“We’re thrilled to offer this value-added tool and integration for our customers, partners and MSPs,” says Mike Petsalis, CEO of Vircom. “This is another step forward in our focus on making life a little easier for those who are on the front lines of protecting corporate email from advanced threats, ransomware, email fraud and phishing attacks. This is of crucial importance in the face of all the cyber threats constantly barrelling their way towards SMBs across North America, Europe and worldwide, and something we intend to do our best in protecting against. Vircom has always been about end user serenity, so that employees can focus on their own work and business.”

“With this in hand, management is made easier and efficiency increases, allowing MSPs, partners and customer IT Managers/Administrators to better realize the true benefits of modusCloud’s advanced protection against phishing, malware, ransomware and email fraud, along with continuity, encryption, DLP and powerful cloud-based archiving for email, all with the service, expertise and support that has distinguished Vircom’s brand for more than two decades.”

Security Alerts

Admins can find out if system configuration is opening unecessary security holes in the deployment or if system or user behavior is unusual or risky.

In this version of the modusCloud Alerts Portal the following Security alerts can be set:

• SPF configuration issue
• Domain included in DNSBL (or RBL) list(s)
• Possible spam wave detected
• Possible compromised account detected
• Inadvisable trusted sender domains including self-trusting

Business Alerts

Business Alerts are targetted for partners, resellers and Managed Service Providers (MSPs). Admins can find out if anything significant has changed with their customers from a business perspective. Having this information allows Admins to be proactive and contact their customers and further help and inform.

In this version of the modusCloud Alerts Portal the following Business alerts can be set:

• Package Change on a domain
• Trial Expiration
• Change in MX record
• Significant change in customer usage (including exceeding license count)

Setting Up Alerts

Admins can set up which Security and Business alerts they would like to see and be notified about. They can also choose the email address to which the Alerts Digest (see below Alerts Digest) will be sent.

Alerts Digest

A daily Alerts Digest is sent to an admin email address. It contains a summary of all the alerts, and detail about more critical alerts.

Alerts Dashboard

The Alerts Dashboard gives a quick visual look at the alerts state of the deployment. It offers easy to use clickable drill-down if an admin wants to view a specific alert in more detail.

Download the datasheet here to learn more! If you are a new customer interested in using the modusCloud Alerts Portal on modusCloud or Proofpoint Essentials, then simply contact us or provision your modusCloud account to get started and discover the power and efficiency that this new tool provides! If you are an existing Vircom customer  using modusCloud or Proofpoint Essentials, then you already have access to login to the modusCloud Alerts Portal and start setting up the alerts you want to see.

Learn more about the new modusCloud Alerts Portal.

Learn more about modusCloud Email Security.

The post Vircom launches new modusCloud Alerts Portal for modusCloud and Proofpoint Essentials! appeared first on Vircom | Email Security Experts.

You probably have a million questions going on in your head when this happens. Panic is often a normal part of the reaction.  Calm is best though, as most spoofing cases aren’t because your account has been hacked.  Let’s clarify the difference between “hacked/compromised” and “infected” as it pertains to someone spoofing your email address.

Hacked: Your real email account has been compromised. A malevolent third party has full access to your account. They somehow successfully retrieved your password, gained access to your systems beyond your email, possibly took over an open web session, etc.  They can send emails from your account so traffic will look legitimate and technically be legitimate by all normal criteria of authenticity.

Infected: You (or one of your friends, colleagues, contacts) has been infected by malware and your email history and/or address book (or theirs) has been stolen.  The criminals send emails that seem to be on your behalf but not directly from your email account. This is where the actual spoof comes along, as they have to disguise the email since they cannot send directly from your real account as would be the case if you had been hacked.

Most spoofing occurrences are due to an infected machine somewhere on your network or on one of your contact’s networks. These occurrences do not use your credentials to log into your account and send spam, they are only using your name and contact names to spoof your email address, using mail servers controlled for this pernicious purpose. If a hacker has your credentials, they can do a lot worse than just spoof your email and you’ve got bigger things to worry about.

Business spoofing

Businesses exchange emails with thousands of recipients. They often use generic email addresses such as support@domain or sales@domain, along with a formatted signature and detailed contact information.  One fine day, a colleague or a customer somewhere on the planet clicks on a malicious attachment, promising fortune or a health miracle, and is infected. This infection is like a tiny virtual spy that sifts through that user’s email history and contacts, using advanced algorithms to steal precious information. At this point the criminals will know the following about you:

• Your full name
• Your email address
• Whom you communicate with
• What form your emails take when making such communications, down to your signature details

All this information comes in very handy when they begin to pretend to be you by spoofing your email address. Here’s a reasonably well-done sample.

