ExchangeDefender Phishing Firewall and Microsoft Defender
Now and then Microsoft Defender will encounter something potentially dangerous when it’s processing your browsing activity. Most of the time it is just the URL of a site they’ve blacklisted.
Enter ExchangeDefender Phishing Firewall. We rewrite every URL going through our service to give our users an extra layer of security and prevent malware and phishing. If you’ve seen the xdref.com links in your email, that’s US keeping you from accidentally clicking on a legitimate link and getting a zero-day exploit compromising your PC. Well, Microsoft Defender looks at the same link and its contents and can flag an entire URL of your phishing firewall. Then you end up seeing this:
How do I get this resolved?
Since this URL is exclusively used by you and your clients, make sure you’re using ExchangeDefender Outbound Service to route outbound mail (our outbound service strips all the xdref.com URLs).
Next, please report the problem with the URL to Microsoft at this location:
https://security.microsoft.com/reportsubmission?viewid=url
How do I fix it?
There are two ways to solve this problem within your tenant at Microsoft 365. The fastest way is with PowerShell:
New-TenantAllowBlockListItems -ListType Url -Allow -Entries ~xdref.com~ -NoExpiration
The more user-friendly way to allow the URL is through the Microsoft Defender Portal at the following URL (make sure you’re logged in first):
https://security.microsoft.com/tenantAllowBlockList
Microsoft tends to move its security components around a lot so if the URL changes login to the Microsoft 365 Defender Portal and go to: Policies & Rules> Threat Policies > Rules section > Tenant Allow/Block Lists.
To learn more about Microsoft Defender and how to manage its security policies on this topic please see the following KB article.
Tip: ExchangeDefender recommends executing this process when the client is onboarded, but it will work at any time.
Cybersecurity and Healthcare: what you need to know
Ransomware attacks on U.S healthcare organizations are predicted to quadruple by 2021, according to recent industry reports. Hackers are increasingly targeting healthcare due to the vast amounts of personal health information, which is considered 50 times more valuable on the black web than their financial information. The need for the ability to secure personal information is urgent, and requires immediate attention of the medical industry.
2022 CYBERSECURITY CHALLENGES
Malware, ransomware, and viruses
M365 application threats
Phishing attacks
Information protection
Misleading websites
Employee error
Account takeovers
Hackers deploy malware and ransomware to shut down and control devices, and even servers. Many healthcare organizations tend store health information without proper encryption leaving them vulnerable to external threats. Phishing attacks have been the newest and most successful method of cyber-attacks in which cyber criminals send mass emails from “reputable” sources to obtain sensitive information. Hackers link these emails to misleading websites to entice the user to enter their personal information, mainly their username and password to gain complete access, and commence in account takeover efforts.
OUR SOLUTIONS FOR HEALTHCARE
Thousands of Healthcare organizations trust ExchangeDefender to protect their data, and to keep their employees, and client information safe and secure. We protect your practice from malware, ransomware, and phishing attacks using Email Security, our advanced multilayered security suite. We secure patients’ information by enabling our Email Encryption which offers military grade security and prevents data leaks. Healthcare practices must be HIPAA compliant, and rely on ExchangeDefender for Email Archiving and Compliance. This service ensures compliance with long-term tamper-proof email archiving and unlimited storage. Our Web File Server protects your organization from cloud application threats, enables your team members to upload, manage, and share documents securely. The service is encrypted, and provides full reporting of all activity for accountability and transparency. Security tip: To increase your organization’s resistance against cyber-threats, start with powerful email security, add web security and data protection, and to ensure that you always have access to email even during service disruptions, our email outage protection.
Are you a medical office looking for IT solutions? We can help, visit www.365defender.com to see our services!
