufficient for compliance but it’s really just a starting point. You need the personnel, product, service, and reporting to fully achieve regulatory compliance.

ExchangeDefender Compliance Archiving and eDiscovery are a part of a professional service that helps get your organization and its means of communication on path to achieving regulatory compliance. Whenever someone is fully confident that they have their compliance in order we simply ask them to “show me your last Compliance Officer Report” and almost everyone struggles to produce the report or even name the Compliance Officer, the processes being used for archiving, the type of data protection, or the way in which the entire process is tested and audited. With ExchangeDefender Compliance Archiving, you not only get a service, you get a partner that will work with you every step of the way in achieving your regulatory and organizational needs for proper record keeping.

Signing up for the Compliance Archiving service is the first step in reaching regulatory compliance when it comes to email retention and eDiscovery. The following five steps will put you on the right path of achieving and maintaining that compliance:

 

1.Understand what you need to keep and for how long.

Your regulatory/oversight body will provide details about how long you are required to hold on to your email. In our experience with Compliance Archiving, you also need to pay attention to the Statue of Limitations that your business may be liable for. Very often the discovery process for lawsuits includes legal hold requests and record requests that are longer than regulatory requirement.

2. Get the right product and implement it correctly.

Your compliance has to be all encompassing – all email must be archived. With ExchangeDefender Compliance Archiving all of your inbound, outbound, and interoffice email is collected, archived and protected in the cloud. You can search for any document at any time and be certain that it has not been tampered with and that no emails have been deleted – something that sets our eDiscovery/archiving apart from backup solutions.

3. Keep an eye on it to make sure it works

Just setting up a compliance archiving solution is not sufficient enough. there is no protection for technical negligence in regulations. You are expected to keep your mail server and everything connected to it secure. Penalties for data loss, compromised credentials, and data leakage are severe and are not a valid excuse for not having compliance.

4. Create Compliance Officer reports frequently.

Compliance Officer within your organization must create reports on a monthly basis to assure no confidential information is allowed to leave the organization. Some industries have an even more specific and severe restriction on the type of communication that can take place over email and what sort of information can be sent – compliance officers run eDiscovery reports to assure nothing confidential is being shared and address problems and exceptions routinely

5. Routinely audit the entire system to maintain compliance.

Organizations grow and change over time and remaining compliant with new regulations is key. ExchangeDefender Compliance Archiving service often sends out advisories, best practices, tips and suggestions to adjust your process because you are always expected to be in full compliance with the latest requirements. Every time you add a new employee or change your mail server configuration or new lines of business – compliance must extend to cover these new records that may be of interest to someone down the road.

“One of the biggest mistakes organizations make with regulatory compliance is thinking that it’s a service, product or a one-time effort: quite the opposite!”

 

Achieving regulatory compliance means implementing the right product, conducting routine audits, complying with changes in regulations and having full control of the environment where messages are stored as employees come and go.

In the event of an audit, you will be asked to produce record and you will be judged on your ability to provide specific records that are requested, not the best effort you made in trying to achieve compliance. Considering the fines and legal complications, it makes sense to revisit the five steps outlined here annually and make adjustments as necessary.

65% of all emails sent are spam, what’s the solution?

At ExchangeDefender we kill SPAM for a living. We spend a ton of time and energy identifying, filtering, and destroying junk mail. If you’ve ever wondered how you could make your email experience better, even without the massive layered security that ExchangeDefender provides, these are the steps you could take today:

1. Configure strict SPF/DKIM DNS records

SPF and DKIM (DMARC) can help you protect your domain name from being used in SPAM mailbombs. Spammers will often use real email addresses and domains to send forged “spoofed” email messages and SPF/DKIM provide a mechanism for identifying which email server/platform you use. By setting up an SPF/DKIM you can tell places that are receiving email from your domain what to do if the message wasn’t actually sent from you. If your inbox is full of email bounces and non-delivery receipts, someone is using your email address to send junk mail and an SPF/DKIM record will practically eliminate bouncebacks.

