We have spoken a lot about how Office 365 enabled users to build better working relationships through the power of collaborative tools. Web conferencing is and has been one of those tools, but far too often people who use Office 365 aren't aware this feature exists. By default your organization can use either the Skype for Business or Teams applications to create a web conference which includes audio, video and screen sharing capabilities. Just like with third party applications like Go to Meeting, if the meeting recipient doesn't have the application, they are still able to participate by using a temporary instance of the application in their web browser. In this video I demonstrate how to create a meeting in Outlook, since that is the application most people use to create normal meeting invites anyway, but meetings can be created in the standalone applications as well. In Outlook, simply go to your Calendar section and instead of selecting the button New Meeting, select New Skype Meeting or New Teams meeting. Skype for Business is in the process of being merged into Teams, so Skype button will eventually go away. If you haven't already made the switch to Teams, then you should definitely start making plans to. Now, one thing that isn't mentioned in the video is the additional license required to make dial-in meetings an option. Without this additional license you can still create a meeting and have your participants join using their Skype or Teams app, but the ability to dial in via phone won't appear. With the additional license though, two lines appear in your meeting invite showing the number to call and the conference ID. This method allows your participants to use a phone instead of the apps to participate in the meeting. Of course if they are dialing in, they don't get to use the video or screen sharing capabilities. The modern office is no longer a physical place, but rather a mentality. Some employees work from home, others work in satellite offices around the country and it becomes hard to maintain a company culture in such an environment. Video conferencing really does make all the difference in the world when having a web conference. You can see you are talking to a real person and not just hearing a disembodied voice on the other end of the phone, allowing you to create that stronger working relationship.
I have an iPhone and like most iPhone users I can't wait until a new phone comes out so I can upgrade to the latest and greatest. And why not? There are hardly any pain points. All I have to do is sign in with my Apple ID on new phone and just like that, all of my apps and data sync to the new device. I don't have to hand my device over to a tech and I barely have to wait for the phone to be completely up to date. The same experience cannot be said about work computers, or at least that used to be the case. With Windows Autopilot, replacing your work computer is as seamless as upgrading your iPhone. Before Windows Autopilot, I would much rather hang on to an outdated machine than go through the hassle of replacing it and I am not alone. When you are finally forced to give up ol' Betsy, you are out of commission for an entire day or possibly even the week, while your new computer gets configured. Your IT person not only has to have your old computer to port your data over, but he/she also has to configure the new computer. Whether it's creating a new user account, mapping network drives, or installing third party applications, your work stops until you have everything back to the way it was. Windows Autopilot allows your organization to configure your computer without ever needing to lay a hand on it. That means you can literally take a brand new computer out of the box, sign in with your Office 365 account and watch as all of your apps and data sync to the computer. Autopilot is responsible for configuring the computer, settings, and pushing down applications, but OneDrive and SharePoint are actually what's responsible for your data syncing. We've written articles on the importance of storing your data in OneDrive and SharePoint before, but this is yet another reason why you should: https://ptmain.wpengine.com/blog/stop-being-afraid-of-sharepoint. In our livestream, Steve and I demonstrated the new user experience by taking a brand new computer out of the box and having it set itself up just by typing in a username and password. Autopilot knows what group this user belonged to and was able to push down the corresponding apps. This was a basic user account, so we didn't push down anything fancy, but it just goes to show that multiple profiles can be configured depending on job description. After all, the billing department may have different apps than the HR department. You no longer have to hang onto those old junkers for fear of losing your work or your time. Autopilot makes it so easy that even employees that work remotely can be shipped a new computer and everything will just transfer over. No support calls, no remote sessions and no unnecessary flights. Who knew a computer could be so easy?
It’s your complete office in the cloud.
We have helped leaders at the most influential companies over the last 20 years remove complexity from technology while empowering people to connect from anywhere.