5 reasons to secure your law firm right now
Hackers are making big money on the legal industry lately, and it seems to only be getting worse. Law firms are vulnerable to cyber attacks due to the nature of their profession. They handle very sensitive information about their clients like: financial records, company secrets, and health information. Cyber-criminals are taking advantage of the fact that the legal sector is slow-moving when it comes to securing their data. If you’re a lawyer, or work for a law firm, here are five major reasons why you should take measures to secure your company right now:
Reason #1: There is a dramatic increase of data breaches
Law firms pose a higher risk for data leaks due to their business nature of storing and sharing sensitive information. Data leaks are the most common result of cyber-attacks. Due to the lack of security used by many law firms, it is easy for hackers to perform data breaches via malware, phishing, and even denial of service.
Reason #2: Phishing scams are most popular
3.4 billion fake emails are sent each day. In 2020, 74% of organizations in the United States experienced a successful phishing attack. It is becoming increasingly difficult to decipher whether an email is a phishing campaign or not due to the growing sophistication in the attacks.
Reason #3: Hacked email accounts is a major problem
There is a hacker attack happening every 39 seconds, and email is the main use of communication for most professional services. Criminals can take over most of your accounts associated with your email once they have gained access.
Reason #4: Lack of security as a priority
Less than half of all law firms in the U.S use some form of encryption software with custom policies to protect their client’s privacy. This means that a lot of your client’s confidential information is just sitting on a laptop or computer unsecured.
Reason #5: Ethical & regulatory obligations are weighing in
To comply with the ABA’s rule 1.6: Confidentiality of Information, lawyers must make a reasonable effort to secure client information. To operate in an ethical manner according to the American Bar Association, lawyers should have security policies in place to ensure the protection of client data.
Bottom line: Cybercriminals love law firms as targets for their cyber attacks. It is crucial for the modern law firm to protect themselves against email-borne threats, and data leaks. ExchangeDefender specializes in law firm data security, compliance, and continuity solutions. The legal industry relies on ExchangeDefender to mitigate risks of cyber and email attacks. We secure your law practice, and protect your clients by eliminating the danger of data breach or ransomware.
What is Phishing? (a simple explanation)
According to recent reports from the FBI, Phishing has become the most common form of cyber attack in 2020 and 2021. Phishing is a method that hackers use to steal your sensitive information like usernames or passwords. It is most often used for identity theft, where cybercriminals send a phishing campaign (via email) to gain access to your bank accounts, personal information, and more.
The goal of a Phishing attack is to: gain credentials like bank pin numbers, usernames and passwords, gain personal data like your name, home address, and email, and also medical PHI information like treatment information and insurance claims.
Where does Phishing happen?
Approximately 96% of phishing attacks are delivered by email. In 2020, it was estimated that 1 in every 4,200 emails was a phishing email according to a Symantec report. To put the numbers in perspective, for ever 1 second of internet activity, 3.4 million emails are sent.
There are also fake websites, social media accounts, and phone calls that are used by criminals to try to steal lucrative information. Beware of these websites, always check for the lock sign in your URL, and make sure that the spelling is correct.
What does Phishing look like?
Inside of a Phishing email you’ll find a malicious link, that (when clicked) will transfer you to a fake website that will request your credentials in the form of “logging in”. Most phishing emails, when you look at the subject lines, you’ll find that the following keywords are present, like:
- Urgent
- Request
- Important
- Payment
- Attention
The email would appear to be from a brand that you trust, like Amazon, Microsoft, or Facebook. The email “from” address is not actually from the brand, but rather faked to appear like it is.
What happens when a Phishing attack has been successful?
2020 Phishing statistics show that about 90% of users cannot identify a sophisticated phishing email. It’s not because we’re dumb, its because the attacks are executed so well. It is becoming increasingly difficult for companies to secure their data because office workers are human, and humans make mistakes. After a successful phishing attack, about 60% of organizations lose their data, 50% are infected with ransomware and get their credentials or accounts stolen.
Need Phishing protection for your business? Keep your company and data safe with ExchangeDefender PRO!
Interested in learning more about Phishing protection, click here.
