ExchangeDefender Blog

We’re moving things around a little to make the platform easier to use and to expose more of the ExchangeDefender security settings. The threats are only getting worse and we need to be more flexible in order to protect you.

Over the next few blog posts we will be introducing you to a more polished ExchangeDefender look as we consider user feedback and change around the overall user experience. It’s no secret that we’ve been making ExchangeDefender friendlier and friendlier and I can’t wait to reveal why… soon.

In the meantime, allow me to introduce you to the ExchangeDefender Advanced Settings. These settings are controlled under the Domain Administrator section of https://admin.exchangedefender.com:

ExchangeDefender helps bridge the need for security and productivity: If the security tool is too convoluted, takes too many clicks, features lots of paragraphs instead of intuitive controls — it’s simple to see why casual users get their security compromised and experience nothing but frustration just trying to get to their email.

We’re changing all that and look forward to introducing you to the new ExchangeDefender shortly.

In January 2021 we launched *our oAuth implementation* to help clients get rid of passwords. On May 19th, 2022 our legacy systems (existing email/txt 2FA/MFA) will be shut down and all ExchangeDefender services will rely on oAuth for authentication. Clients will not see a major difference and will login the same way they always have at https://admin.exchangedefender.com:

The new authorization backend will help improve the security of all users that rely on ExchangeDefender to keep them safe: better password policies, no need to reauthenticate every time you visit our services, support for hardware authentication devices and tokens, support for software authentication such as Google/Microsoft/Authy authenticator solutions, and a lot more.

The era where someone can get access to all your data just by guessing or hacking your password is coming to an end. More importantly, industry standards and cybersecurity insurance underwriters are requiring 2FA/MFA and this is a huge opportunity for our partners to deploy a more secure access to the arguably most insecure and public endpoint in every organization: email.

We look forward to keeping all your data secure and your users safe from dangerous email exploits.

Our latest webinar live session of 2022 just happened a few days ago, and we had so much to share with our partners. Topics covered included our newly launched sister company, 365 Defender, our new referral program that earns you cash rewards, and so much more. Today, we want to share with you the replay of the webinar featuring just the main highlights. You can always watch the replay video anytime by clicking here.    

365 Defender – providing affordable cybersecurity services directly to small businesses

ExchangeDefender’s overall strategy for 2022, as we recover from the covid-19 global pandemic, is to focus on enhancing our current cybersecurity services and software. There has been a huge shift in the IT workforce, and IT needs for the common small business which is why we launched 365 Defender. 365 Defender enables small businesses with no IT the ability to access affordable cybersecurity services. Why did we do this? The market demand was overwhelming, especially while we were all working from home. We started getting requests directly from businesses who were in dire need of security. Further, IT and MSP providers providers are specializing in more profitable areas leaving an under-served SMB space. 

New Phishing Firewall user experience

ExchangeDefender Phishing Firewall has received a major face lift. We’re making it easier to control where your users go when they aren’t paying attention. The new UI enables direct access to malware scans and site security reports. It also features an improved mobile interface with the ability for logging and auditing. Soon, the firewall will also feature phishing and security user training. The new firewall is automatic, and does not require any actions by the user.

In 2022, every business needs a (good) website

We just launched brand new custom website design packages for an affordable price. Currently there are two options: a full one pager website, and a premium three-page responsive website. Pricing begins at just $199, and as a launch promo we are offering our clients the ability to spread the payments over three easy monthly payments. Why did we start offering this service? In a recent survey, tons of partners expressed their website and maintenance frustrations. We knew that we could create a package that includes the website, hosting, and maintenance.

365 Defender Referral Program

Say hello to less work, and more commission with our new 365 Defender Referral Program. Earn up to $365 commission for every referral that becomes a client. When they subscribe to a service, they’ll get a $20 credit, and you’ll get a cash reward equivalent to their final sales amount. The process is simple – sign up for free, submit a company referral, and earn cash.