Office 365 has opened up new and exciting ways for people to communicate with one another and we are no longer bound by the traditional communication method of email. With things like sharing documents in OneDrive or SharePoint, to using messaging programs like Skype for Business and now Teams, data has multiple ways of being transferred. But now that the flood gates have been opened and email is now just one of many communication options, how is your organization supposed to keep a record of these message transactions? After all, conventional message capturing methods, such as journaling, only captures email. So, if users in your organization are communicating via Teams and not email, then a message audit will only return partially correct results. That is why Office 365 introduced eDiscovery and Data Governance. With eDiscovery and Data Governance, all messages are captured and retained no matter which method of communication your organization uses. In my most recent livestream, I spoke again with Senior Solutions Architect Jon Webster, about eDiscovery and Data Governance in Office 365. Starting with why it should be enabled to how to configure the settings, this livestream serves as a beginners guide for Office 365 admins. Even though this livestream is directed more so for administrators, I think anyone watching would find relevant information. If you are an end-user wondering what information can be captured, then you may want to take a gander. I say "can be captured" for a reason. Enabling this feature is completely customizable to meet any organization's auditing needs, since not all organizations need to capture the same information. So, for instance, if your organization doesn't really care about or is not legally bound to retain messages in Teams, then you don't haveto turn that setting on. Of course, it is one thing to retain the data and another to actually search through it all. That is why Jon and I also made sure to go through a brief demonstration of the message searching capabilities. It can be as easy as searching the entire organization for keywords in a set time frame, but there are many options to weed out miscellaneous messages and narrow your results to ultra-specific messages. However, even though it often falls on the administrator to setup and run the parameters of message searches, it really shouldn't. Only key people inside the organization should be allowed to audit this data, such as a legal or executive team. That is why included in eDiscovery and Data Governance is a permissions section, where the admin can configure other users to perform specific audit functions. The data is sensitive, so there are at least three different permissions a user must be assigned in order to have full auditing capabilities, otherwise permissions are segmented so that one person doesn't have full control. Capturing email messages is now just one resource an organization needs for compliance and legal needs. Because Office 365 offers its users so many methods to communicate, journaling email messages may no longer cover these obligations. Enabling Data Governance ensures that all relevant messages are captured and retained for your custom retention period. If you still have questions about eDiscovery and Data Governance in Office 365, give us a call and we'll be happy to walk you through it.
When it comes to migrating data to the cloud, the complex landscape of government regulations and ...
When it comes to migrating data to the cloud, the complex landscape of government regulations and compliance can be overwhelming to navigate through. I was reminded of this during my livestream with Protected Trust CEO Ingram Leedy and Solutions Consultant Cindy Loput. During this livestream Ingram and Cindy spoke with me about the challenges a government agency faces when on-boarding new systems and software. Government agencies are ready to make the move to the cloud but they’re not sure how to get started. This is not necessarily a simple process, although we make it easy. There are steps that need to be taken to move from an internal platform to the cloud. A lot of the government agencies are familiar with purchasing their Office licenses directly through either an enterprise vendor or from Microsoft directly and they can still do that, however they really need assistance to ensure they are still compliant. Different government entities have different government regulations that they need to follow as well. The difference however isn’t only in the licensing. The data centers where the government data is stored is separated from the traditional Office 365 public cloud. It’s not to say that the public cloud data centers don’t go through a rigorous compliance process for security, but the government data centers go through the extra compliance certifications specifically for government use. We spent much of our livestream speaking about Government Cloud Community (GCC) where most Federal, State and Local government information are stored. However, Office 365 also has data centers for specific government agencies and information. These data centers are called GCC High and DoD (Department of Defense). I’m sure it’s a huge relief for many administrators knowing that their data center compliance needs are already met with Office 365 GCC. As many government administrators know, your compliance regulations don’t end at the server level and every department must have their own policies and procedures depending on the data that is being handled. Microsoft has incorporated a ton of new features specifically developed to make sure information is not mishandled, such as DLP or Data Loss Prevention. This feature isn’t something that can just be turned on and start working however. As I simplified in the livestream, you still need someone to know which switches to flip and for who. For those who aren’t aware of DLP’s functionality, it scans a message for predefined parameters (social security numbers, billing information, etc). If it detects one of the parameters in a message, it will stop the message from being sent and notify the sender of a potential leak of information (though that’s just one way it can be configured). Office 365 has given its users a wide array of tools to optimize security, productivity and now compliance. However, just knowing where to start is a huge hurdle for organizations looking to make the move. That’s where Protected Trust comes in. For over 15 years, Protected Trust has helped private businesses and government agencies select and configure the right tools from Microsoft’s wide range of offerings. As we said during the livestream, we’ve gotten so good at migrating organizations to the cloud, that the end-users don’t know they underwent a migration. We have a team of project managers, product architects and server administrators doing this every day. Don’t be overwhelmed at the prospect of a data migration. Let our team manage it for you.