4 cybersecurity stats that every lawyer should know
Cyber-attacks on the legal sector are on the rise. Legal practices are big targets for hackers due to their access to sensitive information, and severe lack of security.
Here are four statistics that ring alarm bells in the industry:
Number one: One in four law firms have experienced a security breach of some kind. Even more have had malware or viruses according to a 2019 American Bar Association survey.
Number two: Data breaches cost your local small practice an estimated average of $36,000 dollars. To put in perspective, a new legal assistant salary for the year would costs the firm about the same price. Also, at least 31% of their clients terminate their relationship with the firm afterwards.
Number three: 61% of ransomware victims in the legal sector were Law Firms in 2020. It is the highest of the legal profession, with Courts, and Legal Services coming in second.
Number four: 94% of malware and ransomware attacks were delivered by email in 2020. There are new malware and viruses being discovered every day.
The bottom line
Law firms pose a higher risk for data leaks due to their business nature of storing and sharing sensitive information. ExchangeDefender provides affordable email security, email archiving, and email continuity solutions to the legal industry. One of our largest client bases, the legal industry relies on ExchangeDefender to mitigate risks of cyber and email attacks.
Secure your law firm, explore our small business plans today!
Email Security that protects your small business
Running a business isn’t easy, and protecting your business from cyber-threats is becoming increasingly more difficult. Hackers want it all, your personal and business details, your client’s payment information, and so much more! It’s no surprise that small businesses are prime target, about 43% of SMBs lack any type of cybersecurity defense plan. That means almost half of all small businesses don’t have any (cyber) security to protect them against cyber-attacks.
ExchangeDefender PRO is our crowned jewel, our most advanced multi-layered email security suite that protects your business against email-borne threats like SPAM, viruses, malware, phishing, spoofing, and more! Small businesses have smaller budgets, and we understand that which is why our cyber security solution starts at just $5 per user, per month. Adding security to your organization would bring peace of mind as it would safeguard your business against malware and sophisticated phishing attacks. There’s simply no excuse not to protect your business. We tell our clients, if you can afford a Big Mac from McDonalds, you can afford cybersecurity.
ExchangeDefender PRO stops email-borne threats
ExchangeDefender’s powerful email security suite offers a multi-level protection against email-borne attacks. The advanced threat protection features help defend users against threats hidden in emails, attachments, and links. Approximately 90% of all cyber threats originate via email, which requires businesses to have advanced threat protection. ExchangeDefender’s email protection goes beyond the average spam and virus filtering service.
ExchangeDefender PRO prevents data loss and theft
88% of businesses suffer a data breach due to lack of proper email security protocols. Our email protection enables companies to custom their own keyword policies, along with other sensitive data (credit card numbers, social security numbers etc.) they wish to keep private. ExchangeDefender PRO offers complete enterprise-grade threat protection that can help your company defend against the most sophisticated attacks, in addition to the more traditional threats like spam, viruses, and malware.
ExchangeDefender PRO prevents account takeovers
ExchangeDefender Email Protection keeps businesses a step ahead of hackers with AI-based threat detection. Corporate Account Takeovers has costed U.S businesses millions of dollars in 2019, and therefore has become the new focus of security concerns for SMB. ExchangeDefender PRO provides the strongest defense against spear phishing, account compromise and domain fraud. It offers protection to employees from falling prey to sophisticated email-based attacks.
It’s time for you to feel safe with our full stack email security solution, compatible with all major email service providers – including Office 365, on-premise Exchange, and G-suite for business. Get Started for just $5 per user, per month!
Riddled with data breaches, Healthcare needs encryption
The healthcare industry has seen a sharp increase of data breaches since the onset of Covid-19. As we encouraged minimal in-person interaction to minimize the spread, the rise of Telehealth services grew 46% in 2020. It is known that the medical sector has been slower than others when it comes to leveraging new technology. The lack of data security is apparent as 89% of healthcare providers have suffered some type of data breach within the past two years.
