Achieving eDiscovery and Compliance Archiving requirements in 5 steps
Signing up for the Compliance Archiving service is the first step in reaching regulatory compliance when it comes to email retention and eDiscovery. The following five steps will put you on the right path of achieving and maintaining that compliance:
1.Understand what you need to keep and for how long.
Your regulatory/oversight body will provide details about how long you are required to hold on to your email. In our experience with Compliance Archiving, you also need to pay attention to the Statue of Limitations that your business may be liable for. Very often the discovery process for lawsuits includes legal hold requests and record requests that are longer than regulatory requirement.
2. Get the right product and implement it correctly.
Your compliance has to be all encompassing – all email must be archived. With ExchangeDefender Compliance Archiving all of your inbound, outbound, and interoffice email is collected, archived and protected in the cloud. You can search for any document at any time and be certain that it has not been tampered with and that no emails have been deleted – something that sets our eDiscovery/archiving apart from backup solutions.
3. Keep an eye on it to make sure it works
Just setting up a compliance archiving solution is not sufficient enough. there is no protection for technical negligence in regulations. You are expected to keep your mail server and everything connected to it secure. Penalties for data loss, compromised credentials, and data leakage are severe and are not a valid excuse for not having compliance.
4. Create Compliance Officer reports frequently.
Compliance Officer within your organization must create reports on a monthly basis to assure no confidential information is allowed to leave the organization. Some industries have an even more specific and severe restriction on the type of communication that can take place over email and what sort of information can be sent – compliance officers run eDiscovery reports to assure nothing confidential is being shared and address problems and exceptions routinely
5. Routinely audit the entire system to maintain compliance.
Organizations grow and change over time and remaining compliant with new regulations is key. ExchangeDefender Compliance Archiving service often sends out advisories, best practices, tips and suggestions to adjust your process because you are always expected to be in full compliance with the latest requirements. Every time you add a new employee or change your mail server configuration or new lines of business – compliance must extend to cover these new records that may be of interest to someone down the road.
“One of the biggest mistakes organizations make with regulatory compliance is thinking that it’s a service, product or a one-time effort: quite the opposite!”
Achieving regulatory compliance means implementing the right product, conducting routine audits, complying with changes in regulations and having full control of the environment where messages are stored as employees come and go.
In the event of an audit, you will be asked to produce record and you will be judged on your ability to provide specific records that are requested, not the best effort you made in trying to achieve compliance. Considering the fines and legal complications, it makes sense to revisit the five steps outlined here annually and make adjustments as necessary.
ExchangeDefender introduces email delivery service for IoT, devices, printers and services.
ExchangeDefender (Beta) production is really picking up steam with the modern codebase and we wanted to launch a line of solutions to problems that have either been a challenge over the years or are expected to become a management issue going forward. One such area is the subject of service accounts that are only used by devices, printers, CRM solutions and notification services. We now have a separate system designed to allow SMTP-notification devices and services to relay through the ExchangeDefender network.
Quick rewind: Long, long ago during the great SMTP vs. UUCP dark ages, message exchange was trusted and trivial. But once it started getting abused by spammers and hackers, each ISP decided to implement their own flavor of SMTP traffic restrictions and regulations to curb the abuse. It became exceedingly difficult to relay mail from a consumer and business-level broadband connection but as more services and devices come online they defaulted to the standard SMTP protocol to send notifications and messages. Unfortunately, because ISPs still have their policies that are constantly shifting, trusted third party SMTP solution is needed but managing it is not something that is viable as a business model.. yet.
Today we are happy to announce that our clients will be able to allow devices and services to relay mail back to themselves using our SMTP relay service.Without having to mess with complex Exchange settings or ISP restrictions. Just create a relay credential, set the SMTP client in the SSL/TLS mode and use a special SMTP server on our network to relay mail via 587 (ISP may still be filtering that port, but that should be easy to fix)
-
New feature is available in the beta portal under Domain Admin > Accounts > IoT Accounts:
-
Just add a new account and you will be prompted for some basic information such as email address and description of the device/service used.