The ability to reset one's own password for business email may not seem that important for your ...
The ability to reset one's own password for business email may not seem that important for your organization's cyber security and budget, but it actually matters more than you think. After all, resetting your own password isn't a new thing. Almost any website that requires you to log in with a username and password also gives you the opportunity to reset your password without having to call or email into a support desk. Even though it has been around for a few years now, Self Service Password Reset was not always a feature in Office 365 and that could be the reason why so few organizations know about or utilize it. I spoke with Steve Cornell, our Service Desk Manager, about Self Service Password Reset in our livestream on 4/24. You can watch the recorded version on the left (don't forget to like and subscribe!). During this livestream, Steve and I discussed the many benefits of using SSPR and gave a quick walkthrough of the initial setup. Even though this is enabled by default for our clients, unless end-users complete the process shown in the video, then they will not be able to reset their own password. So, if you are an admin reading this, make sure your users follow through. Why bother? Well, password reset requests account for 20% of all IT organizations' support calls. Not only that, but it also leads to an improved end-user experience because users no longer have to wait for the Support Desk to get back to them. So instead of being locked out of their accounts for a few hours or even days, end-users have the power to get back into their account without delay. As for the security side of things, SSPR takes the guess work out of authenticating the person on the other end of the phone. As we've discussed in previous blog posts, phishing is more prevelent than ever and attacks are getting increasingly more sophisticated. It only takes one misjudgement from the support desk engineer to compromise an account and possibly the entire organization. By factoring out the risk of human error and replacing it with SSPR authentication options, the security of the entire organization increases. The admin doesn't have to give up any control either; he or she still dictates the policy. From which authenticated methods are used to how many validations are required, the system is designed to let only the right person in. Speaking of authentication methods, there are currently four options to choose from: Send a text message to a validated mobile phone. Make a phone call to a validated mobile or office phone. Send an email to a validated secondary email account. Answer their security questions. If you are an end-user and don't see one of these options when you go to reset your password, it's because your admin has not enabled it. I should also note that right after our livestream completed, a viewer wrote to us and said their SSPR was not working. After investigating we found the viewer's organization is using their on-premise Active Directory and not Azure Active Directory. If you don't know what any of that means, don't worry. It just means their passwords are not controlled in Office 365 and therefore SSPR does not work for them (actually we could upgrade their licenses and enable a password-writeback policy, but that's a completely different blog post altogether). For most organizations though, SSPR will work as intended.
Over the years, I've had many clients complain about emails not being delivered because of file ...
Over the years, I've had many clients complain about emails not being delivered because of file size limitations. Yes, that 100 page PowerPoint presentation is important, but most mail servers won't accept messages larger than 25mb. Even if your mail server allows you to send messages that are larger than 25mb, if the recipient's mail server caps out at 25mb, then your 26mb message will not be delivered. But why send the email as an attachment to begin with? I've been using OneDrive with Office 365 for only a few months, but I can tell you with all honesty, I will never go back to sending attachments through email again. In case you haven't seen our recent livestream on the different ways you can share files, you can watch the recorded version on the left (don't forget to like and subscribe!). In this livestream, Chris and I focused on the benefits of sharing vs. emailing and we came up with 3 primary benefits. First, sharing provides increased security because of authentication requirements. Second, was the ability to co-author a document in real time (but that's another blog post). Finally, the last benefit was the ability to send really large files. The default message size limit in Office 365 is 25mb, but that can be increased to a max of 150mb by your administrator. So how much larger do you think sharing a file as opposed to attaching a file let's you send? 200mb? 500mb? 1000mb? Try 15gb! That is 100 time larger than the 150mb Office 365 message limit. For those of you who have not had a chance to use the share feature, let me show you how it works. Let's say you are working on a document in an Office program like Word or PowerPoint. In order for the share feature to work, the file must be saved to OneDrive. If your document isn't saved to OneDrive by the time you click the Share button, it will prompt you to save (figure a). Once saved in OneDrive, you'll see a new window where you can then enter in the recipient's email address (figure b) and choose a permission level for the document (figure c). Once you finish making your permission changes, you can then send the message by clicking send. By this point you may be asking yourself, if you aren't emailing the file as an attachment then how will the recipient get the file? It's a good question and luckily it has an simple answer. Take a look at your sent items folder in Outlook. You will notice you sent an email to your recipient when you shared it (or rather, OneDrive did). In that email, your document is not attached, but the body of the message contains an Open button. When your recipient clicks the Open button, they are taken to the shared document in your OneDrive library. That is how sharing enables you to bypass the recipient's file size limit. Your actual email only contains a link to your document and not the document itself. As Chris and I discussed in our livestream, clicking the share button from an Office document is just one way to share. I encourage you to watch the recorded livestream to see the other ways you can share a document. These other ways are useful for when you are dealing with a non-Office file, such as a PDF or even a video file. Break free from file size limits and start sharing.