As you may have noticed, we have been focusing on the end user experience a lot more. Over the past few years our service and phishing protection have gone from being an IT tool to a cybersecurity service users interact with on a daily basis. For more details and to find out about all the new features we’re delivering this spring please tune into our webinar:

New Phishing Firewall

As we roll out these changes we’re actively seeking user input and feedback on the changes. We’re also offering a live version of the next stuff that you can test drive. Here is our current ExchangeDefender Phishing Firewall screen:

So much has changed since we launched this service years ago and we now have tons of UX data and client feedback that we can use to make the ExchangeDefender Phishing Firewall better for everyone.

Next time you’re on the Phishing Firewall look in the upper left under “Phishing Firewall is getting a new look! Check it out here!”. Clicking on that button will default the firewall to the new version every time you visit (you can roll back as well).

What’s new?

We’ve cleared the clutter and made it very obvious where to click in order to proceed. For the longest time our users didn’t know they could click on the link to proceed :emoji for shrugs:

From there we’ve enhanced the process that keeps the user secure. These features require the user to authenticate and all their repeat visits will feature the ability to apply org policies (for safe sites, thus bypassing the screen), manage personal settings and alert the user to potential danger ahead.

We’ve also integrated open security services that can scan any link on demand and identify the site reputation and possible malware content. Our enterprise clients also enjoy the ability to sandbox/proxy link content and to preview the web site without actually clicking it and opening it in the browser. Of course the ability to slipstream your brand and your support into the process is available to enterprise customers as well.

Let us know what you think! We’re looking for all the feedback we can get.

Ransomware attacks on U.S healthcare organizations are predicted to quadruple by 2021, according to recent industry reports. Hackers are increasingly targeting healthcare due to the vast amounts of personal health information, which is considered 50 times more valuable on the black web than their financial information. The need for the ability to secure personal information is urgent, and requires immediate attention of the medical industry.

2022 CYBERSECURITY CHALLENGES

Malware, ransomware, and viruses

M365 application threats

Phishing attacks

Information protection

Misleading websites

Employee error

Account takeovers

Hackers deploy malware and ransomware to shut down and control devices, and even servers. Many healthcare organizations tend store health information without proper encryption leaving them vulnerable to external threats. Phishing attacks have been the newest and most successful method of cyber-attacks in which cyber criminals send mass emails from “reputable” sources to obtain sensitive information. Hackers link these emails to misleading websites to entice the user to enter their personal information, mainly their username and password to gain complete access, and commence in account takeover efforts.

OUR SOLUTIONS FOR HEALTHCARE

Thousands of Healthcare organizations trust ExchangeDefender to protect their data, and to keep their employees, and client information safe and secure. We protect your practice from malware, ransomware, and phishing attacks using Email Security, our advanced multilayered security suite. We secure patients’ information by enabling our Email Encryption which offers military grade security and prevents data leaks. Healthcare practices must be HIPAA compliant, and rely on ExchangeDefender for Email Archiving and Compliance. This service ensures compliance with long-term tamper-proof email archiving and unlimited storage. Our Web File Server protects your organization from cloud application threats, enables your team members to upload, manage, and share documents securely. The service is encrypted, and provides full reporting of all activity for accountability and transparency. Security tip: To increase your organization’s resistance against cyber-threats, start with powerful email security, add web security and data protection, and to ensure that you always have access to email even during service disruptions, our email outage protection.


Are you a medical office looking for IT solutions? We can help, visit www.365defender.com to see our services!

89% of healthcare providers have suffered some type of data breach within the past two years.

Got too much Spam in your inbox? Phishing attacks becoming more frequent? We can help you.

The healthcare sector mainly consists of businesses that provide medical services, create medical equipment, and develop the drugs that fill our prescriptions. It is a gold-mine for big data that contains sensitive information about patients like date of birth, addresses, medical records, and so much more. 

We’re the original email experts. 365 Defender provides cybersecurity services to small businesses specializing in the healthcare industry.

365 Defender has been protecting medical companies against hacked email accounts, spear-phishing, and data leaks for over twenty years. Our healthcare clients rely on our security experts to keep their confidential data safe, and to ensure secure communications via email.

