Employees are suddenly finding themselves working remotely due to the current health crisis of the Coronavirus that is sweeping nations across the globe.
As we protect thousands of businesses from the drastic uptick of phishing emails and ransomware attacks claiming they are from verified sources, we have noticed new tactics that hackers are using to fraud employees working from home.
Here are our top 3 cybersecurity implications of working from home:
- The lack of authentication and authorization
There is an increased need for two-factor authentication, monitoring access controls and creating strong passwords. Managed Service Providers should encourage their clients and end users to add additional security safeguards.
We recommend changing your password every 90 days, and enabling OTP/2FA to improve your account security. To manage this for ExchangeDefender, view user guide.
- Increased risk to cyber attacks
There’s an increase risk to attacks like phishing and malware, especially since employees will now likely receive an unprecedented amount of emails and online requests.
ExchangeDefender Phishing Firewall (EPF) automatically secures inbound mail by rewriting HTML links so they are forced through our firewall when you click on them in Outlook, Gmail, or any web-enabled email application.
To add a new web site to the Whitelist or Blacklist click on the + Add New button in your ExchangeDefender Admin portal. To learn how to manage this setting, click here!
- Unsecured BYOD (Bring your own device)
Remote working can successfully widen an organization’s attack surface. Mainly due to employees who use their own devices for work can introduce new platforms and operating systems that require their own dedicated support and security. As a result of so many devices being used, it’s likely that at least some will fall through the security cracks.
ExchangeDefender Pro offers users a VPN server to connect to in a secure manner no matter where they go. Public Wifi hotspots tend to have questionable security at best and can be used to compromise a device that is connecting blindly across the Internet. Connecting your phone automatically to a VPN can assure that email access (and all the confidential data in the email) can never be snooped on.
Webinar Announcement: ExchangeDefender solutions will soon be available “a la carte” to clients. Attend our webinar on Tuesday, March 31st at 12:00 PM EST. Register Now!
Dear ExchangeDefender Clients,
As you’ve come to expect from us over more than two decades, we’re open and ready to serve you 24/7. If there is anything we can do for you, please let us know at https://support.ownwebnow.com or just call us at 877-546-0316.
Our Orlando Headquarters has been closed to public since Thursday, March 19th. There is a county-wide curfew in effect starting tonight so we will not be accommodating visitors until further notice. Our data centers will also have restrictions on remote visits.
If you need any troubleshooting or maintenance related to your equipment, we will do our best to assist you, but physical access to assets will not be allowed until further notice.
While we regret that this inconveniences everyone involved, we want to assure you that we’ve got your back during this uncertain time. As Floridians we are accustomed to working remotely and we look forward to being as helpful as we possibly can be.
In other news, we have an upcoming webinar “ExchangeDefender Solutions Redefined” approaching on Tuesday, March 31st at 12:00 PM. Please join us to learn more about the new changes and expansions in our service portfolio. Register, click here.
Take a look at what we’ve been able to beta test over the past few weeks! The brand new version of ExchangeDefender’s ridiculously popular Web File Server (WFS) is launching in March and we wanted to give you a sneak peak:
Yup, we have our new UI running on it which will allow it to seamlessly integrate with ExchangeDefender email security services, Wrkoo business productivity products, and something else we’re not allowed to discuss yet. But in terms of a “smart” file server, it gives organizations unprecedented amounts of security controls for content sharing, revision control, and ability to be productive with access to everything no matter where you are and what device you’re using.
Vlad hinted at some of the more exciting changes that are coming up to WFS during the last webinar – the ability to purchase WFS without signing up users for ExchangeDefender, better branding and customization features, reporting, compliance, sync to cheap cloud services for backup, and much more.
But the most exciting feature has just left beta and we’re looking for clients that want to test the first production builds. We will be announcing it during the March webinar, but if you currently have a WFS client that has an extensive Personal Library please open a ticket with our team and ask for preview access.
To learn more about ExchangeDefender’s Web File Server, click here!
Small businesses are the target of most cyber-attacks due to lack of security protocols. In 2019, an estimated 80 percent of all confirmed data breaches occurred due to weak, stolen, or default passwords.
A password manager is a security tool.
A password manager is a centralized system that helps organizations store and manage logins and passwords that are critical to their business. The credentials entered into the password manager is stored with the highest form of encryption (military grade) to ensure top level security.
Yes, they are safe to use for business.
Yes! Top tier password managers are completely safe and can be trusted to protect your organization’s account logins. The best quality services make sure that your passwords are encrypted with AES-256 algorithm, which is U.S government approved.
And No, don’t worry – the folks working behind these password managers DO NOT have access to your credentials, it is encrypted on both ends.
All great password managers must have these top features.
An enterprise-grade password manager must be able to do the following, securely:
Offer Secure Password Storage
Passwords are encrypted with AES-256 algorithm, U.S government approved.