During a livestream, we aren't always able cover everything on our agenda. As was the case in our ...
During a livestream, we aren't always able cover everything on our agenda. As was the case in our livestream with NOC Manager Sean Jacobs when he took us through a live phishing attack from both the attacker's and victim's perspectives. You can see part of the recorded livestream on the right. Though we were able to show what a phishing attack looks like and how easy it is to willingly give away your password to a malicious third-party, we missed the most important part! How to identify a phishing email and what to do when you are being phished. Well, Sean and I put our heads together and from the livestream demonstration, we came up with a list of 9 Red Flags that will help you determine when an email is legitimate or when you are being phished. Phishing Agents are getting a lot more creative than you probably think, so even though some of these may seem like no brainers, at the very least, one of our Red Flags should make you rethink what you know about phishing. Let's get started! Red Flag #1: Are you familiar with the sending address? Have you ever received a message from this person? Is that person asking you to click on something or download an attachment? Attackers will often "spoof" an authority's email address to make you take action, but if the message comes from out of the blue and it's also asking you to make a change to your account, you should be cautious. In this situation, reach out to the person who supposedly wrote the email to confirm its legitimacy. Side note: Do not reply to the email, contact the sender by phone or in person. If phishing agents sent the message, they could be the ones who reply back. Red Flag #2: If you are familiar with the sending address, inspect it closely for any misspellings. Instead of spoofing an email address, attackers will simply make a new domain that looks ALMOST like the real thing. Check for extra periods or S’s in the sender address. Be sure there are no missing letters or slightly different spelling. When we read words we tend to not read every letter. These two emails are different but easily confused. Red Flag #3: Urgency verbiage. Attackers will use language to make you act quickly and without thinking. They will say you must act immediately or risk having a negative outcome, such as losing access to your account or paying a fine. Don't panic, stay calm and look for other red flags. Red Flag #4: Bogus URL links. These are links that say one thing, but take you to a different place when you click on it. You can easily detect this red flag by hovering your mouse of the link included in the email. Don't click the link if you are suspicious of the real address displayed when you hover your mouse over it. You can always manually type in the URL you know to be true in your web browser. Red Flag #5: For our more technical users, look at the message headers to see where the message actually originated from. You can get a list of IP addresses your company uses from your IT department, or at the very least, send the message headers for them to analyze. Red Flag #6: Remember when I said phishing agents are getting more creative? Instead of asking you to reply back to their email with your password, they will direct you to a fake landing page where you can enter in your password for them. These landing pages can be convincing, but by taking a closer look, you can still spot the fakes. Look at the URL, if it is unrelated to the page you are on then it is most likely fake. Just like our advice for links in emails, if you are unsure of the page, manually type the URL you know to be true in your web browser. Red Flag #7: Continuing with the landing page, look to see if it is the correct one. Phishing agents may run the same campaign for years without updating the landing page they send you to. If you do get fooled into clicking the link in the email and it takes you to the old version of a website, you should not trust it. Red Flag #8: Your web browser is smart. It will tell you whether or not a website is trust worthy by using a security certificate. Legitimate websites will have a green security label and lock icon next to the URL. Although it is possible for scammers to fake this feature, if your browser says a website is not secure and has a red X or line through the lock icon, you should not trust it. Red Flag #9: Page Redirection. Let's say you are fooled into clicking the link in the email and you are also tricked into entering your credentials on the fake website. Did the page blip or ask you to re-enter your account information? No, you didn't enter in your password incorrectly, it's an indication you have been redirected from the fake website (which now has your account info) to the real website, where you can actually log in. What's the point? The phishing agent still needs time to log into your account with the information you just provided. If they make you think everything is ok, then you will be less likely to change your password before they get in. Changing your password is the first step you should take if you believe your account has been compromised, but you should also notify your IT department immediately. The longer you wait, the more harm a malicious third-party can do. However, by watching for these red flags, you'll minimize the risk of having your account compromised. Let's stay safe out there.