This is when you might start sweating. The body text of the email is exactly the same as an email that you routinely send. While the FROM email address is far from being similar to the original one, the content is. The “stolen” signature is identical to the original one (including color and font). The message is urgent and usually requires immediate attention. It is key to inject a level of urgency to make the recipient act quickly without thinking. The attached file has a familiar name, the same name as a recent file attachment received from this account. The user that clicks will get infected by opening the file. Should they be suspicious and use the Reply-To email to respond, someone is listening on the other end and will respond that everything is ok.

And if your signature has an image embedded or a quote from someone famous? No problem! It only makes the copy created and used that much more reliable to the recipient and more capable of fooling them.

Here’s another example:

The legitimate image was extracted from the infected user’s email history. The contact information is very similar compared to the original legitimate email that was copied and is meant to only be glanced at to reassure you. But this one contains a modified signature. The phone number does not actually work, so you cannot call and confirm the request.  The original attachment was “Quotation.iso”, a file installer, that has been removed by the email filter.

Votre entreprise opère en français et vous vous croyez à l’abri? Non, pas du tout. [Translation: You operate in a language other than English, for example, French, and you think you might be protected? Think again!]

We have seen a huge uptick in French and Spanish spoofs. In this case, the sender and recipient know each other, increasing the risk for the recipient to be fooled by the fake. The copied content re-uses a mistake that the original sender had made (“bicoup” should be “beaucoup”). The spoofed email is even copying style.

How can I fix this?

In most cases of spoofing you have not been hacked. There is however an infection somewhere and it is probably off-site, i.e. not on your network. The spamming criminal can be using a random server anywhere on the planet to send emails, so there is not much you can do to act directly on the email exchange. There are a few things you can do to help legitimate mail servers and mail filtering tools worldwide make better decisions on whether email purported to be sent by you was actually sent by you. This is done by publishing properly formatted SPF, DKIM and DMARC records.

SPF (Sender Policy Framework) would be the minimum. This is probably the most under-used email security feature of all. SPF informs email recipients from what IP ranges legitimate emails from your business will come. While this helps, it is not a miracle solution. If for example you are using Office 365 SPF, a spammer on Office 365 with a valid SPF record could pass the test even though they would be impersonating you. A well-configured email security solution will always check the SPF record of the domain from which it has received an email and will reject emails sent from the wrong server.

DKIM (DomainKeys Identified Mail) is a bit more complex but very effective. It adds a (hidden) signature to your email to prove that your business actually sent it. The authenticity is established using encryption and asymmetric keys. Many email providers support DKIM.

DMARC (Domain Message Authentication Reporting and Conformance) is more complex, the larger the business the more complex it will be to implement. It combines the best of SPF and DKIM. DMARC allows a domain to publish whether it uses SPF and/or DKIM, and what to do with an email received from that domain that fails either test. While DMARC could be an excellent tool to protect against phishing, its adoption by the market has been underwhelming because of the high False Positives rates. The main reason for the False Positives is incorrectly set up records that result in rejection of what are for all intents and purposes legitimate emails. We’ve written before about it here.

Conclusion

Spammers and scammers are going to extraordinary lengths to fool those that know you by sending emails pretending to be from you (spoofing). The cause of this is often a minor infection that didn’t even happen on your own network. You can protect yourself, your business and your reputation by adopting more advanced standards and protocols for your business email such as SPF, DKIM and DMARC.

Another thing you can do is use an advanced and complete email security solution that is backed by security experts whose pleasure it will be to set up your SPF, DKIM and DMARC correctly.

Other References on SPF, DKIM and DMARC.

Photo by Greg Ortega on Unsplash

The post Someone is spoofing my email! Was I hacked? appeared first on Vircom | Email Security Experts.

In no particular order, here are a list of cybersecurity measures that will improve your company’s security while providing significant ROI for the effort or cost. Apologies in advance to those who consider such a list as subscribing to the silver bullet or magic pill theory. There is clearly no such thing. If you think you can only use one of the actions below, then you have already failed. Adopt them all and you will be well on your way to better protecting your business and being prepared to react when things go wrong. (N.B. They already have gone wrong, see #10 below)

1. Limit the distribution and usage of admin accounts

The proverbial sorcerer’s apprentice situation, those accounts have a lot of power and should not be bandied about or shared without extreme caution. Hackers have so many ways to get in, but if they get access to an admin account, then the havoc they can wreak is nearly limitless. Side benefit: by limiting access to these accounts you also avoid those painful self-inflicted wounds, where a novice admin takes out a network segment because they weren’t sure what they were doing. A corrolary to this of course is ‘least privilege’: accounts should have the absolute minimal amount of privilege required to perform the basic functions required of the account.