You will notice some important warnings/restrictions about this service (No, you can’t be a spammer or use this in a shared environment where it can be hacked) and that’s literally all you need to get started. It’s really just that simple. Best part? No management, licensing or tools to set up: just the ExchangeDefender SMTP relay network.
This feature is supported (even though it’s beta) and it’s free!
We hope you enjoy this and would welcome suggestions about which features you’d like to see in ExchangeDefender now that you have a better idea of where we’re going with the development of our messaging platform. We’re obviously going to tweak these services as we get a better idea how they are used and how much management they require on our end.
ExchangeDefender UI
ExchangeDefender is getting a completely new user interface and user experience. We are very excited to get this new UI in front of all of our users and I’m happy to report that the new UI will be live next week! Here is a sneak peak:
To find out more, please watch the recording of the webinar available here.
In a nutshell: Our business is continuing to evolve into helping organizations communicate smarter and more securely. This is increasingly involving systems other than email and the traditional Exchange+Outlook solution is no longer enough to meet the requirements or regulatory reporting needs of businesses. Not to mention privacy, integration, reporting, audits, legal holds: all something organizations of all sizes come to ExchangeDefender to address.
At the same time, we realize that our partners need help addressing these challenges and we are here to help and augment your existing practice and solution set. Click here to download the webinar and please let me know directly if you see anything you desperately need!
-Vlad
CEO, ExchangeDefender
How to kill SPAM without using ExchangeDefender
65% of all emails sent are spam, what’s the solution?
At ExchangeDefender we kill SPAM for a living. We spend a ton of time and energy identifying, filtering, and destroying junk mail. If you’ve ever wondered how you could make your email experience better, even without the massive layered security that ExchangeDefender provides, these are the steps you could take today:
1. Configure strict SPF/DKIM DNS records
SPF and DKIM (DMARC) can help you protect your domain name from being used in SPAM mailbombs. Spammers will often use real email addresses and domains to send forged “spoofed” email messages and SPF/DKIM provide a mechanism for identifying which email server/platform you use. By setting up an SPF/DKIM you can tell places that are receiving email from your domain what to do if the message wasn’t actually sent from you. If your inbox is full of email bounces and non-delivery receipts, someone is using your email address to send junk mail and an SPF/DKIM record will practically eliminate bouncebacks.
2. Get rid of generic email aliases
At ExchangeDefender we manually process SPAM complaints from our customers – that’s how we train our system to eliminate messages that otherwise make it through because they are legitimate in every way we can automatically process them. The number one way to get a ton of annoying email that may be on the borderine between legitimate commercial mail and an unsolicited one: generic email aliases. If you get info@, sales@, admin@ or so on, you are painting a giant bullseye on your Inbox and practically begging to be spammed.
3. Unsubscribe from newsletters
I know, I know, everyone that has your email address supports CAN-SPAM , would never send you unsolicited mail, would never sell their client list… and even if you believe all those lies most of the time, people still get hacked. All the time! As do their ISPs and infrastructure along the way. If you want to reduce the amount of junk mail you deal with, simply reduce the number of places that have your email address. Simple!
4. Don’t click on everything in your Inbox
Sometimes SPAM gets through. Sometimes dangerous stuff from your friends and colleagues gets forwarded around. Sometimes your antivirus isn’t up to date. Sometimes the firewall virus protection is misconfigured our expired. Things happen: none are a good excuse for the simplest thing you can do: avoid clicking on anything in messages that look or seem suspicious.
5. Do not blindly whitelist major ISPs
The second biggest source of SPAM complaints at ExchangeDefender is actually completely self-inflicted: people whitelist major email providers and wonder why blatant junk mail keeps on “slipping through” as whitelisted. Go through your whitelist entries in Outlook, etc and make sure you aren’t whitelisting Gmail, Outlook, Yahoo, Verizon, AT&T, Hotmail or any of the widely used and abused email domains. Spammers know your email admin doesn’t want to deal with complaints about messages you’re getting from these platforms so they treat them more leniently – so spammers simply abuse them.
