View Full Post
The ability to reset one's own password for business email may not seem that important for your organization's cyber security and budget, but it actually matters more than you think. After all, resetting your own password isn't a new thing. Almost any website that requires you to log in with a username and password also gives you the opportunity to reset your password without having to call or email into a support desk. Even though it has been around for a few years now, Self Service Password Reset was not always a feature in Office 365 and that could be the reason why so few organizations know about or utilize it. I spoke with Steve Cornell, our Service Desk Manager, about Self Service Password Reset in our livestream on 4/24. You can watch the recorded version on the left (don't forget to like and subscribe!). During this livestream, Steve and I discussed the many benefits of using SSPR and gave a quick walkthrough of the initial setup. Even though this is enabled by default for our clients, unless end-users complete the process shown in the video, then they will not be able to reset their own password. So, if you are an admin reading this, make sure your users follow through. Why bother? Well, password reset requests account for 20% of all IT organizations' support calls. Not only that, but it also leads to an improved end-user experience because users no longer have to wait for the Support Desk to get back to them. So instead of being locked out of their accounts for a few hours or even days, end-users have the power to get back into their account without delay. As for the security side of things, SSPR takes the guess work out of authenticating the person on the other end of the phone. As we've discussed in previous blog posts, phishing is more prevelent than ever and attacks are getting increasingly more sophisticated. It only takes one misjudgement from the support desk engineer to compromise an account and possibly the entire organization. By factoring out the risk of human error and replacing it with SSPR authentication options, the security of the entire organization increases. The admin doesn't have to give up any control either; he or she still dictates the policy. From which authenticated methods are used to how many validations are required, the system is designed to let only the right person in. Speaking of authentication methods, there are currently four options to choose from:View Full Post
Over the years, I've had many clients complain about emails not being delivered because of file size limitations. Yes, that 100 page PowerPoint presentation is important, but most mail servers won't accept messages larger than 25mb. Even if your mail server allows you to send messages that are larger than 25mb, if the recipient's mail server caps out at 25mb, then your 26mb message will not be delivered. But why send the email as an attachment to begin with? I've been using OneDrive with Office 365 for only a few months, but I can tell you with all honesty, I will never go back to sending attachments through email again.View Full Post
During a livestream, we aren't always able cover everything on our agenda. As was the case in our livestream with NOC Manager Sean Jacobs when he took us through a live phishing attack from both the attacker's and victim's perspectives.
You can see part of the recorded livestream on the right. Though we were able to show what a phishing attack looks like and how easy it is to willingly give away your password to a malicious third-party, we missed the most important part! How to identify a phishing email and what to do when you are being phished. Well, Sean and I put our heads together and from the livestream demonstration, we came up with a list of 9 Red Flags that will help you determine when an email is legitimate or when you are being phished. Phishing Agents are getting a lot more creative than you probably think, so even though some of these may seem like no brainers, at the very least, one of our Red Flags should make you rethink what you know about phishing. Let's get started!
As security incidents and events keep making headlines, Microsoft is committed to helping our customers and the rest of the security community to make sense of the risks and offer recommendations. Old and new malware continues to get propagated through massive botnets, attackers are increasing focus on easier attack methods such as phishing, and ransomware attacks have evolved to be more rapid and destructive. The latest Microsoft Security Intelligence Report, which is now available for download at www.microsoft.com/sir, dives deep into each of these key themes and offers insight into additional threat intelligence.View Full Post