2. Adopt a cybersecurity framework such as the one from NIST

A huge amount of collective wisdom and experience has gone into the development of these frameworks, including the one from the NIST. You can save yourself literally years of learning by following the structure and steps, and further identifying where your organization lies in cybersecurity maturity.

Some industries enforce the usage of industry-related frameworks such as PCI, HIPAA and so on. It goes without saying that if your business is in such an industry or a combination of industries, then you should ensure you adhere to those frameworks.

3. Monitor your DNS logs

Come on, that’s so old school … not! A treasure trove of information for the paranoid, DNS logs give you foundational information on who is doing what, connecting to whom, at what time/date. Just don’t get carried away. You can even go a step deeper and implement trusted DNS and go as far as blacklisting specific countries. Your company doesn’t do business in Afghanistan and isn’t opening a branch office in the Ukraine? Then there’s no reason for you to be accepting any connections from those countries.

4. It is time for a Password Manager (and a password policy)

Sure, there are ways to create easy to remember but complex passwords that are different for each account and application. But using a good password manager is the right way to do it for a business. There are so many good password managers out there and cost is from low all the way to free. Get your users to understand that having and using a password manager is just the way businesses must operate today. Also, no point in using a password manager if it doesn’t include a core policy for creating difficult (ie long) passwords.

5. Inventory

Oh man, this is going to be painful the very first time you undertake it! But then it gets easier, like brushing your teeth every day, it will become a daily/weekly operational habit that will require very little incremental effort and offer a lot of value. Why? Because you can’t protect what you don’t know you have. Servers, data, devices, applications, licenses, everything, you need to know what you have and where it is. A nice side effect of the inventory effort is that you will find all the unsupported or end-of-life software running on your network and will purge it. Another side effect is that you will find some security applications you thought were running that aren’t running at all or they’re not running to their full capability. (Admission: we’ve had that happen…).

6. Think ‘cui bono’ when analysing risks and threats

We are not talking about nuisance hacking or ransomware and the like, where criminals spread malware casting a very wide net to catch a large number of small fish. If you have very valuable data or information to protect, think first who would really benefit (‘cui bono’) from targeting an attack on your business to exfiltrate that information and use it or sell it. A fancier way of saying this would have been to mention threat modeling.

7. People over tools

No, this one isn’t about user training (although that is important, see #12 below). There are a lot of very expensive highly specialized tools out there that will check a lot of boxes and satisfy the C-suite and investors that you are doing something. But there are also very useful and credible open source tools that can be very useful, when managed by skilled experienced individuals. Get the right people first, they will know what to do and can get along quite well with less expensive tools. And keep those people happy, motivated, challenged and informed, because there are numerous employment opportunities out there for them.

8. Backup

No explanation required. Ok, maybe just one: make sure you test your backups too!

9. Take care of the very basics of security

The usual perimeter and network stuff that go without saying, yet we’re saying it: anti-virus, email protection, firewall, automated patching and updating, turn logging on, harden systems, limit USBs, consider 2FA or MFA, VPN, etc.

10. Change your mindset: you’ve already been breached

Much cybersecurity thinking revolves around protecting, blocking, isolating, obfuscating and generally trying to create an impregnable fortress. Give it up! Ok, don’t give it up, but change your mindset to one of ‘you’ve already been breached’. This mindset quickly moves to data protection, rights management, asset classification, encryption and such. The bad guys are in, let’s make sure we can detect their presence or footprints, and also make it hard for them to find and use stuff.

11. Watch those browsers

Everybody has a favorite one and there are quite a few around: Chrome, Firefox, IE (and Edge…), Opera, etc. Much of the trouble comes from those nasty plug-ins. A way to limit risk is to enforce a single hardened browser for business use, and limit which plug-ins can be used.

12. Awareness and Training

This is the biggest one of all! The most encouraging news is that we are making inroads into this, users are collectively getting more educated and more paranoid. Cybersecurity is not a single department’s problem, nor a single person’s problem, it’s everyone’s problem. Start with basic awareness, and keep things simple without freaking everyone out. Then progressively start some training and give it the time required. Avoid FUD, nobody learns well under stress. (Shameless Plug: we’ve put together a site to help your users learn more about email security, which is a big part of cybersecurity, since most attacks begin by email).

There you have it, we managed to get to 12 things you can do to improve your business’ cyber security without breaking the bank or tapping too much more into your already over-stretched teams. Every little bit counts, every little bit helps. No single measure, action, person or tool can get it done on its own.

Photo by William Daigneault on Unsplash.