Services that we offer:

Email Security for Outlook and Gmail
Email Archiving
Email Encryption
Secure file sharing
DNS Management
Managed Email Hosting
Email outage protection
SMS Forwarding
IT Consulting


Ready to secure your medical office? Simply visit our website for pricing and service plan options.

www.365defender.com

Data encryption used to be optional, but not anymore. In the past, when we referred to encryption, we thought of hi-tech industries with high profile secrets. Encryption is the digital process of taking regular text, like your email or sms messages, and creating an unreadable “code” to protect the plain text. This proven method ensures the confidentiality of the original text. Now, your local small business, and local educational institutions require added security to protect their data from being hacked.

Education industry is a prime target for hackers

Surprised? We’re not. The education industry consists of services from pre-kindergarten all the way to post-secondary institutions. It comprises of organizations that provide lessons and training on a wide array of subjects.  These institutions, (both private and public) include K-12 schools, colleges and universities, and job training centers. Can you imagine the large volumes of sensitive data that the education industry holds? Every one you know, including yourself has received some form of education, and therefore have submitted personal information that can be stolen by hackers. The most common forms of information students and staff must submit include: DOB, social security number, home addresses, medical records, and more!

Current struggles that schools face

The biggest challenge that institutions face today is the ability to protect students and staff information. The sheer volume of data that a single school incurs in a single academic year is astronomical. Right now, the industry is lacking the security tools needed to store, and manage sensitive information.

The education sector is finding it hard to comply with the biggest data security mandates, FERPA, and HITECH.  FERPA or (Family Educational Rights and Privacy Act) is a federal law that gives parents the right to access their children’s education records. HITECH is The Health Information Technology for Economic and Clinical Health Act, which has to do with the use of electronic health records. This mandate protects educational institutions from penalties from lost or stolen data if they can prove that their data was encrypted prior to a breach.

From an internal perspective, one could assume that the adoption of an institution-wide policy mandating the use of encryption would be difficult, and time-consuming. In the past this may be true, but modern encryption is now cloud-based, and is easy-to-use making a full adoption fast and painless.  

The next big challenge is cost. Most schools have a budget for the year that determines what services they can afford. Before, having encryption involved physical disks and hardware making it extremely costly. However, the strongest encryption software products today are available online with no pricey overhead, or storage restrictions.

Big benefits from encryption awaiting Education sector

Every school, and training center should be rushing to use encryption. There are many benefits that could solve Education’s biggest data security challenges. Firstly, encryption enables secure, and compliant communications between educators, students, and parents. It would offer a secure method to share sensitive information, and would provide seamless collaboration.

Second, an encryption software would ensure data privacy. It enables schools to fully comply with current security mandates. Educators can create custom encryption policies that ensure that student data privacy is met by triggering encryption mechanisms automatically.

Using encryption would enable schools to have full visibility of all information being shared, read, forwarded etc. Educators can get instant confirmation alerts when students or parents access encrypted messages. The detailed reporting would satisfy both the FERPA and HITECH directives for educational institutions. 

ExchangeDefender specializes in law firm email and data security.

Hackers are making big money on the legal industry lately, and it seems to only be getting worse. Law firms are vulnerable to cyber attacks due to the nature of their profession. They handle very sensitive information about their clients like: financial records, company secrets, and health information. Cyber-criminals are taking advantage of the fact that the legal sector is slow-moving when it comes to securing their data. If you’re a lawyer, or work for a law firm, here are five major reasons why you should take measures to secure your company right now:

Reason #1: There is a dramatic increase of data breaches

Law firms pose a higher risk for data leaks due to their business nature of storing and sharing sensitive information. Data leaks are the most common result of cyber-attacks. Due to the lack of security used by many law firms, it is easy for hackers to perform data breaches via malware, phishing, and even denial of service.

Reason #2: Phishing scams are most popular

3.4 billion fake emails are sent each day. In 2020, 74% of organizations in the United States experienced a successful phishing attack. It is becoming increasingly difficult to decipher whether an email is a phishing campaign or not due to the growing sophistication in the attacks.

Reason #3: Hacked email accounts is a major problem

There is a hacker attack happening every 39 seconds, and email is the main use of communication for most professional services. Criminals can take over most of your accounts associated with your email once they have gained access.

Reason #4: Lack of security as a priority

Less than half of all law firms in the U.S use some form of encryption software with custom policies to protect their client’s privacy. This means that a lot of your client’s confidential information is just sitting on a laptop or computer unsecured.