Don’t have an IT team in your small business? Still concerned about security? Well, that’s a good attitude to have. Just because you’re small doesn’t mean you’re not a target, and it’s worthwhile to take these ten simple steps to help keep mobile devices running smoothly and safely. Theft is the Biggest Risk Phishing, malicious websites, social engineering: all aim to steal your usernames and passwords, opening you and your company up to a wide variety of problems. Since anyone can be fooled, the best strategy is to make sure that a stolen password doesn’t offer the keys to the kingdom. Tip 1: Use different passwords for every application or system. This way, if one password is compromised, it doesn’t get the attacker any further traction. Tip 2: Keep track of all those passwords with a password manager, preferably one that synchronizes automatically to keep your smartphone, laptop and desktop all updated. *Bonus Tip: don’t worry about changing those passwords, and don’t make them super-hard to type. Length is the most important thing. Let your password manager suggest something long and secure (10-12 characters are good). Tip 3: If you can turn on two-factor authentication, especially for any financial services, now is the time. Even the simplest type of two-factor authentication, such as requiring a special code sent to your smartphone as a second password, is so much better than normal usernames and passwords and is well worth the effort. Turn on two-factor everywhere it is supported — it makes stealing your passwords much more difficult for the bad guys. Patch, Patch, Patch and Update There’s always a new security alert, but don’t forget that there are decades of old security alerts out there, too. Most people don’t get cracked by the newest thing — they’re compromised by something months or even years old, because they’re not running the current software. Tip 4: If you have just one smartphone, enable automatic software updates both for the operating system and applications. Simplify Smartphone Security with Mobile Device Management Tip 5: If you have more than one phone in your company to worry about, sign up for a cloud-based mobile device management (MDM) small business security solution (Samsung Knox Manage is a good example), and use that to enable firmware and application auto-updating. If it seems like there are too many updates, you may have too many applications loaded. Don’t forget that each one is a potential security risk. Paring down your loaded applications will speed your device, reduce updating complexity and increase overall security. Mobile device management is a great way to make sure that all smartphones have the same configuration for the most important security-related settings. If you’re using Microsoft Office 365, you actually get a very basic MDM tool for free, automatically installed and running on every mobile device that connects to your Office 365 account. Lock Your Phone and Wipe It When You Have To Tip 6: Smartphones are easily lost or stolen. Since most people leave their email and social networking logged in all the time on their phone, a passcode or PIN to unlock the phone is a must. Longer is better than shorter, but most people will only tolerate four to six numbers. Tip 7: Use biometrics if you can. Most newer smartphones have biometric unlock features, such as using fingerprint, iris or face recognition to unlock the phone. These aren’t perfect, but they can speed up the unlock process. They also reduce the chance of “shoulder surfing.” That’s when someone watches you type in your password, just before stealing your phone. Gesture-based passcodes, such as moving your finger in a particular pattern, are especially easy to steal — stick with passcodes and biometrics. Tip 8: If you have an MDM running (whether standalone or Office 365), you can use it to make sure that everyone has passcodes, automatic wipe after multiple failures, and automatic lock turned on. You should also look at remote locking and remote wiping features that are built into MDM tools. Most thieves will turn your phone off instantly — they’re usually interested in selling the phone, not the contents. Tip 9: If you misplace a phone, you can try to remotely wipe it or lock it using MDM. Some MDM tools have a “find my phone” feature as well, which can help track down a misplaced smartphone. Think Before You Connect Smartphones switch quickly between cell networks and Wi-Fi networks, but the security risks are not equivalent. Wi-Fi in your building, if protected by usernames and passwords, can be pretty safe. Open Wi-Fi is another matter — every time you leave the office and use public Wi-Fi, someone can easily monitor your traffic. Tip 10: The safest approach is to try and stay on your cell carrier’s data network as much as you can when on the road. Don’t be tempted by free Wi-Fi — if you have to, bump up your data plan so that you’re not worried about usage on the road. Unless you’re streaming videos, it’s unlikely you’ll exceed your data cap anyway. If your company is paying for multiple phones, you can usually find a plan that lets you pool your data, making overage charges even less likely. Using this list of ten simple tips, you can effectively improve security for small business smartphones, and focus on running your business with fewer worries.