Provide Centralized Control
Store and organize all of your secured identities in an ultra-secure web interface
Enable Secure Password Sharing
Share passwords securely while maintaining the security of critical corporate data
Access from Anywhere
Access to the web interface must be available from any wifi-enabled device
3 reasons why a password manager is a must-have:
To Control Access to Your Critical Data
SMB struggle to manage password vulnerabilities meanwhile password reuse, and password sharing is on the rise.
To Make up for the Lack of Password Management Training
Most SMBs do not offer their employees password management training for the workplace.
To Reduce the Risk of Human Error
According to recent TechRadar reports, 90% of data breaches are caused by human error.
We have the right solution, meet Password Vault.
ExchangeDefender Password Vault helps organizations securely manage logins and passwords. Password Vault makes generating, storing, and sharing passwords easy and safe.
Top Benefits include:
Eliminating Password Fatigue
Eliminates the need to memorize multiple passwords by deploying a password manager for secure storage.
Centralized Web Access
The password management dashboard is available anytime, anywhere with a WIFI-enabled device.
Control access to admin passwords, securely share passwords with your team on a need-basis.
Managed by IT Experts
Password Vault is managed by ExchangeDefender, a cyber security firm with 20 years of active IT experience.
>> See full features
Every password used for your business is an entry way for a cyber-attack. A secure password management system makes it easy to secure all of your credentials in one powerful online interface. ExchangeDefender’s Password Vault offers small organizations an affordable smart password storage system, the ability to share passwords securely with co-workers, and so much more!
You can setup a password vault, company-wide in just minutes.
Sure, there are plenty of reasons to use Encryption to protect your sensitive data – but there are three key factors, that all organizations share in common. The current state of cyber security woes for businesses presents itself as a harsh fact: 88% of companies suffer a data breach due to non-encrypted emails with sensitive information being hacked.
So, what are the key drivers that persuade organizations to take encryption seriously?
1 – To comply with data security regulations and requirements
Organizations must comply, by using the proper security and storage protocols, with U.S and E.U regulations in order to be considered (legally) in good-standing.
2 – To protect intellectual property of the business
Trade secrets are a real deal, and are highly sought after by hackers for ransom and blackmail which often results in bankruptcy of the company due to lack of money and trust from customers.
3 – To protect customer information
Protecting customers and their personal information is at the forefront of security concerns for business. The rise of data breaches within the U.S shows that implementing stronger security protocols is vital to business continuity.
Our Solution: ExchangeDefender Corporate Encryption
For the modern workplace, all types of business communications are done via email, and now data exposure has turned into a problem of great magnitude. With just a single wrong-click, an employee could unintentionally expose secret company information, financial statements, contracts etc. In order for organizations to thrive on business continuity, they must protect their data by enabling an email encryption solution.
ExchangeDefender Encryption enables organizations to securely send, receive, and manage confidential email, providing an easy, seamless way to implement content protection.
Powered by ExchangeDefender, Corporate Encryption complies with the SOX, HIPAA, SEC and local government requirements for information encryption. It also integrates easily with our email hosting solution, and is compatible with all major email service providers – including Office 365, on-premise Exchange, and G-Suite for Business.
What types of Encryption do we use?
ExchangeDefender Corporate Encryption involves multiple systems to encrypt the message contents and notifications generated by the system.
ExchangeDefender uses SSL/TLS encryption of the SMTP communication between the client’s email server and the ExchangeDefender network. All traffic is automatically encrypted using the same level of security that is used with online shopping, banking, etc.
Managed Web Encryption
ExchangeDefender web servers are encrypted using commercial SSL certificates. Client configuration, email review, message retrieval and all services provided through ExchangeDefender websites are automatically encrypted and cannot be accessed through a plain-text process that bypasses encryption.
ExchangeDefender web servers, email servers, and routing hubs secure all client data through multiple layers of security including:
Complex account and login restrictions
Remote access restricted to ExchangeDefender NOC IP address space
All remote access sessions are recorded and authenticated
Administrators do not have access to client message data or configuration information
Keep business data safe with Encrypton
To protect your organization from data breaches, email encryption should be used as a preventative measure against tomorrow’s hackers. ExchangeDefender’s Email Encryption solution involves encrypting, or disguising email contents in order to protect sensitive company information from being read by unauthorized personnel. Our system is entirely transparent with no software to install, or manage on either end.
Explore full Corporate Encryption features
Protect your business communications for less than $5 a month*
ExchangeDefender has changed how our inbound nodes will handle emails delivered to our server when the sending server is on a Real Time Blacklist (RBL). Previously, RBL listings would cause emails to be rejected and not able to be delivered to the recipient (even if requested). Now, when a server is listed on a public RBL, the message will score high enough to classify as SURE SPAM instead of rejected back to the sender.