Reason #5: Ethical & regulatory obligations are weighing in

To comply with the ABA’s rule 1.6: Confidentiality of Information, lawyers must make a reasonable effort to secure client information. To operate in an ethical manner according to the American Bar Association, lawyers should have security policies in place to ensure the protection of client data.


Bottom line: Cybercriminals love law firms as targets for their cyber attacks. It is crucial for the modern law firm to protect themselves against email-borne threats, and data leaks. ExchangeDefender specializes in law firm data security, compliance, and continuity solutions. The legal industry relies on ExchangeDefender to mitigate risks of cyber and email attacks. We secure your law practice, and protect your clients by eliminating the danger of data breach or ransomware.

ExchangeDefender recently launched affordable cybersecurity service plans for small businesses, learn more. The pandemic showed us a lot of security and technical vulnerabilities that our third-party clients were experiencing. This is why we created service plans that would benefit businesses directly. We love our partners, and our partner program and have no plans to change it. 365 Defender is our solution to those businesses that can’t afford an MSP, or are only looking for specific services.

At ExchangeDefender, it makes us really happy after hearing that a client has referred us on to someone else. In fact, it makes us so happy that we decided to reward those who are helping spread the word about our services.

How the Referral Program works

We made sure to make things as easy as possible. First, you identify a possible referral. Second, the referral goes online to signup for 365 Defender services. Third, you get paid commission for the sales amount. It is that simple!

How to get started

First, you’ll want to join our referral program. To submit a referral, simply enter a support ticket (as an inquiry is fine too) with the prospective sales information. We will contact the lead you provided us, and when a subscription is confirmed, we will provide you a one-time commission fee equal to the sales amount.

Ideas on where to gossip about us

  • Your website / blog
  • Facebook
  • Reddit profile
  • In your email signature
  • LinkedIn
  • Twitter

Some ideas on what to say

  • Looking for a powerful anti-spam software that is budget-friendly? You’ll want to check out 365 Defender.
    Message us to get a free trial code!
  • Don’t have a budget for an MSP but need security services? Try 365 Defender. Message me to get a
    7-day free trial code!

According to recent reports from the FBI, Phishing has become the most common form of cyber attack in 2020 and 2021. Phishing is a method that hackers use to steal your sensitive information like usernames or passwords. It is most often used for identity theft, where cybercriminals send a phishing campaign (via email) to gain access to your bank accounts, personal information, and more.

The goal of a Phishing attack is to: gain credentials like bank pin numbers, usernames and passwords, gain personal data like your name, home address, and email, and also medical PHI information like treatment information and insurance claims.

Where does Phishing happen?

Approximately 96% of phishing attacks are delivered by email. In 2020, it was estimated that 1 in every 4,200 emails was a phishing email according to a Symantec report. To put the numbers in perspective, for ever 1 second of internet activity, 3.4 million emails are sent.

There are also fake websites, social media accounts, and phone calls that are used by criminals to try to steal lucrative information. Beware of these websites, always check for the lock sign in your URL, and make sure that the spelling is correct.

What does Phishing look like?

Inside of a Phishing email you’ll find a malicious link, that (when clicked) will transfer you to a fake website that will request your credentials in the form of “logging in”. Most phishing emails, when you look at the subject lines, you’ll find that the following keywords are present, like:

  • Urgent
  • Request
  • Important
  • Payment
  • Attention

The email would appear to be from a brand that you trust, like Amazon, Microsoft, or Facebook. The email “from” address is not actually from the brand, but rather faked to appear like it is.

What happens when a Phishing attack has been successful?

2020 Phishing statistics show that about 90% of users cannot identify a sophisticated phishing email. It’s not because we’re dumb, its because the attacks are executed so well. It is becoming increasingly difficult for companies to secure their data because office workers are human, and humans make mistakes. After a successful phishing attack, about 60% of organizations lose their data, 50% are infected with ransomware and get their credentials or accounts stolen.


Need Phishing protection for your business? Keep your company and data safe with ExchangeDefender PRO!

Interested in learning more about Phishing protection, click here.