The post Improving cybersecurity for business: 12 actions with the best bang for the buck appeared first on Vircom | Email Security Experts.

Mundane financial news an IT executive shouldn’t care about, right? Think again. If you are a Roaring Penguin, SpamStopsHere or AppRiver customer, this news will actually have a significant impact on you.

Price Increases On The Way

We’ve written about changes and consolidation in the industry before. There was Forcepoint’s partner cull  (dismissing those SMB 500-2000 user Websense partners), Barracuda’s upsells on renewals (after being bought by another private equity firm), and Mimecast’s price increases  (affecting MSPs). And of course AppRiver recently acquired Roaring Penguin and turned to focus the combined offering and advantages of the deal on an MSP customer base.

The email security market is broad and distributed, with a multiplicity of providers, products and channel programs. This normally is great – great for competition and great for quality, along with delivering the best offering to customers and service providers.

Reality might be a little different. Private equity firms see this as an opportunity to leverage their power, join forces and consolidate channel programs. This gives customers fewer options, and allows providers to raise prices rather than producing real value or delivering innovations to said customers.

Thi pattern has been seen in many industries. Saas-type subscription-based businesses like email security are targets of private equity. The pattern: Acquire, Consolidate, Rationalize, Grow, then Sell. This is absolutely brilliant for making a lot of money for investors, which is what private equity is all about. On the other hand, gone are the twin visions of innovation in a complex industry and service to a customer base needing help and support.

AppRiver Doubling Prices

Why Zix would pay so much – almost the equivalent of its own market cap – to acquire AppRiver? On some level this could be about providing email security services, but if that were the case, what are we to make of Zix’s existing offering of SpamStopsHere since their acquisition of Greenview Data in early 2017? Just like Roaring Penguin before it, expect Zix to benevolently neglect and soon End-Of-Life SpamStopsHere to encourage customers and partners to the newer more lucrative platform.

This acquisition isn’t about stopping spam, it’s about generating growth through AppRiver’s 4500 partners – something that is explicitly called out on the acquisition conference call as a benefit of acquiring AppRiver. The methods here are multiple: sell Zix products to AppRiver partners, sell AppRiver products to Zix partners, and raise prices as high as those partners will bear to keep investors happy.

As the halls of r/msp would have it, this process couldn’t have kicked off soon enough:

Life is tough when you’re a Bronze partner…

If you’re experiencing this price increase, you’re not alone. We found this rant really sums up the pain that customers and partners must be feeling at the hands of their vendors – first from a SolarWinds MSP migration, and then Roaring Penguin and AppRiver. Prices will be exorbitant no matter where they go and will not reflect the value received in return.

In this case, this service provider has gone from one product they like, was forced onto another, then left for a third, then was forced on another and is now confronted with a price increase, all of which they have to explain and pass on to their customers. Good service, easy management, decent margins, and a reliable product shouldn’t be so hard to find, as this other user seems to be wanting.

Why You Need to Make a Choice

Every time you accept such a price increase as an MSP, you make it easier for companies like this to increase prices in the future, without offering you anything more in value. Companies like the new Zix-AppRiver combo – with a combined $167 million in annual revenue, 80,000+ total customers and healthy margins and growth – are producing those results by betting that they will earn more money by raising prices despite the customers they lose.

Don’t let private equity machinations pass the cost of an acquisition on to you. Consider an alternative that you can rely on.

Photo by Christiann Koepke on Unsplash

The post AppRiver and Zix: Are Price Increases and End-of-Life’s on the Horizon? appeared first on Vircom | Email Security Experts.

“These offerings are generally smaller and considered value-adds by most organizations,” says Mike Petsalis, CEO of Vircom, “but in reality this sort of functionality is rarely found on the market today, and surpasses the old mindset of keeping users uninvolved in their security by instead creating a direct sense of engagement with the Spam emails that do reach an inbox, while also allowing for adjustments to Approved and Blocked Lists that permit enhanced customization and comfort.”

Available free to all modusCloud users on all packages, SpamReporter’s high degree of usability and positive feedback are a sign that market-leading integrations can change the security conversation by no longer viewing users as a vulnerability or target of attack, and rather a first line of defense, vigilance and awareness when an organization has in fact entered a cyber criminal’s crosshairs.

Flexible Reporting Options

SpamReporter enables emails to be marked as spam, while senders can also be added to a “trusted” or Block list, all with a simple right-click menu available directly in your Outlook client upon installation.

Easy List Management

With modusCloud’s Sender Lists Feature, users are able to review the choices they’re made with respect to Trusted and Blocked senders, further enhancing each users’ ability to use email efficiently.

Contact us or provision your account to get started and discover the power and efficiency that this new plugin provides!

