encryption Tag

Data encryption used to be optional, but not anymore. In the past, when we referred to encryption, we thought of hi-tech industries with high profile secrets. Encryption is the digital process of taking regular text, like your email or sms messages, and creating an unreadable “code” to protect the plain text. This proven method ensures the confidentiality of the original text. Now, your local small business, and local educational institutions require added security to protect their data from being hacked.

Education industry is a prime target for hackers

Surprised? We’re not. The education industry consists of services from pre-kindergarten all the way to post-secondary institutions. It comprises of organizations that provide lessons and training on a wide array of subjects.  These institutions, (both private and public) include K-12 schools, colleges and universities, and job training centers. Can you imagine the large volumes of sensitive data that the education industry holds? Every one you know, including yourself has received some form of education, and therefore have submitted personal information that can be stolen by hackers. The most common forms of information students and staff must submit include: DOB, social security number, home addresses, medical records, and more!

Current struggles that schools face

The biggest challenge that institutions face today is the ability to protect students and staff information. The sheer volume of data that a single school incurs in a single academic year is astronomical. Right now, the industry is lacking the security tools needed to store, and manage sensitive information.

The education sector is finding it hard to comply with the biggest data security mandates, FERPA, and HITECH.  FERPA or (Family Educational Rights and Privacy Act) is a federal law that gives parents the right to access their children’s education records. HITECH is The Health Information Technology for Economic and Clinical Health Act, which has to do with the use of electronic health records. This mandate protects educational institutions from penalties from lost or stolen data if they can prove that their data was encrypted prior to a breach.

From an internal perspective, one could assume that the adoption of an institution-wide policy mandating the use of encryption would be difficult, and time-consuming. In the past this may be true, but modern encryption is now cloud-based, and is easy-to-use making a full adoption fast and painless.  

The next big challenge is cost. Most schools have a budget for the year that determines what services they can afford. Before, having encryption involved physical disks and hardware making it extremely costly. However, the strongest encryption software products today are available online with no pricey overhead, or storage restrictions.

Big benefits from encryption awaiting Education sector

Every school, and training center should be rushing to use encryption. There are many benefits that could solve Education’s biggest data security challenges. Firstly, encryption enables secure, and compliant communications between educators, students, and parents. It would offer a secure method to share sensitive information, and would provide seamless collaboration.

Second, an encryption software would ensure data privacy. It enables schools to fully comply with current security mandates. Educators can create custom encryption policies that ensure that student data privacy is met by triggering encryption mechanisms automatically.

Using encryption would enable schools to have full visibility of all information being shared, read, forwarded etc. Educators can get instant confirmation alerts when students or parents access encrypted messages. The detailed reporting would satisfy both the FERPA and HITECH directives for educational institutions. 

ExchangeDefender specializes in law firm email and data security.

Hackers are making big money on the legal industry lately, and it seems to only be getting worse. Law firms are vulnerable to cyber attacks due to the nature of their profession. They handle very sensitive information about their clients like: financial records, company secrets, and health information. Cyber-criminals are taking advantage of the fact that the legal sector is slow-moving when it comes to securing their data. If you’re a lawyer, or work for a law firm, here are five major reasons why you should take measures to secure your company right now:

Reason #1: There is a dramatic increase of data breaches

Law firms pose a higher risk for data leaks due to their business nature of storing and sharing sensitive information. Data leaks are the most common result of cyber-attacks. Due to the lack of security used by many law firms, it is easy for hackers to perform data breaches via malware, phishing, and even denial of service.

Reason #2: Phishing scams are most popular

3.4 billion fake emails are sent each day. In 2020, 74% of organizations in the United States experienced a successful phishing attack. It is becoming increasingly difficult to decipher whether an email is a phishing campaign or not due to the growing sophistication in the attacks.

Reason #3: Hacked email accounts is a major problem

There is a hacker attack happening every 39 seconds, and email is the main use of communication for most professional services. Criminals can take over most of your accounts associated with your email once they have gained access.

Reason #4: Lack of security as a priority

Less than half of all law firms in the U.S use some form of encryption software with custom policies to protect their client’s privacy. This means that a lot of your client’s confidential information is just sitting on a laptop or computer unsecured.

Reason #5: Ethical & regulatory obligations are weighing in

To comply with the ABA’s rule 1.6: Confidentiality of Information, lawyers must make a reasonable effort to secure client information. To operate in an ethical manner according to the American Bar Association, lawyers should have security policies in place to ensure the protection of client data.