It’s really that simple – following these steps will cut your junk mail pile in half within a day. If you want to reduce it to less than 1%, ExchangeDefender is here for you for less than a buck a month or you can layer it and add more protection if you need it because time is money: but no amount of technology and automation can replace just a little bit of common sense.
Federal Trade Commission
CAN-SPAM Act: A Compliance Guide for Business
The official website of the Federal Trade Commission, protecting America’s consumers for over 100 years.
VIDEO: Live Archive keeps emails up, and running!
So here is something that has always worked for me: everyone hates outages. Regardless of why I’m invited to speak to anyone about ExchangeDefender, and the billion problems we solve, I am here to help you with just one thing: uptime. If things are working, we can sort everything out, but the fear of the new unknown solution causing downtime is the #1 thing your client is thinking about. So address it first.
Posted by ExchangeDefender on Thursday, March 29, 2018
What’s this video about? Live Archive.
So here is something that has always worked for me: everyone hates outages. Regardless of why I’m invited to speak to anyone about ExchangeDefender, and the billion problems we solve, I am here to help you with just one thing: uptime. If things are working, we can sort everything out, but the fear of the new unknown solution causing downtime is the #1 thing your client is thinking about. So address it first.
What is Live Archive?
Access your email via the cloud when outages happen.
Organizations are constantly facing internet and email outages, maintenance cycles and service unavailability. The key to productivity is being able to access your email even when outages happen Exchange Defender LiveArchive Business Continuity is the solution.
As you send and receive email, we make a copy and store it on our network – when you experience an outage you can just pull up a webmail system on your computer, tablet, or phone and continue where you left off.
Visit Exchange Defender: Email Security, Archiving, and Business Continuity solutions
Why is there suddenly a heavy demand for Encryption?
Email encryption is on the rise, ExchangeDefender offers two types of encryption.
What is behind the growth in the adoption of email encryption?
Over the past year we’ve seen an explosion in sales of ExchangeDefender Email Encryption – which is a surprise given that we’ve not only had it for years but that we’ve also given it away for free. HIPAA has been around for over 20 years, dozens of other regulations that almost all companies ignore have been gone for just as long – so why now?
In one word: penalties.
Companies have long known that they can’t operate efficiently without email – and that they cannot just move files around “just to get it to them” once they see the penalties. But selling a service to someone that has avoided using or paying for it is never an easy discussion so here are the 3 quick questions that should lead you to an effective pitch in under 1 minute:
1. Who sends you encrypted messages?
2. Who could get hurt if this information went public?
3. What is your exposure? How much negligence insurance do you have?
The more they mumble, the more of those questions they cannot answer, the more details or costs or scope they don’t understand, the more they need it. End your question with this line: How comfortable would you be having this conversation in a legal deposition?
Grow your business: Positioning ExchangeDefender’s Encryption feature.
Elevator pitch: How to position ExchangeDefender Encryption as an answer to all of the above problems
→It is included in your ExchangeDefender Pro subscription and it’s transparent – no software to install, nothing to manage or configure.
→ You’ll be using the same process and same security major banks, health care providers and lawyers use – so you’ll be protected from most critical security exploits.
→ Finally, it’s dead simple to use – all your employees need to do is put [ENCRYPT] in the subject when they are sending the message. Doesn’t matter if it’s on the phone our Outlook or Outlook Web Access, it just works.
Ding. You’re done. It’s virtually impossible not to sell this service – and it’s desperately needed by anyone using email to do business or conduct confidential discussions. One more thing: Because encryption is transparent and on demand in the cloud, it also protects you when the security issue is on the recipients end – because email is never stored on their PC or device, if someone hacks their network they won’t be able to get to the info stored in your encrypted message!
If email is a business necessity then email encryption is it’s insurance policy.
If you discuss business over email, then anything confidential that should be in that email should be a matter of employee communication protocol: If you attach something sensitive to this message, you better encrypt it and CYA. This is the way things go at banks, with lawyers, with accountants, with realtors and at nearly every white collar job: Nobody wants to assume the liability so they’ll all do what it takes to protect the data.
And with high profile hacks and compromises in the news daily, is not having it worth risking the whole company?