Learn more about modusCloud Cloud Email Security, or view the press release here. 

Photo by NeONBRAND on Unsplash

The post Vircom launches SpamReporter for modusCloud! appeared first on Vircom | Email Security Experts.

In the case of small businesses, this can be even more challenging as you may not have the resources or the fast access to a lawyer that can adequately frame the compliance issues you face as an SMB. Specific to policies like HIPAA, FINRA and PCI, you need to understand your particular regulatory requirements, and how quickly you can address them with the IT tools you use.

Disclaimer: this article in no way qualifies as legal advice, and we are not qualified to speak to the legal compliance challenges faced by each and every reader of this article. Be sure to discuss compliance issues with an appropriate attorney and act based on what they offer.

Without serving as a definitive guide, this article is meant to serve as a guide to core issues that confront SMBs in their efforts to achieve and maintain regulatory compliance. Here they are:

Advanced Device and Data Malware Protection

Both PCI and HIPAA cite the need for protecting devices and important data from being exposed to malware and other malicious attacks designed to exfiltrate data from your organization. Everyday anti-virus doesn’t make the cut in this respect, particularly in the case of targeted attacks. Vircom’s modusCloud offers advanced malware detection and real-time dynamic analysis features, along with active sandboxing for both URLs and attachments, that stop email malware and phishing attacks from harming an organization before they even reach inboxes.

Identifying and Protecting Sensitive Data in Email Communications

modusCloud allows organizations to use smart identifiers and managed dictionaries which enable quick and easy construction of policies that protect organizations from data breach, pre-configured based on the industry standards that exist for regulatory compliance, whether it’s in healthcare, financial services, real estate, retail or others. Data Loss Prevention policies can also be introduced with modusCloud, automatically scanning outbound emails for sensitive terms and stopping them from leaving the organization, eliminating the risk of data breach via email.

Secure Transmission of Protected Data via Email

HIPAA and other policies mandate the secure transmission of protected data, whether it’s Personal Health Information, credit card and social security numbers or identifiable, regulated terms. modusCloud allows organizations to create policies that trigger encryption of sensitive messages, rather than blocking their sending, depending on the specific processes they want to create.

modusCloud’s encryption employs SMTP over enforced TLS in transmission, while data is stored to ISO 27002 data protection standards at rest – all accessed through a secure portal. modusCloud also allows users to trigger encryption themselves with a subject line tag or Outlook plugin. All of these features allow your organization to maximize both the security and usability of email for regulatory compliance and eliminate the concerns that emerge from day-to-day transactions involving protected data and regulatory compliance.

Email Continuity and Policy Violation Visibility

HIPAA regulations require the ability to continue critical business processes in an emergency, including the ability to protect PHI. In the event of a network outage, whether on-premise or through cloud services like Office 365, modusCloud’s Emergency Inbox allows email communications to continue flowing, permitting both normal operations and enforcement of security and filtering policies to continue without interruption. Aside from protecting your organization in the case of broad emergencies, modusCloud also allows for alerts to potential policy violations, along with detailed logging which permits owners or management to track end-users and educate them, whether they inadvertently or intentionally violate policies.

Record Retention and Email Production through Email Archiving

Various regulatory regimes in financial services and other sectors require the maintenance of contract and transaction records for 7 to 10 years or even in perpetuity. With modusCloud’s Email Archiving, organizations are able to utilize a tamper-proof offsite email archive with 10-year unlimited storage and customizable record retention policies, permitting specific compliance to record retention requirements without hassle or worry.

modusCloud’s Email Archiving also includes fast search and eDiscovery features (particularly when compared to that available with Office 365) which allows for quick and accurate production of email records for either legal suites and proceedings or when trying to maintain transparency and good faith in the face of regulatory scrutiny – a critical feature in resolving such regulatory issues as they emerge.

Compliance with GDPR and Data Protection Policies to come

While the GDPR “apocalypse” has come and gone, few SMBs have yet to be directly affected, but the rapid advance of legally enforced data protection policies around the world have made life a little more uncertain for “the little guy”. With the introduction of GDPR, modusCloud introduced updated libraries that permitted for the protection and secure transmission of specifically enumerated new classes of protected data. As regional and less comprehensive policies will emerge, modusCloud will continue to stay ahead of the trend. Introducing up-to-date data protection doesn’t have to be a challenge when you have the right solutions at hand!

With all the above discussed, there are still more issues around SMB compliance which should compel you to consult with an attorney. In the meantime, consider giving modusCloud a try with a free trial and seeing how well the solution can help you address the issues you face.

The post SMB Compliance: What every MSP and IT Manager Should be Aware of appeared first on Vircom | Email Security Experts.