Bottom line: Cybercriminals love law firms as targets for their cyber attacks. It is crucial for the modern law firm to protect themselves against email-borne threats, and data leaks. ExchangeDefender specializes in law firm data security, compliance, and continuity solutions. The legal industry relies on ExchangeDefender to mitigate risks of cyber and email attacks. We secure your law practice, and protect your clients by eliminating the danger of data breach or ransomware.

Recently, Cybernews reached out to ExchangeDefender CEO, Vlad Mazek to learn more about how we keep businesses safe from cyber-attacks using top of the line security solutions. The informative discussion centers around the topic of cybersecurity, and what that means for the modern business.

With the recent rise in phishing attacks, it is smart to double-check if it’s really your coworker that emailed you.

By now, it’s probably hard to find an Internet user who has never received emails from someone claiming to be a long-lost relative who wants to share their fortune. While the majority of us are familiar with this type of malware, phishing attacks shouldn’t be underestimated. Nowadays, when threat actors start to include more personal details, posing as coworkers or even bosses, staying vigilant is key.

To discuss the topic of cybersecurity and phishing prevention, we reached out to Vlad Mazek, the CEO of ExchangeDefender, a company eliminating email threats before they even reach your inbox.

ExchangeDefender has been providing various security solutions for more than 2 decades. What was your journey like throughout the years?

We originally started ExchangeDefender to improve the reliability of our Microsoft Exchange servers by offloading all the security tools to a more scalable infrastructure. Over the years we’ve expanded our security portfolio to protect other email servers, as well as deliver more secure ways to rely on common office tasks such as file sharing, collaboration, and compliance.

Can you tell us a little bit about what you do? What are the main problems you help solve?

We used to say “We kill SPAM for a living” and to this day we simply eliminate common threats that lead to security compromises and service outages by providing email encryption, long-term archiving & eDiscovery.

We make it easier to rely on email for secure and reliable communication; which we do by keeping potentially dangerous content away from your webmail, mailbox, desktop, or phone. Simply put, we make it easy to get things done more securely.

What technologies do you use to detect and stop threats in their tracks?

We primarily rely on our internal early warning system which tracks unusual activity from known threat actors. Because of our size and client base, we often have the luxury of being among the first to be targeted which helps us identify safe and unsafe developments before they go “viral”.

We also participate in many proprietary, open-source, and data/intel sharing projects that help raise the security profile of everyone involved.

How did the pandemic affect the cybersecurity landscape? Were there any new features added to your services?

Pandemic actually improved the security landscape for our clients because they suddenly had to shift to a remote work model which inherently came with more stringent security requirements and more awareness for security policies and secure collaboration.

We noticed a significant shift from traditional office communication methods to SMS/TXT and we moved quickly to make all of our services SMS-aware. Mobile phones have become a security identification token, a mobile presence device, and far too often a failover computer. That’s why we invested heavily in extending our services to meet our clients’ needs to go beyond just sending email messages.

What sectors (for example, financial, healthcare, etc.) do you think should put extra attention towards email security?

The best way to answer this question is to think like a hacker because for them it’s not personal, it’s business.

Organizations get compromised for one of two reasons:

  1. They have assets (data) that are valuable
  2. They have a reputation that is valuable

If you have a lot of valuable data or a trustworthy relationship with your clients, you’re a valuable target regardless of your industry. It would be difficult to hack a financial institution because they have dedicated IT and security teams, go through routine audits, and can respond to threats quickly. Compare that to a small CPA firm that uses standard tools and an antivirus bundle that came with their PC.

When it comes to cyber threats carried out via email, what are the most common ones?

Email is the most popular way to get cyber threats into an organization, according to a recent study over 90% of security compromises started with email and it has not changed significantly in the past few years: the #1 cyber threat is from spear phishing. Spear phishing is a practice of forging the identity of the sender and the look of the email to something the recipient would find trustworthy enough to click on. What has changed significantly is the end goal of spear phishing:

  1. Deployment of RAT (Remote Access Trojan) software
  2. Theft of PII (personally identifiable information)
  3. Theft of security credentials

This list actually flipped in the last two years mostly due to the sophistication of RAT software that can give an attacker access to the entire network instead of just a single PC or cloud account. The latest variants target UEFI bios which keep the threat in place even after you get rid of the infected hard drives. As these threats evolve, they also highlight other security issues on the network which makes them difficult to remove and require constant monitoring.

With so many teams working remotely nowadays, what are the best practices when it comes to secure file sharing?