As security incidents and events keep making headlines, Microsoft is committed to helping our ...
As security incidents and events keep making headlines, Microsoft is committed to helping our customers and the rest of the security community to make sense of the risks and offer recommendations. Old and new malware continues to get propagated through massive botnets, attackers are increasing focus on easier attack methods such as phishing, and ransomware attacks have evolved to be more rapid and destructive. The latest Microsoft Security Intelligence Report, which is now available for download at www.microsoft.com/sir, dives deep into each of these key themes and offers insight into additional threat intelligence. The report, which is based on Microsoft’s analysis of on-premises systems and cloud services, focuses on threat trends since February 2017. Anonymous data sources for the report come from consumer and commercial on-premises systems and cloud services that Microsoft operates on a global scale, such as Windows, Bing, Office 365, and Azure. At Microsoft, we have massive depth and breadth of intelligence. Across these services, each month we scan 400 billion email messages for phishing and malware, process 450 billion authentications, execute more than 18 billion web page scans, and scan more than 1.2 billion devices for threats. Here are three key themes from the report: Botnets continue to impact millions of computers globally. In November 2017, as part of a public/private global partnership, Microsoft disrupted the command-and-control infrastructure of one of the largest malware operations in the world – the Gamarue botnet. Microsoft analyzed over 44,000 malware samples, which uncovered the botnet’s sprawling infrastructure, and discovered that Gamarue distributed over 80 different malware families. The top three malware classes distributed by the Gamarue botnet were ransomware, trojans, and backdoors. The disruption resulted in a 30% drop in infected devices in just a three month-period. Easy marks methods like phishing are commonly used by cybercriminals. As software vendors incorporate stronger security measures into their products, it is becoming more expensive for hackers to successfully penetrate software. By contrast, it is easier and less costly to trick a user into clicking a malicious link or opening a phishing email. In 2017 we saw “low-hanging fruit” methods being used such as phishing — to trick users into handing over credentials and other sensitive information. In fact, phishing was the top threat vector for Office 365-based threats during the second half of 2017. Other low-hanging fruit for attackers are poorly secured cloud apps. In our research, we found that 79% of SaaS storage apps and 86% of SaaS collaboration apps do not encrypt data both at rest and in transit. Ransomware remains a force to be reckoned with. Money is ultimately what drives cybercriminals, so extorting cryptocurrency and other payments by threatening potential victims with the loss of their data remains an attractive strategy. During 2017, three global ransomware outbreaks—WannaCrypt, Petya/NotPetya, and BadRabbit—affected corporate networks and impacted hospitals, transportation, and traffic systems. We found that the region with the greatest number of ransomware encounters was Asia. The ransomware attacks observed last year were very destructive and moved at an incredibly rapid pace. Because of the automated propagation techniques, they infected computers faster than any human could respond and they left most victims without access to their files indefinitely. A key insight in the report is that these threats are interrelated. For example, ransomware was one of the most prominent types of malware distributed by the Gamarue botnet. Another example is that cybercriminals are attempting to take advantage of legitimate platform features to attach a ‘weaponized’ document (for example, a Microsoft Office document) containing ransomware in a phishing email. What can be done in the enterprise? Following standard information security practices, such as keeping software and security solutions up-to-date, is important. The proliferation of low-cost attack methods such as social engineering is a reminder of the importance of security awareness training for employees to keep them apprised of latest phishing techniques. The report covers more detailed recommendations. Research and engineering teams from Windows Defender, Office, Azure, Bing, the Microsoft Digital Crimes Unit, and others generously contributed their findings and insights to this Security Intelligence Report. You can download it today at www.microsoft.com/sir. Finally, tune into our webcast on April 10, 2018 at 10am PDT: Microsoft Security Intelligence Report Volume 23—Breaking Botnets and Wrestling Ransomware, where we’ll do a deep dive on the insights from the Security Intelligence Report and discuss recommendations on how to protect your organization. Register today. For our perspectives on additional trending threats and topics, check out the Microsoft Secure Blog, and the Microsoft Security site to learn about Microsoft’s enterprise cybersecurity solutions.