Much as this is the case, outages still occur. In the case of Office 365, Office 365’s multi-factor authentication locked out users for 8 hours recently with no workaround. We’ve already discussed the challenge posed by Office 365 Email Outages, but with problems of O365 access clearly growing and not shrinking, you need to consider how to adopt a strategy of Cyber Resilience for Office 365.

What is Cyber Resilience?

According to IT Governance UK, “Cyber Resilience is a broader approach that encompasses cyber security and business continuity management, and aims to defend against potential cyber attacks and ensure your organisation’s survival following an attack.”

To illustrate this difference, ask yourself: what is your usual conception of “security”? To most people this means confidence or comfort that you will be free from harm or interference, most often by a malicious actor, but also from unforeseen disasters, hardships and even accidents.

Resilience builds on this by considering the likelihood of unexpected events interrupting the normal course of business for your organization. The unexpected can always happen, both for well and for ill, so building a durable framework to maintain continuity no matter the nature of a risk can prevent your organization from falling victim to challenges where other organizations might find themselves unprepared.

Representing Resilience Mathematically

It may be hard to adopt the assumption that your service is imperfect, but also that another necessarily imperfect service to back it up might offer you significantly more resilience overall, however within the margins of standard SLA’s today, assessing the total impact and visibility of IT’s continuity efforts can actually be fairly substantial.

Think of it this way: if you have a primary service up 99.99% of the time, it will fail .01% of the time on average. If a parallel service backs this up, and that service is up a different 99.99% of the time, then the two services only have a .0001% probability of being out at the same time.

If you were to go from 1% to .01% downtime, that would be the equivalent of going from experiencing 3.65 days of outages per year to approximately 53 minutes of outages per year. .01% being 53 minutes, depending on the size of your organization and the intensity of your work, this could still have a major impact on you – especially if you consider that when you do fall victim to an outage, you’re most likely to take a far greater proportion of downtime than a simple 53 minutes. Aside from all the other benefits of a secondary solution, if you achieve .0001% aggregate downtime (in the case of this example), you’d only experience 31.54 SECONDS of downtime per year.

SLAs and the expectations software services vary, and obviously committed or financially-backed SLAs exist beyond the pale of 99.99% and above. However, downtime is known to occur, particular with critical systems like Office 365 (as cited in the examples above). Cyber Resilience for Office 365 creates an expectation that you won’t be left vulnerable to a single point of failure within the solutions your organization relies upon.

Cyber Resilience, and Cyber Resilience for Office 365, aren’t exclusively about building up one solution that will always be successful, but building in intelligent redundancies that optimize your outcomes for a variety of different scenarios. Natural disasters, broader architecture failures or other systemic risks all confront organizations of all sizes, and splitting your bets between maximally reliable solutions is the only way to be truly resilient against these sorts of risks.

Deploying an email security solution for Office 365 is critical to ensuing you get maximum value from this solution, but email continuity for Office 365 is also critical to getting around the issues of downtime and lockouts from overzealous features like O365’s MFA. If you’re looking for a solution like this, consider trying a free trial of Vircom’s modusCloud solution to get your search started.

The post Downtime and Cyber Resilience for Office 365 appeared first on Vircom | Email Security Experts.

In the end, this choice – while potentially due to an attentional bias that is always devoted to top decision-makers within an organization – can ultimately end up costing you more and making you less likely to achieve your desired result of effectively protecting these users.

Specific to this, there are many companies we (and we’re sure others) interact with who seek to deploy Advanced Threat Protection or other features exclusively to their executive teams or another limited set of users. This is under the assumption that threats and solicitations only affect such users – not even the assumption that they might only disproportionately affect such users – and that not a dollar more need to be wasted in protecting users outside of core executives or particular departments.

While it’s understandable that these high-value targets are more likely to be targeted, selective protection doesn’t actually make them safer, and may make you more vulnerable with the assumption that they are safe and protected, leaving you less vigilant to threats as they do emerge. This means that selective protection is a universally bad choice for any organization, particularly in the case of email.

This isn’t the only reason selective protection is bad, as there are many specific reasons for this, including:

Your “Low-Authority” Users are the easiest Path to Your High-Authority Ones

A full 67% of targeted malware and phishing attacks are accounted for by first-line managers and individual contributors – not members of your C Suite. Cyber Criminals are crafty, and when they don’t hunt, they gather. This is an easy aphorism, but it has very real impacts on your organization. For instance, consider the case of Office 365 phishing – many organizations jump on the platform expecting to have total ease of use and security, but are surprised by the prevalence of security threats within its infrastructure.