The single most important recent advancement in overall IT security that really deserves wider adoption is the use of MFA/2FA/OTP: multi-factor authentication that requires secondary verification before accessing any sensitive system or information. Working remotely, outside of a managed network and access to IT staff, creates a new universe of security threats that should be mitigated by:

  1. Deploying & requiring MFA for access
  2. Deploying a more aggressive backup and imaging solution
  3. Controlling and reducing the attack surface (by limiting access only to required web sites & services)

Besides secure collaboration solutions, what other security measures do you think modern companies should invest in?

You are probably already spending too much on overlapping, redundant, and underutilized security solutions.

The best security investment you can make today is to get an audit of your existing security portfolio and its integration. Being secure doesn’t come simply from paying for a security software/service license – it has to be properly integrated, configured, and monitored in order to truly keep users away from dangerous content. Due to the chronic lack of security focus and the habit of deprioritizing security for the sake of end-user comfort, many organizations find themselves in a perilous situation with cyber insurance demands.

We are seeing organizations getting compromised not because they don’t have security solutions or adequate training but because they don’t take the time to properly and fully implement the security solutions they are already paying for. An overwhelming majority of ExchangeDefender subscribers rely on less than 30% of the security features they already pay for.

Can you give us a sneak peek into some of your future plans for ExchangeDefender?

Our biggest technical investment for 2022/2023 is to make it possible to access external content (email attachments, files, messages, sites & services) in a secure online sandbox environment where dangerous content wouldn’t even have a chance to reach the user’s desktop, phone, or network.

Our biggest investment is in the area of security audits and assessments. While there is always a shiny new tool or service that promises better security, our data indicates that it’s rarely the lack of a tool, and more often the lack of proper deployment and management of sensitive information that leads to a security compromise.

We’ve helped countless businesses that have been compromised over the years and it usually comes down to neglect of security processes combined with a lack of a plan to respond and recover from a hack. Our future plans are to help organizations change that scenario because cybersecurity isn’t something you buy, it’s something you do.

To celebrate the launch of our new small business service plans, we are currently offering 30-day free trials for any service. Interested in ExchangeDefender? Please visit www.exchangedefender.com/business to request your free trial today!

A new webinar for October 17th at noon has been scheduled! We’ve been working around the clock to provide our partners, and their clients new features that make all of our work process easier, and more effective. Cool things that are happening as of today, October 1st :

Exchange 2016, Finally

The new exchange 2016 comes with a lot of new features. We’re particularly excited about the ability to create shared mailboxes, and manage password and lockout policies.

Corporate Encryption

You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.

SPAM Reporting

New ExchangeDefender SPAM Email Reports are launching on October 1st 2018 and we’ve made several significant changes to the look and feel based on user feedback.

Friendly Names

You’ve only been waiting 20 years for this feature and we’re happy to finally deliver it: ExchangeDefender will now show friendly display names and email addresses, giving you a better idea of who the email sender is.

Watch ExchangeDefender’s CEO, Vlad Mazek discuss newsworthy topics to be discussed during the upcoming webinar on the 17th at noon. Stay tuned as we share key advancements of our products and within the company. Reserve for the webinar now!

 

ExchangeDefender Encryption Enrollment Account Reset

Encryption is hot – with daily news of hackers breaking in or compromising one system after another, taking that extra step to make sure your information is safe and secure has never been on the minds of business owners more. We may sound like a broken record when it comes to encryption but it is one of our more popular products and today we’re happy to announce another quick feature that is coming.

October 1st: You can now reset your recipients accounts (PIN+Password) in Corporate Encryption.

ExchangeDefender Corporate Encryption has an alternate [ENCRYPT] flag that can allow the users to encrypt messages on demand and require the recipient to enroll in the ExchangeDefender Corporate Encryption in order to access the message. Enrollment process is quick and simple and requires the recipient to provide their name and phone number along with a selection of a password and a 4 digit PIN. This additional security step is put in place to eliminate man in the middle attacks where a hacker may have compromised the firewall, disgruntled employee is trying to spy on inbound mail, or a variety of other threatening issues. It is the ultimate layer of protection because PIN is only known to the user.

If you support ExchangeDefender Corporate Encryption, you’re going to like this feature a lot because you’ve likely had to deal with the inevitable case of a recipient forgetting both their password and their PIN. Since we have no way to verify the users identity, we’ve always processed reset requests manually. Now, this process is automated.

Just go to admin.exchangedefender.com and login as the domain administrator.  If you subscribe to Corporate Encryption you will see it under the Configuration menu. Simply type in the recipients email address and their account at ExchangeDefender will be reset allowing them to enroll again.