2. Get rid of generic email aliases
At ExchangeDefender we manually process SPAM complaints from our customers – that’s how we train our system to eliminate messages that otherwise make it through because they are legitimate in every way we can automatically process them. The number one way to get a ton of annoying email that may be on the borderine between legitimate commercial mail and an unsolicited one: generic email aliases. If you get info@, sales@, admin@ or so on, you are painting a giant bullseye on your Inbox and practically begging to be spammed.

3. Unsubscribe from newsletters
I know, I know, everyone that has your email address supports CAN-SPAM , would never send you unsolicited mail, would never sell their client list… and even if you believe all those lies most of the time, people still get hacked. All the time! As do their ISPs and infrastructure along the way. If you want to reduce the amount of junk mail you deal with, simply reduce the number of places that have your email address. Simple!

4. Don’t click on everything in your Inbox
Sometimes SPAM gets through. Sometimes dangerous stuff from your friends and colleagues gets forwarded around. Sometimes your antivirus isn’t up to date. Sometimes the firewall virus protection is misconfigured our expired. Things happen: none are a good excuse for the simplest thing you can do: avoid clicking on anything in messages that look or seem suspicious.

5. Do not blindly whitelist major ISPs
The second biggest source of SPAM complaints at ExchangeDefender is actually completely self-inflicted: people whitelist major email providers and wonder why blatant junk mail keeps on “slipping through” as whitelisted. Go through your whitelist entries in Outlook, etc and make sure you aren’t whitelisting Gmail, Outlook, Yahoo, Verizon, AT&T, Hotmail or any of the widely used and abused email domains. Spammers know your email admin doesn’t want to deal with complaints about messages you’re getting from these platforms so they treat them more leniently – so spammers simply abuse them.

It’s really that simple – following these steps will cut your junk mail pile in half within a day. If you want to reduce it to less than 1%, ExchangeDefender is here for you for less than a buck a month or you can layer it and add more protection if you need it because time is money: but no amount of technology and automation can replace just a little bit of common sense.

Federal Trade Commission
CAN-SPAM Act: A Compliance Guide for Business
The official website of the Federal Trade Commission, protecting America’s consumers for over 100 years.

So here is something that has always worked for me: everyone hates outages. Regardless of why I’m invited to speak to anyone about ExchangeDefender, and the billion problems we solve, I am here to help you with just one thing: uptime. If things are working, we can sort everything out, but the fear of the new unknown solution causing downtime is the #1 thing your client is thinking about. So address it first.

Posted by ExchangeDefender on Thursday, March 29, 2018

   What’s this video about? Live Archive.

So here is something that has always worked for me: everyone hates outages. Regardless of why I’m invited to speak to anyone about ExchangeDefender, and the billion problems we solve, I am here to help you with just one thing: uptime. If things are working, we can sort everything out, but the fear of the new unknown solution causing downtime is the #1 thing your client is thinking about. So address it first.

What is Live Archive?
Access your email via the cloud when outages happen.
Organizations are constantly facing internet and email outages, maintenance cycles and service unavailability. The key to productivity is being able to access your email even when outages happen Exchange Defender LiveArchive Business Continuity is the solution.
As you send and receive email, we make a copy and store it on our network – when you experience an outage you can just pull up a webmail system on your computer, tablet, or phone and continue where you left off.

Visit Exchange Defender: Email Security, Archiving, and Business Continuity solutions

 

Email encryption is on the rise, ExchangeDefender offers two types of encryption.


What is behind the growth in the adoption of email encryption?

Over the past year we’ve seen an explosion in sales of ExchangeDefender Email Encryption – which is a surprise given that we’ve not only had it for years but that we’ve also given it away for free. HIPAA has been around for over 20 years, dozens of other regulations that almost all companies ignore have been gone for just as long – so why now?

In one word: penalties.