So, what’s the deal? Why is the healthcare industry such a big target for hackers?
The healthcare sector mainly consists of businesses that provide medical services, create medical equipment, and develop the drugs that fill our prescriptions. It is a gold-mine for big data that contains sensitive information about patients like date of birth, addresses, medical records, and so much more. Hackers target the industry with data breaches and ransomware to gain full access of medical information of millions of people. 41% of Americans have had their protected health information or PHI exposed in the last three years. The sector’s biggest challenge is managing and securing large volumes of sensitive data. It is extremely difficult to minimize security breaches, and reduce cyber theft when security is not seen as a priority.
Struggling with strict compliance standards
The nature of information that the healthcare industry collects, is subject to some of the strictest data privacy and compliance standards. Healthcare is unique as it manages large volume data that is constantly changing. Complying with data security standards is a major struggle for healthcare as they use Electronic Healthcare Records (EHR), and adopt new cloud technology. Patient EHRs enable doctors to treat via telehealth, and share data digitally which is encouraged by the HITECH act. Unfortunately, many hospitals and clinics have not implemented a secure method of sharing this information which does not fulfill HIPAA standards.
No security training leads to user errors
This is the fact of life, right? Users cannot manage something effectively without understanding how it works. Approximately 90% of data breaches in 2019 were caused by human error, a drastic increase from 61% two years prior. In general, human error is the leading cause of data breach within an organization. For healthcare, about 40% of employees have received no cybersecurity training whatsoever. This lack of security training is costing the medical sector millions of dollars in damages per year, with the average record stolen costing about $400 each.
Empower medical professionals to implement Encryption software
Healthcare professionals can easily send and receive secure messages with ExchangeDefender Corporate Encryption. Personnel can communicate sensitive data with confidence using a powerful, user-friendly web interface that can auto-detect personal identifiable information (PHI) like patient names, date of birth, lab test results, medical bills, and more! It can prevent accident data leaks by triggering custom policies that the organization creates based on security standards. Using Corporate Encryption will automatically help medical workers comply with HIPAA and HITECH regulations.
Interested in a free trial? Contact us today!
New Corporate Encryption users get first month free
ExchangeDefender’s Corporate Encryption solution is our rising star, and has become our best-seller for 2020. Recently, we loaded the original Encryption product with tons of new features, and relaunched it as a multichannel encryption software for small business. It is the first of its kind. Now, users can easily send and receive encrypted messages by email, url, or sms.
Service Highlights and Selling Points
Corporate Encryption features a powerful web interface for desktop and mobile, and can provide on-demand encryption using any email software out there.
One-click encryption is a major highlight with a custom addin available for both Outlook and OWA.
The software boasts powerful policies functionality with custom encryption options like automatic expiration and message destruction.
Corporate Encryption can also auto-detect sensitive information without human intervention. It recognizes patterns like account numbers, SSNs, and DOB. Plus, the service provides even more control with lexicons (keyword matching), and dictionaries.
Talk about advanced, the software also includes a Compliance Officer interface that manages violations of policies on an organizational level, increasing the COs control of sensitive data.
To see all of Corporate Encryption’s features, click here.
The Special Offer
Signup new clients to our Corporate Encryption service, and get the first month free. We’re currently running a special offer to encourage our partners to sell, as well as help boost 2021 revenues altogether. The first month is free with no charges from us, which means partners can make full profit off of the new users. If you have any questions, please do not hesitate to submit and support ticket. We would love to help you seal the deal, here are a few protips we have to offer:
Tip #1: Partners can also add a one-time onboarding fee for the added users which would increase the profit even more.
Tip #2: The (general) market price for Encryption ranges from $4 to $10 per user, per month. Selling our service would offer a generous profit per user as we are offering it for under $2.
Tip #3: Access our sales and marketing collateral for Corporate Encryption to help seal the deal. For any questions, please contact us.