Now, why should this worry you if you only want to protect high-authority users? Well, consider the possibility that one of your low-authority users gets compromised. After hunting out this account, a cyber criminal may seek to compromise any data or information held therein, and then upon having rooted out any such information, use the compromised account to then compromise other high-authority accounts within your organization.

In this case, you’ve paid for additional protection for your high-authority user, but have provided no additional assistance in protecting them – only a minor roadblock to a cyber criminal’s intent to compromise accounts and subsequently breach data, bark out orders, send out false orders or payment requests and more.

“Limited Aims” Protection Leaves Significant Gaps

Finding a heuristic or decision-making mechanism can be a difficult task for protection. Again, in the case of email, consider this: Is everybody on the executive team a high-authority user? Is everybody with authorization to pay or fulfill an invoice to the company? Anybody who participates in an interaction with a partner or significant client? Anybody who works as a contractor but has access to protected information, or information from which protected information can be inferred? Are any of your employee’s devices networked to the devices or others within the company?

All of the above are risks, and in most companies, at least one of these criteria will affect most of your users. Beyond that, of the employees excluded, what are the costs to the company when employees fall victim to malware on a personal device, or a gift-card related phishing scam? At this point, you’re not really saving anybody time or money – and you may simply be creating individual costs for members of your organization who are still needed to contribute.

You Are Underestimating the Value of Protecting all Users

Ultimately, any breach has costs that we can’t evaluate beforehand. Deloitte estimates that 90% of a cyber attack’s costs are unaccounted for by most businesses in their security analysis, and the sources of these costs can add up in the years (not months or days) after an attack. These could include:

• Customer Data Breach Notifications
• Post-Breach additions to Protection
• Regulatory compliance – either through fines or time-consuming oversight
• Crisis communications and recovery costs
• Attorneys’ fees and litigation
• Additional cybersecurity improvements or restructuring to compensate for the costs of a successful attack
• Technical investigations and new reporting mechanisms
• Insurance premium increases
• Increased costs to raise debt
• Operational disruption
• Burning of customer relationships
• Lost contract revenue
• Diminishment or overall brand value or reputation
• Loss of propriety information or intellectual property

With all these possibilities difficult to quantify, why would you ever leave an open door anywhere that you don’t absolutely need to?

Conclusion

With the aforementioned reasons in mind, when deciding how to best protect your organization, please don’t consider selective protection for your highest-authority users (or at least the ones who are most likely to complain about a spam or phishing email). If you’re doing it to cut cost, you may learn in this case that it can be “awful expensive to be cheap”.

modusCloud is a powerful cloud email security solution built to protect your organization at the gateway. With phishing protection, URL and attachment defense and more features that stop Advanced Threats, modusCloud can ensure you’ll usually be safe, and rarely be sorry!

The post Why “Selective Protection” for Your VIPs is a Bad Move appeared first on Vircom | Email Security Experts.

• Scanning email attachments for malware
• Scanning URLs in email messages and Office documents
• Identifying and blocking malicious files in SharePoint, OneDrive and Microsoft Teams
• Checking email messages for unauthorized spoofing
• Detecting when someone attempts to impersonate your users and your organization’s custom domains through built-in anti-phishing capabilities

The product has strengths in its ability to set granular policies for its anti-phishing, safe links and safe attachments functions, as well as reporting to Microsoft which has a broad swath of deployments and visibility to a variety of threats (despite the prevalence of 3^rd party filtering and security solutions for Office 365, which makes this somewhat less of a value-add).

Microsoft defines its ATP solution as a significant step up from its Exchange Online Protection service for email filtering, however we and many others can tell you that Exchange Online Protection as a spam filter is full of problems of its own. There are additional perceived limitations for many customers and service providers as to the availability Office 365 Advanced Threat Protection across Exchange Online, Business, Enterprise and A plans. Click tracking and the bundled nature of Microsoft’s packages make these options generally attractive for the average SME, but the overall limitations of the service are starkly apparent when considering the variety of issues present within ATP and with the services that often are (or aren’t) bundled along with it.

Limited protection from Intra-O365 Phishing

On top of EOP’s inherent limitations and underdeveloped technology, Office 365 suffers from certain infrastructural oddities that seem to effectively whitelist phishing messages sent between Office 365 tenants. Office 365 phishing is a significant risk because even as an organization may be protected from the outside, there are over 120 million commercial customers and 1 billion users on Office 365, significantly expanding the apparently “protected” pool from which malicious emails can be sent. This can lead to frequent and perpetual account compromises, a snowball effect which not only puts data and transactions at risk, but also adds up to thousands of dollars in wasted IT time and other costs per year.