Microsoft Office 365 Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyberthreats, including ransomware. Kirk Koenigsbauer, Microsoft's corporate vice president for Office, said subscribers to these two Office productivity suites will receive additional measures to protect against ransomware, email-based threats, stronger password protection and advanced link checking in Office products. The first new ransomware defense has the company bringing its File Restore feature over from OneDrive for Business to the consumer-level OneDrive accounts. Files Restore allows you to restore an entire OneDrive account to a previous point in time within the last 30 days. This would allow a person to rebuild or replace any files encrypted by a ransomware attack, Koenigsbauer wrote in a blog. Microsoft's next step is adding the ability to detect a ransomware attack in progress in Office 365 and then lead the victim through the recovery process. “If an attack is detected, you will be alerted through an email, mobile, or desktop notification and guided through a recovery process where you'll find the date and time of attack preselected in Files Restore,” he said. For 365 users who share important information via email or through links, Microsoft will enable password protection for these actions. If the subscriber so chooses he or she can set a password that has to be input to access a shared file. Microsoft believes this will protect a document if it is accidentally shared with an unauthorized person. Also on the email front, Outlook.com will now offer end-to-end email encryption and an Outlook user can now prevent an email, and any attached documents, from being forwarded beyond its intended recipient. The final security upgrade has the company bringing its advanced link checking technology to Word, Excel, and PowerPoint from Outlook.com. Microsoft Word has recently become a popular conduit for cyberattackers who used the documents and their various vulnerabilities to launch fileless attacks. “Starting later this year, links you click in Word, Excel, and PowerPoint will also be checked in real-time to determine if the destination website is likely to download malware onto your computer or if it's related to a phishing scam. If the link is suspicious, you will be redirected to a warning screen recommending you don't access the site,” Koenigsbauer said. Microsoft added this advanced protection to Outlook last fall.
https://www.youtube.com/watch?v=UfBGtfcHXQ8 You won’t hear a lot of cyber security companies like ours talking about it, you wouldn’t guess it from the news, but Ransomware attacks are actually on the decline. The first couple years of ransomware’s popularity it was everywhere and was growing fast. Few were prepared for it, so attacks could be carried out on a massive scale and be effective. 2017 saw a 70% decline in its use. So does this mean, ransomware is going the way of the floppy disc drive? Unfortunately, ransomware attacks are still the modern-day shakedown that organizations of all sizes face. That’s because while the quantity of the attacks has declined sharply, the quality has become downright scary. Attacks have gone from random widely-cast nets preying on only the companies and individuals that would fall for their social engineering attacks to laser-beam focused smart attacks that only require one employee to make a single mistake over the course of weeks or even months of relentless and varied attacks. How did a big city like Atlanta get breached? Facts around precisely how Atlanta was breached and if they’ve paid the $51,000 ransom to regain their data yet are unclear. However, we serve a variety of government clients and we see attacks that if successful could bring similar damage to the Atlanta attack constantly. These are attacks that cybersecurity experts look at and wonder if even they would fall for them, much less the least technology savvy employee in a government office. The fact is, compared to most organizations, government agencies have more data and less resources to protect it with. Having worked with government of various sizes and around the world, we get what the obstacles are, and while it can sometimes be frustrating as a taxpayer, those obstacles are totally valid. Perpetrators of ransomware attacks are increasingly large organized crime syndicates instead of random individuals. If they want to get a password to a critical system out of your most gullible employee, they are going to. What you must do as a city leader is ensure that even with a password, the criminals can’t do much damage. What can I do? Multi-factor authentication like I wrote about last week, is one of the best ways to make sure only authorized users can get in, but there are also systemic protections like Advanced Threat Protection (ATP) and Data Loss Prevention (DLP) from Microsoft. ATP blocks harmful messages from being received in the first place, and identifies information leaving your business, and alerts you when something sensitive is sent, or prevents it from being sent. Also, be sure that your email domain has an SPF record set up for it. In general, it’s important to know that an ounce of prevention is way better than a pound of cure when it comes to ransomware. There are plenty of tools to help keep your organization safe, you just need a partner or employee with experience using them to find a place between absolute protection and balancing that imperative with making it usable for users without being too onerous. PSA: don’t pay the ransom if you can help it. It only makes the problem worse for everyone and more than half the time you don’t get your data back after paying a ransom anyway. Did you know that breeches like the one that happened in Atlanta last for a mean duration of 140 days. What could someone learn about you company if they had access to your email for 140 days?