As a security precaution, they will not be able to see emails sent to them prior to the enrollment period – only new messages after they have created their account. On the backend, there are additional checks in order to make sure that this is actually a user that receives email from your domain, etc, etc so we don’t open the door to a malicious ExchangeDefender client attempting to reset accounts of unknown contacts. Obviously there is far more going on in the background that we cannot disclose in a blog post but if you’re interested in the technology, we have patents pending on several of these and would be happy to discuss privately.

There you have it, October 1st. Another cool feature that will save a lot of time for our users while keeping everyone just a little bit safer. We’re adding more features all over the place so please stay tuned to our blog and our Facebook page.

 

Email encryption is on the rise, ExchangeDefender offers two types of encryption.

Corporate Encryption

ExchangeDefender Encryption (Corporate Encryption) has been one of our hottest products for years, the demand for it is fueled by daily news of exploits, hacking, data theft and so on. Just last night, one of the largest retailers in the world was exploited and for over a month hackers stole credit cards and client information. This sort of daily reporting is creating an unprecedented demand for encryption products, with Let’s Encrypt becoming the largest SSL certificate issuer on the planet.

One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected.

When it comes to email encryption things get a bit more confusing, complicated, fragmented and unclear. One thing remains, if the data you are sending or receiving is sensitive to you it’s your responsibility and best interest to assure it is protected. Whether you’re the sender or the recipient. Unfortunately, email alone isn’t secure enough by design and <big deal>it is the most exploited and hacked medium available.</bigdeal> . Why hack a bank when I can hack your mailbox and get all your accounts, credentials, reset mechanisms, notes, private information and more?

This is where ExchangeDefender, and ExchangeDefender Encryption, become such a big deal and such a valuable <i>service</i> for your business. You can exchange emails back and forth securely, without installing any software, without requiring the recipient to install any software. Your still use your same email program, desktop, mobile phone, tablet – but your information goes from point to point in an encrypted and protected process. Not just that but you get things you typically can’t get from IT – knowing when the message was was received, when it was read, how many times it’s been read, and you get a reply in the same secure way.

Request your complimentary branded marketing collateral. Looking for something else? Give us your feedback.

It’s clear to see how easy and essential selling ExchangeDefender Encryption is: but you can’t show up empty handed. We have marketing collateral available for our partners – Click on the PDF to download. 

 

ExchangeDefender Corporate Encryption
ExchangeDefender Corporate Encryption

ExchangeDefender Corporate Encryption now allows you to send encrypted attachments and share files securely from any device, even many of you that aren’t on Microsoft Outlook/Exchange. It was one of the more popular parts of the webinar we held yesterday (hope you had a chance to attend it, you can watch it anytime in our secure portal at https://support.ownwebnow.com)

ExchangeDefender Corporate Encryption was designed to eliminate the pain point of traditional key-based email encryption: too much software, too much management, exchange of public keys, software deployment, and more. It also eliminates the complaints about cloud based solutions that are often clunky, unfriendly, not to mention expensive. ExchangeDefender Corporate Encryption is none of those: it is friendly, affordable, requires no additional software or hardware.

And as of this week, it allows the sender and the recipient to exchange attachments so that the content is encrypted in both directions. Furthermore, because it is cloud based, you can resume work when you get back to your desk. The upgrades to the UI allow you to quickly see new messages, respond to them, or forward them elsewhere. It is truly turning into a highly secure, policy-based, email solution for businesses that require compliance and content security.

We’ve also made the UI more friendly by putting actions on top of the page so that it resembles popular webmail products end users have gotten used to for over a decade. Attachments are a lot more prominent and go both ways: not only can you send them, but when the recipient logs into our portal to reply they can attach anything they want to in response as well – assuring that content is protected and encrypted at all times.

 


ExchangeDefender 9 is off to a fantastic start, as mentioned in the previous post we’ll keep you up to date with any new bugs and fixes as we find and fix them here (http://www.exchangedefender.com/blog/2018/08/exchangedefender-9-launch-bugfix/). Great news on that front is that the entire codebase is new and thanks to new development methodology fixes for minor issues won’t take long. Neither will the addition of the new features: which is what we’d like to discuss today.

The following big features are coming in September and we’ll cover them in detail leading up to the release: ExchangeDefender encryption is getting a major upgrade in threaded conversations and ability to include attachments both ways, our support portal will begin mixing in live chat and status updates so you know immediately where your ticket is in our system and who is working on it, and we’re taking a major step forward to help you manage your security credentials.