Companies have long known that they can’t operate efficiently without email – and that they cannot just move files around “just to get it to them” once they see the penalties. But selling a service to someone that has avoided using or paying for it is never an easy discussion so here are the 3 quick questions that should lead you to an effective pitch in under 1 minute:

1. Who sends you encrypted messages?
2. Who could get hurt if this information went public?
3. What is your exposure? How much negligence insurance do you have?

The more they mumble, the more of those questions they cannot answer, the more details or costs or scope they don’t understand, the more they need it. End your question with this line: How comfortable would you be having this conversation in a legal deposition?

Grow your business: Positioning ExchangeDefender’s Encryption feature.


Elevator pitch: How to position ExchangeDefender Encryption as an answer to all of the above problems


→It is included in your ExchangeDefender Pro subscription and it’s transparent – no software to install, nothing to manage or configure.
You’ll be using the same process and same security major banks, health care providers and lawyers use – so you’ll be protected from most critical security exploits.
Finally, it’s dead simple to use – all your employees need to do is put [ENCRYPT] in the subject when they are sending the message. Doesn’t matter if it’s on the phone our Outlook or Outlook Web Access, it just works.

Ding. You’re done. It’s virtually impossible not to sell this service – and it’s desperately needed by anyone using email to do business or conduct confidential discussions. One more thing: Because encryption is transparent and on demand in the cloud, it also protects you when the security issue is on the recipients end – because email is never stored on their PC or device, if someone hacks their network they won’t be able to get to the info stored in your encrypted message!

If email is a business necessity then email encryption is it’s insurance policy.

If you discuss business over email, then anything confidential that should be in that email should be a matter of employee communication protocol: If you attach something sensitive to this message, you better encrypt it and CYA. This is the way things go at banks, with lawyers, with accountants, with realtors and at nearly every white collar job: Nobody wants to assume the liability so they’ll all do what it takes to protect the data.

And with high profile hacks and compromises in the news daily, is not having it worth risking the whole company?

 

Learn more about the do’s and don’ts when selling security solutions

Let’s face it, most IT solutions in the business process fail because users don’t use them. They don’t use them because they see it as another unnecessary time waster in the process they are already accustomed to and count on everything being yet another thing management will soon forget about because they don’t work the same issues all day long. Sound familiar? All the new, cool, better, smarter ways of doing something will always lose to users unwillingness and inability to change. Until someone loses their job or the company gets sued for negligence. Oops!                

So, what should you be talking about with your clients?

1.  Don’t talk about backups – talk about long term email archiving and ediscovery.
2.  Don’t talk about encryption – talk about safely getting data over without getting hacked.
3.  Don’t talk about SPAM – talk about fake senders, fake links
4.  Don’t talk about Phishing – talk about identity theft, compromised passwords and bank accounts.
5.  Don’t talk about Compliance – talk about setting business standards and avoiding lawsuits.
6.  Don’t talk about Web File Sharing – ask how they get important documents to their clients or vendors?
7.  Don’t talk about Malware – ask them what they currently do to protect their staff from taking down the whole office.

Your clients have been hearing about SPAM and Virus protection for over a decades now, they view it the same way they view every other software license cost – part of doing business. The problem in 2018 is that it’s no longer just the technology complexity dictating business spending, regulatory bodies and government are getting involved in it too. Nearly every industry is subject to some new regulation, record keeping process, security audit, assessment or other “time waster” that they will have to deal with. So start clipping news articles and send them headlines with the message “We really need to set you up with ExchangeDefender so you don’t end up in the next article” – and I don’t mean it in a sarcastic or fear mongering way at all, nearly a quarter of my office time goes to time travel discussions and things businesses wished they had in place before they got in trouble. Talk to them now.

The Bottom Line: 
Businesses you are trying to sell technical solutions to are already dealing with a lot of nightmares related to technology. They don’t want another thing to manage, report, customize, tweak and learn: they want something that reduces all of that work. That something is ExchangeDefender, all-in-one, end-user friendly email solution that removes things they don’t need to look at and makes stuff they are looking for easy to find.