Changes to how ExchangeDefender handles Real Time Blacklisting (RBL) of the senders server will be visible to both the and MSP Customers.
Customers with STORE / QUARANTINE see a dramatic increase of items in the SURE SPAM quarantine, including email quarantine reports.
Customers with TAG AND DELIVER will see a dramatic increase of sure spam items delivered to their inbox.
MSPs will have two settings to control how RBL listings are handled with regards to matching whitelist rules. By default, whitelisted senders will override the RBL listing and will allow the scanner to ignore the RBL entry. MSPs will have an option within the domain’s phishing configuration with regards to handling whitelisted senders who wind up on an RBL.
The full migration to Exchange 2016 has proved to be extremely challenging, but with much success we are managing to move ALL of our clients hosted with us to the new platform.
New changes have occurred to our Service Manager to best compliment the new migration. Below, you’ll find explanations and screenshots of what you’ll be seeing from now on.
You can access your service manager inside our support portal via support.ownwebnow.com
- Clients must select the organization they would like to manage
- Once they select the organization, the list with all the domains mailboxes and distribution groups under that organization will be updated below
- It is possible to search for specific accounts or filter by domain
If you click the + Create button, a list with options will be displayed:
- New organization
- New mailbox
- New domain
If you click on create organization, a pop-up window will be displayed where you would have to type the name of the organization and add as many domains as they need at once.
If you click on new mailbox, a pop-up window will be displayed where you would have to select the domain and then type all the information for each one of the mailboxes.
Updates are as followed:
- The list of accounts is now grouping the records by domain, and sorting them by the display name in ascending order, that way it makes it easier to find accounts when you have a lot.
- From there you can change the password of multiple accounts at a time, create a distribution group based on your selection or add the accounts selected to existing distribution groups
- You can also delete accounts
If you click on Manage, another view will be displayed with the information of the account selected. From there they can:
- Update the information of their account
- Reset their password
- Create a forward rule
- Add aliases
- Configure their protocols
- Add permission rules
From there, if they want to create new aliases they just have to click on the button +Add alias
To add an alias they will have to pick a domain, and type the local part of the email (local part of the email is everything before the
@) and the alias automatically will be displayed in the table .
To update their protocols they just have to click on the switches to turn them on/off and click on save.
The permissions work pretty much the same way as aliases, with the exception that you have more options.
To add permissions, you must select the type of the permissions you would like to grant and the account (only accounts under your organization will be displayed that do not have a permission rule created for the same mailbox, that way there are no repeated permission rules for the same pair of mailboxes)
IMPORTANT CHANGES THAT COULD AFFECT THE USER’S EXPERIENCE:
- In Hosted Legacy, you could create Distribution Groups with no members and add the members later. In Exchange 2016, there cannot be empty Distribution Groups, so the only way to create groups now is checking the boxes of multiple accounts (mailboxes), and clicking on the button “Create new group”.
- In Hosted Legacy, there were no such thing as an “Organization”, in Exchange 2016 organizations were implemented to give our MSPs a way to group different entities like Domains, Mailboxes, Distribution Groups, etc under the same “Client’s structure” (organization), that way it will be for them to manage their clients since they have everything for each one of them in the same place.
- In Exchange 2016 you can create three types of mailboxes: Regular, Shared or Room (an explanation of each will be provided later).
The age of information has certainly changed the way in which people from around the world interact and communicate with one another. Businesses have been the hardest hit in trying to store and manage email communications that are critical to their organization.
A shocking 300+ billion emails are sent per day, with the average office employee receiving a shocking 130+ emails every day. The daily number continues to climb, so the question is: What can organizations do to successfully manage all of this data?
The Answer: Email Archiving for Business
Email Archiving solutions provide a systematic approach to storing email communications, both inbound and outbound email. ExchangeDefender Email Archiving provides encrypted, long-term storage, and email recovery. The solution also helps businesses achieve email compliance which requires organizations to be accountable and transparent by using a proper storage solution for their messages.
10 Reasons to get Email Archiving for your organization today!
1 – Immediate access all emails ever sent and received
2 – Automatic backup of all email communication
3 – Automatic backup of all contacts, calendar items, and other relevant data
4 – Achieve regulatory email compliance for HIPAA, GDPR, SOX, SEC and more
5 – Fast eDiscovery – speedy access to all emails to adhere to requests of information quickly
6 – Corporate email policy – Implementation and Monitoring
7 – Infinite storage of all email communications for 10 years or more
8 – Employee oversight – customize policies that are available organizational-wide to restrict the deleting of critical information
9 – Knowledge management – have oversight of what was sent, by whom, and when.