      ExchangeDefender Encryption Upgrade

ExchangeDefender Encryption is getting a major expansion of features when it comes to handling files and conversations. Specifically, we never want you to have to leave the ExchangeDefender web site in order to communicate effectively and securely. Starting in September, we’re adding two major features to enhance our clients ability to exchange secure content with remote recipients: threaded views and attachment uploads.

Presently, only our clients (protected by ExchangeDefender) can send encrypted attachments. Soon, senders and recipients will be able to work through our portal to send encrypted contents back and forth. The way we’ll present the entire conversation will really take our clients productivity to the next level.

     Support / Ticket Live Chat

We’ve been testing a live chat/alert/popup functionality in our support portal where we can huddle up and work on the ticket in realtime with the entire team. This is a far cry from the traditional model where a ticket is accepted, assigned, worked on and completed by a single tech within a SLA mandated period of time.

In the new model, we all have the ability to work on every issue at once and quickly add relevant resources to the conversation: which is effectively what the new support is going to look like. So instead of a ticket being a single monolith of a problem that is handed from one person to the next in it’s entirety, we can now break it down into manageable pieces and a senior engineer can quickly pinpoint, triage and offer guidance that would let other technicians that are available assist the client far faster.

You will also be able to see who is viewing and working on your ticket and where/when the next update will come – this will eliminate the need for phone calls, escalation/status update requests and so on because the system is 100% reactive to what is going on – if the engineer is looking at the ticket they have a counter and they are printed on the ticket. We look forward to extending this functionality to our clients in September, we’ve been using it internally to raving reviews by our staff.

    Password Policy Enforcement

ExchangeDefender is a security product – one whose origins and some features trace back to the 90s. In the past 15 months the product has been rewritten entirely, giving us far more flexibility to help you manage your users and their passwords. In September we will start storing passwords with irreversible encryption and complying with many new technologies such as Magic Link that will make password tracking a thing of the past. Additionally we’re rolling out 2FA/OTP across ExchangeDefender with our own API to extend to other applications in the ExchangeDefender universe.

There will be many more features coming along as all our departments have stepped their game up – but these major ones will definitely change the way you work with ExchangeDefender and how much we’re able to do for you and your clients. Privacy, security and management are in the news every single night and we hope to give our clients and partners a level of control over their data that will make it easier for them to sleep at night.

 

 

 

That Four Letter Monster: GDPR

We know – you’re tired about hearing about GDPR – and you’ve probably received a billion emails about it from marketers all over the world urging you to “confirm” your subscription. As our CEO recently posted on Facebook:

“There were two kinds of IT people this week on Facebook – those that whined about
GDPR and those that got richer as a result of it.”

You can hear more of Vlad’s unfiltered thoughts on GDPR in the Game Changer webinar held earlier this month, but needless to say the GDPR is something that is here to stay and with every public privacy breach the notion of government regulation worldwide is going to start with GDPR as the foundation.

What this means for you – regardless of whether you’re the CIO or an MSP partner – is that client data privacy, disclosure, search, and reports will start consuming more of your time.

Do you currently have a solution in place that can quickly tell you what sort of data you have on your clients? Beyond your CRM.

What about the invoices that get emailed out with account numbers and addresses?

What about any contracts or agreements that got emailed back and forth?

I think you see where we are going with this: you need to prepare your IT for eDiscovery even if you don’t have urgent, current, and pressing reason to do so. Penalties for exposing financial data are extreme and the more the world gets used to privacy disclosure and where client data may be stored the more requests and inquiries you will start seeing. Businesses (aka “people with money”) are the low hanging fruit that will be sued first.

This is by no means a new trend: We have been selling Compliance Archive  and Corporate Encryption for years but GDPR has really put the demand for these products into a new gear. For our partners, this has significantly increased both sales and service requests that are a giant opportunity for many to be ahead of the curve and regulatory changes worldwide.

 Get ready for it today and call us – we have the products, the service, documentation, marketing collateral and back office legal support –
all you need to do is present it to the client and can help you do the rest.

 

Here is something that MSPs always get wrong when it comes to proposing Encryption and Archiving (HIPAA, compliance, eDiscovery): You can’t be something you’re not BUT you have to know the service you’re proposing. More on this topic tomorrow (if I can sneak it by the marketing)

Posted by ExchangeDefender on Thursday, April 5, 2018

Here is something that MSPs always get wrong when it comes to proposing Encryption and Archiving (HIPAA, compliance, eDiscovery): You can’t be something you’re not BUT you have to know the service you’re proposing.

Want to see part TWO of this video?
Disclaimer: There is tasteful profanity and light nudity to really drive the point of how to better interact with your clients. 🙂


ExchangeDefender: Become a Partner