I encourage you to talk to your clients less from a technical solution standpoint and more from the business process implementation. Yes, they may trust you because of your technical expertise but what you need them to understand (and what will ultimately earn you the business) is which business issues are going to be addressed by spending a few dollars a month. If they can identify with the problem, they will pay for it to go away because everyone is always trying to reduce costs and labor is the biggest one of them all. Help make them more productive. 

We’re almost done with the first quarter and I wanted to take a moment to brief you about the features that are driving sales the most. These figures were taken from the top 10% of our managed services partners (MSP) in the small and mid-market segment (so they aren’t skewed by distributors, ISVs and large government/enterprise orders). I want to give you an idea about what is selling out there and hopefully these are the same conversations you’re having (or should be having) in order to grow your business.

70%  of our MSP’s say these email security features are making them money in 2018.

.

Compliance Archiving

In Compliance with HIPAA, GDPR, Sarbanes-Oxley, SEC, PCI regulations.

We are continuing to see a massive shift from email backups to email Compliance Archiving. In a nutshell, our Compliance Archiving offers companies the ability to store up to 10 years of inbound, outbound, and interoffice email in the cloud where it meets dozens of regulator compliance, government and eDiscovery standards. Not only does it eliminate the pain point of managing backups, but it enables users to quickly and easily locate messages they are looking for on their own.

SPAM Filtering

Spam accounts for 14.5 billion messages globally per day. In other words, spam makes up 45% of all emails.

The more people move from their Exchange servers to the cloud (and Office 365) the more they realize how good they had it while their security was layered by their MSP managed solution. While everyone goes to the cloud hoping that “it’s good enough” SPAM filtering will work, companies quickly find out that the few bucks a month they were spending to keep trash out of the mailbox was really worth it. I have spoken to so many MSPs that couldn’t convince their clients to keep ExchangeDefender as they went to the cloud and that within a week of making a move to Office 365 they were right back on it – some unfortunately due to immediately failing an audit and phishing stuff flying through (more details on Phishing Protection and how to promote it later)

Encryption

Encryption use is no longer optional.

As we pick up the pace on the rollout of our Compliance Manager service, we are seeing a lot of sales made on the back of Encryption (free) and Corporate Encryption (addon) services. I’ll admit I have not spoken to a ton of people about it, but feedback we continuously get about the service is that regulatory requirements in several industries are finally starting to be taken seriously: health care, banking, mortgage/finance, CPA, and sales activity is typically the highest during Q1 and it’s also the time those industries go over their business process and direct their staff to use new services. Every time someone uses the encryption process in ExchangeDefender we seem to get more interest for the product from the third party that received the message so if you’re not promoting it, you’re missing out on real world demand.

 Our top email security solutions offer must-have features for any business.

As I mentioned in the introduction, these are the services that are in demand now – so if they aren’t front and center in your promotional collateral you should be talking to our marketing team (!!! Action Item). Remember that companies will not pay for a service that is nice to have or even one they are required to have – they’ll only pay for things that either grow the business or reduce problems and make workers more productive and profitable. SPAM filtering makes people more productive while encryption and compliance archiving make problems related to backups and lawsuits go away. Since these features are part of a service every single user interacts with daily, they aren’t like to want to cancel it, giving you the opportunity for a long-term revenue generator.


Interested in Becoming a Partner? Or simply want to learn more about  ExchangeDefender’s leading email security solutions? Either way, We’ve got you covered.

GDPR - GET STARTED

Our readiness kit contains valuable resources designed specifically to help businesses with GDPR requirements.

DOWNLOAD OUR GDPR READINESS KIT

IoT Security Solution

Introducing our newest security solution for IoT devices. Protect and secure your IoT environment with robust built in Security.

READ MORE

Are you an MSP?

See why you should consider our partner program. Become a partner at no cost, with no annual commitment, cancel anytime.

MORE INFORMATION