Special offer expires 06/30/21
The best antivirus software for small business
There are tons of Antivirus software to choose from and finding the right solution for your business can be complicated. ExchangeDefender can help in assisting SMBs to make the right decision.
What makes a good Antivirus?
Any Anti-virus will do just that, to some degree, that is to fights viruses and other malicious software. Maintaining your personal identification and safeguarding your privacy goes well beyond standard virus protection. SMB’s must understand the difference between an average antivirus protection and outstanding antivirus protection. Don’t rely on just the antivirus that’s built-in to your computer applications.
The difference between good and GREAT
What makes a great Antivirus? A multithread and multi-layered protection approach scanning incoming data. Remember extra, matters – especially if they are within budget.
A few must-haves when selecting Antivirus protection:
- Real-time Protection against viruses, trojans, malware, spyware, and adware.
- Cloud based, User control, Firewall protection
- An Antivirus that works well with others, i.e., MaC, iPhone, and Android
- Attachment blocking and attachment policy management
- Stops identity theft by blocking phishing attempts
This is where ExchangeDefender comes in with our top-selling advanced security suite known as ExchangeDefender PRO. ExchangeDefender possesses enterprise-grade email security suite offering multi-level protection against email-borne attacks. It not only provides exceptional virus protection, but also, phishing, spoofing, attachment blocking, Fraud prevention and so much more.
Our commercial antivirus engines use up to six antivirus engines to scan each incoming message
Cyber attacks continue to rise in 2021
Cyberattacks are here to stay and data breaches are on the rise as we come into the new year, affecting business owners with financial loss, brand damage, and legal ramifications. It is imperative for businesses of all sizes to prevent data breaches. ExchangeDefender’s high Throttled Malware & Trojan Control – has a built-in identification system that tracks the message & attachment MD5 checksums and responds by temporarily delaying messages that match the bulk-mail criteria.
Malware Attachment Filtering & Sanitation is a must – The days of text-only SPAM are long gone. Today SPAM is distributed as a PDF, zip file, image, even an audio file! At the same time, we use our email as more of a file sharing mechanism than a communications platform. Subsequently, it is essential to understand the attachment type and what type of a threat it poses. ExchangeDefender analyzes attachments on multiple layers, using checks for file names, file types, MIME headers and archives to properly protect you from all dangerous content.
From a business perspective, your brand reputation could be on the line, a solid Anti-virus software service would prove essential to protect your company’s, files, systems, and sensitive data.
To learn more about ExchangeDefender’s advanced email security suite,
please click here.
Email Encryption: How you handle sensitive information
ExchangeDefender Email Encryption is a service that helps you control and distribute sensitive information. There is no shortage of solutions that help comply with the alphabet soup of regulatory requirements that help mitigate data leakage – the real challenge is making people that rely on encryption to be more productive.
We spoke to thousands of our users, across industries, to gain understanding for how they use the service and what would make it optimal. Here is their wishlist, delivered:
Encrypted Messages are about more than email
While Email Encryption services were designed to automate encryption of email that contained sensitive information, the practical use for email encryption is simply to securely deliver and track access of those messages. Depending on the urgency, sensitivity and the receiving party, ExchangeDefender’s Advanced Encryption Options make it possible to customize how long the message is available for, if the recipient needs to enroll in the service or simply click to view, who should be notified of message delivery/receipt/read status, and more.
ExchangeDefender is the only Email Encryption solution to feature multi-channel delivery of sensitive content. Simply put, organizations no longer only share data via email. Companies are now texting more than ever, as well as leveraging different portal and chat solutions to which sensitive content can be attached. ExchangeDefender enables you to send encrypted messages – automatically based on content or by your custom preference – but you can send it as an email, as an SMS/text message to a mobile phone, or as a URL link pasted on Facebook/Slack/Teams or any web or social media property.
Simply put, when you need to know that it got there securely and what they did with it afterwards, ExchangeDefender has the policies, processes, and automation to make it possible and simple.