10 – IT productivity – significantly reduce mail server storage issues, in turn reducing additional server costs
Quickly access information about employee and end user communications with a simple eDiscovery search that can search on average, 10,000 inboxes at once. ExchangeDefender’s Email Archiving system takes all of your emails and stores them in a safe place, multiple times for redundancy. Of course, it is still possible to delete an email, but copies of those emails will be kept within the archiving system, which offers additional space storage to enhance your server capacity.
Keep business emails securely stored, with tamper-proof email archiving. ExchangeDefender Email Archiving provides encrypted, long-term storage, and email recovery.
Learn more about ExchangeDefender’s Email Archiving solution here.
We’re making massive changes to ExchangeDefender whitelisting policies that will make it easier (and safer) to allow trusted senders to bypass our SPAM filtering processes.
For 90% of you, this will just make whitelisting smoother and you don’t need to worry about the details.
For our system administrators and users who have grown infuriated with BATS (disposable email addresses) whitelisting, you’ll be thrilled to hear that we’ve launched a new white-listing service a few weeks ago that has been performing well enough in beta tests and will go into full production this week. The main issue we solved with the new technology is the management of bulk senders, but performance improvements alone and new features will be worth a look and full demonstration will be made during our next webinar.
The biggest problem with whitelisting, and an opening of an attack vector, is the prevalent use of BATS addresses. BAT, basic attention token, has become a standard tracking email address technology used by mass mail (bulk) senders. For example, the email address that the message was sent from appears to be: Vlad Mazek email@example.com
However, that is often not the actual address – it’s just the pretty, friendly, display address that Outlook shows you. If you open the message, the message is usually from something like firstname.lastname@example.org
New ExchangeDefender whitelisting service will step in and ask the sender to instead whitelist the domain itself, in this case massmailernode102.spammer.com or even wider. spammer.com. This setting will be on by default.
We will also be introducing gateway whitelisting for our enterprise and Pro clients, which will allow you to whitelist common bulk mail organizations entirely. While we do not recommend it, we understand that for some organizations it’s easier to just whitelist all mail sent by Sendgrid, AmazonSES, Constant Contact, etc than to constantly evaluate which ones to permit on a case by case basis. This setting will be off by default.
Another often requested feature, that is tied to the launch of the new Whitelisting code, is the ability to provide one-click access to report and manage white-list entries. Every user that enables this feature is doing so to better control their blacklists, and this setting will be off by default. When turned on, all received messages will have a footer in the message allowing the user to launch a complaint when something that looks like SPAM has been allowed through. The footer will only be visible on inbound messages and all tracking code will be deleted in replies, forwards, or messages sent from ExchangeDefender to the Internet.
We are rolling in a few more features that will be announced during our next webinar in March. If there is something you’d really love to see, please let us know, all these features are based on user requests so keep them coming!
The numbers are quite staggering for Microsoft – in a good way to mention, about 90% of all small business organizations use O365 as a critical application suite. The dependence on these cloud applications are great for productivity, but are not-so-great when it comes securing it.
Here are some quick facts:
25% of phishing emails bypass Office 365 Security
55% of employees admit to clicking on links they don’t recognize
58% of company (sensitive) data is stored in 365 documents.
Microsoft’s infamous cloud suite is known to have been under attack from hackers as they found O365 accounts to be easy targets due to the lack of security protocols.
“Researchers from Barracuda Networks have found that hackers are targeting Microsoft Office 365 accounts with a worrying degree of success.“
Forbes 2019 | Microsoft Office 365 Accounts Under Attack — What You Need To Know
ExchangeDefender’s solution – Cloud App Security
Protect Office 365 applications with advanced multi-layered security, and explore how our solution defends your digital workplace against cyber-threats.
protection works to prevent data breaches, malware, phishing attempts, and
Our top security features to secure cloud applications include:
- 256-Bit encryption in-transit and at-rest data security
- Detect and control accidental and/or malicious data leaks
- Data loss prevention with customizable policies
- Layered Redundancy – ensures secure email storage across multiple networks
- Secure Servers
- Two Factor Authentication / OTP
- Pattern-based encryption
- Multi-level Encryption policies
- Malicious Attachment Blocking
- Anti-Phishing Policies
- Protection against advanced malware and phishing attacks
- Email domain, attachment, and links screening and quarantine
- Malicious files and folders screening and quarantine
- DMARC Domain Fraud Prevention
- Whitelist/Blacklist Policies
- Automatic Signature Disclaimer
- Network Redundancy
- 24/7 U.S based support
- Real-time Reporting
- Receive alerts via email/text when unusual activity is discovered
- Full visibility into login locations, sharing and downloading activity
- Detect and control unsanctioned applications with risky permission settings
- Automatically prevent account takeovers with policy enforcement rules
ExchangeDefender’s cloud application security is vital to the modern business, ensuring advanced protection for the storing and sharing of critical data.
Our zero-trust solution provides O365 users immediate protection ensuring peace of mind for organizations who need to secure O365 – the application, the users, and the data that is stored within it.