No contingency for Email Outages

This is not necessarily a flaw of ATP in itself, as Office 365 Advanced Threat Protection is not meant to include this as a feature, but when considering the possibility of an Office 365 email outage as both very real and quite frequent, 3^rd party security providers have anticipated such needs and deploy solutions that permit you to spool email and gain access to an emergency inbox so that productivity is maintained despite situations where email may be unavailable. Vircom’s modusCloud Email Continuity service is one such solution.

No usability concerns for Archiving

Again, not a flaw of ATP, but important to consider as bundling your solution with Microsoft is usually motivated by a desire to save money, you may get more overall value from a third-party solution. Native Office 365 Email Archiving presents some benefits, but generally lacks speed and legal defensibility that’s required by compliance-driven organizations, ultimately limiting its ability to achieve the primary purpose for which most buy email archiving – namely: regulatory compliance.

Overall hidden costs that add up vs 3^rd Party Services

Large-scale software implementations can often bear hidden costs, but those particular to Office 365 can be truly difficult to swallow. Not only are there inherent limitations to Office 365 Advanced Threat Protection, but your time spent addressing them can only add to Office 365’s hidden costs.

Vircom offers Office 365 email security that gives your organization both more usability and more protection from malicious attacks and regulatory risks. modusCloud’s cloud email security can provide for all needs that O365’s might not, while additionally providing email continuity, email encryption and email archiving that adds true value to organization’s seeking to maximize their safety and productivity.

Office 365 offers a powerful suite of services for Managed Services Providers as well as end-customer organizations, and protecting O365 email while managing billing and mailbox counts is now easier than ever through Vircom’s new email security integration for ConnectWise Manage. Learn more by becoming a partner today!

The post Office 365 Advanced Threat Protection: Upside and Pitfalls appeared first on Vircom | Email Security Experts.

If you’re reading this and among the 10 to 15 thousand SMB-focused channel partners that were once part of Websense’s channel strategy, you may already realize that since its private-equity/defense contractor co-acquisition and rebranding into Forcepoint, the company’s priorities have gradually shifted, and now that transition is reaching high gear.

Ex-Goldman Sachs Analyst, Harvard Business School MBA graduate and current CEO of Forcepoint Moynahan already states that Forcepoint would like to have a majority of its business flowing through less than 1000 channel partners, and that will come at the cost of severing ties with so many of the partners who helped Websense become the company it was before its acquisition and rebranding.

Forcepoint’s focus in this is to better support large government agencies and mid-market and enterprise commercial customers, providing more resources to fewer partners who are explicitly committed to selling multiple Forcepoint products and generate an impression of leadership in the channel, all done at Forcepoint’s bidding of course.

This radical shift will affect far more partners than may be initially conceived, as efforts to recruit any business with less than 500 users will be de-emphasized by Forcepoint. “We’re paying a lot of money to partners who were supporting an SMB company a decade ago,” Moynahan said. “We need to reset that relationship.” Moynahan states this while also “reassuring” partners with nebulous comments like “This is an evolution, not a revolution. If partners are committed, we’ll be committed to them.”

Forcepoint partners not serving target customers of 500+ or 2000+ users each may as well read this as “You don’t make us enough money. Give us more or see ya later!”

A little history here: Vista Equity Partners and Raytheon teamed up to acquire Websense for $1.9 Billion in 2015. Vista Equity, the private equity firm that most famously flipped Marketo for nearly $3 billion in profit, presumably brings the management chops to this deal, while Raytheon, the $50 billion defense contractor most famous for missile defense systems, most likely brings general “security” credentials to this deal and greater access to public agencies and large government organizations.

Ultimately, the tactic that works best for these kinds of buyouts is to either flip the business or maximize profits, which are then returned to partners or used to buyout and flip more companies. The best way to do this with individual firms is to make more money while also passing on costs to employees, customers and partners, and have those same constituencies feel blessed simply to be in league with the likes of Forcepoint.

Disregarding the fact that there are still plenty of SMBs and partners who serve them that work with government and fundamentally support the activities of larger firms, one would expect this forced exodus to deliver great results for Forcepoint’s books in the short term while reducing the reliability and growth potential of their business in the long run. As for the individual channel partners and SMBs who have paid Forcepoint their due for so many years, one would expect that they will move on looking not to get burned again.

If you’re an SMB-focused channel partner who joined Websense years ago when the true focus was email security, only to find your commitment questioned today, consider modusCloud email security, our solution for filtering, advanced threat protection, encryption, archiving and compliance that enables you to better serve customers of any size. If you want to kick the tires, provision your account and get access to a free trial here.

The post Forcepoint/Websense Partner Cull: What You Need to Know appeared first on Vircom | Email Security Experts.