Encryption isn’t an IT / CCO problem, it’s a business challenge
No software to install. No need to change any DNS records or move your email hosting. No devices or appliances to maintain or support. It takes just a few minutes to sign up for ExchangeDefender Corporate Encryption, add your users, and set the default corporate encryption policy and suggested lexicons/pattern searches to keep everyone secure. In minutes, IT’s job is done.
The real encryption challenge is with the people that rely on encryption to get things done. Staff that sends out hundreds of encrypted medical records each day. Staff that communicates sensitive financial information between multiple organizations. Staff that is more concerned about the message getting to the intended recipient that can easily access it – or they become the front line IT support for every recipient that can’t view the message, didn’t get the message, or worst case scenario, message was sent to the wrong party (you can revoke it at any time).
ExchangeDefender approaches the business challenge by helping the sender customize the environment and save settings to eliminate repetitive work.
Outlook or Outlook Web App
ExchangeDefender Corporate Encryption comes with an Outlook and OWA add-in product that adds buttons to the Outlook/OWA ribbon. Safe delivery of sensitive information is really just a click away: just click on encrypt. This approach removes the need for the web interface entirely, and follows the default encryption policy as defined by your IT and Chief Compliance Officer.
Activity
Most of encrypted email work is related to message delivery: When you want to know that they got the message and what they did with it. With traditional offerings this is a painful process of searching through tons of email notifications – but ExchangeDefender takes that a few steps forward.
ExchangeDefender Corporate Encryption features a powerful Activity tab that enables users to see live activity across all the messages they’ve sent recently. For example, if you’d like to know whether the recipient attempted to print or forward a message you restricted them from printing or forwarding, you’ll find an alert on the Activity page. If you send a ton of mail, our powerful search will help you define the actions you’re looking for, search for a specific time period, or just search by text/subject. From there you can export it to Excel, PDF, CSV, or just print out the report.
If you don’t send a lot of messages or dislike constant email notifications from encryption services, we’ve got you covered as well. ExchangeDefender features a weekly email report that shows you all the messages you sent and the associated activity.
Management Default Policies
ExchangeDefender makes it really simple to define a corporate security policy that automates the encryption of sensitive information. Whether you want to screen for standard personally identifiable information (PII), or use one of the predefined lexicons for a number of industries, or you want to define a default corporate policy to keep all users secure, ExchangeDefender has you covered.
Sender Policies
ExchangeDefender keeps its users productive by eliminating the user interface clutter – a byproduct of a highly flexible and customizable interface. Sending an encrypted message is simple and requires no training by design, the entire process is obvious and intuitive.
To be productive, you will need to rely on some of the more advanced features of ExchangeDefender Encryption that help control notifications, message rights, message age, and additional security requirements. ExchangeDefender allows you to save your policy customizations as a new policy, so that all the settings you configured can be reused and reapplied with just one click, on demand.
The Encryption Opportunity
The purpose of email encryption is to help automate the encryption of sensitive information. ExchangeDefender excels at this requirement with domain policies, lexicons, advanced pattern searches, and custom policies.
There is a lot more to encryption when you consider the people that rely on it to do their job – and ExchangeDefender offers Outlook/OWA addins to make encrypted email as simple as a mouse click. From there we provide powerful Activity reports in the encryption portal that allows you to search for messages, activities, and even filter down to the right time frame. Because encryption isn’t only about sending – it’s about knowing that the message was received securely – you can create custom reports that can be printed, saved, or exported to Excel.
Ultimate opportunity is in realizing that message encryption needs to evolve with how we work. Covid-19, office closures, physical distancing, and reducing touch points has made us all rely on social media, chat platforms, portals, and social media to communicate with our coworkers, partners, and clients. We now share sensitive information via email but also over the web and via text/sms to mobile devices. ExchangeDefender supports them all, secures them all, and enables secure productivity.