XD Service Manager Beta Release
We are very excited to announce the launch of the new XD Service Manager that will allow our partners and their clients a much friendlier way to manage their Exchange services. This is a complete rewrite of the code – frontend and backend – and we’ve taken all the feedback and made the beast much friendlier both for smaller accounts as well as for enterprise clients with tons of users to manage directly. The goal was to entirely remove the IT department and “the PowerShell guy” from the equation and put power user tools at your disposal to quickly and effectively make changes on the mass scale.
But first, the frontend – full rewrite – with new responsive UI and controls. Previous jQuery UI that has been hacked, tweaked and kicked along for years is being replaced by this UI that will work as well on the desktop as it does on any mobile device:
Navigation is in line with typical modern design you’ve seen in many other web applications with ability to filter, scope, search and quickly apply changes to multiple accounts.
Actions are context-based, meaning you will not be refreshing the entire page in order to get search results or do quick changes on multiple accounts. We’ve fully extended the Exchange feature set in the new UI giving you the ability to centrally manage all aspects of your Exchange service without having to go back and forth between different screens or modules (so in that regard, it’s even easier to deal with than an Exchange management console)
Finally, and perhaps most importantly, the new service is very end-user friendly. While 90% of the feature requests for the new service manager came from our power users that expressed a lot of frustration with the speed and accessibility of the portal, we needed to recognize the reality of who manages IT in 2018 – it’s no longer the IT guy or the IT department – users want to be able to take control of their public folders, distribution groups, forwarding, password resets and so on – so our design had to take that into account as well:
As you can tell, the new Service Manager is far friendlier and uses the same wizard approach in the end-user mode that they are likely very familiar with. Because we’ve done very strict implementation on the backend (with all the regulations we are now responsible for), it’s virtually impossible for them to make a mistake. Unfortunately for some of our unskilled IT folks this means no more “Password1” or “NoSPAM” or “Princess1!” as a password going forward but everyone will be experiencing far fewer problems as a result of it.
Better reporting as well – you’ll be able to get the full overview of configuration, who uses what, where they are at and so on.
The new Service Manager goes into Beta next week (last week of March 2018) and will run in parallel with the existing Service Manager (on the same site as https://support.ownwebnow.com) as we get more feedback from our entire user base – so don’t worry about this springing up on you as a surprise. You will see the new link on the Dashboard and will have the ability to access the new infrastructure from there. Both will continue to work for at least a month.
This is also the new UI framework for Shockey Monkey: which we have been working on for a year now. The same infrastructure, MVC, UI and upgraded backend are going to be driving ExchangeDefender, SM, XD and all other services which means that you’ll very soon be managing everything from the same look and feel that will be extended to your site as well. What it ultimately means is that the new UI will follow your branding and your color schemes and no matter where in the ExchangeDefender universe your client ends up, they will be dealing directly with your brand.
And we’ll be there in a live chat to provide support and help them out with every service.
Thereby ultimately managing the entire communications, collaboration and business management platform end-to-end. Very exciting times ahead!
-Vlad
CEO, ExchangeDefender
Attachment download: New Service Manager Partner Guide (pdf).
Do’s and Don’ts: Selling your clients on Email Security Solutions
Learn more about the do’s and don’ts when selling security solutions
Let’s face it, most IT solutions in the business process fail because users don’t use them. They don’t use them because they see it as another unnecessary time waster in the process they are already accustomed to and count on everything being yet another thing management will soon forget about because they don’t work the same issues all day long. Sound familiar? All the new, cool, better, smarter ways of doing something will always lose to users unwillingness and inability to change. Until someone loses their job or the company gets sued for negligence. Oops!
So, what should you be talking about with your clients?
1. Don’t talk about backups – talk about long term email archiving and ediscovery.
2. Don’t talk about encryption – talk about safely getting data over without getting hacked.
3. Don’t talk about SPAM – talk about fake senders, fake links
4. Don’t talk about Phishing – talk about identity theft, compromised passwords and bank accounts.
5. Don’t talk about Compliance – talk about setting business standards and avoiding lawsuits.
6. Don’t talk about Web File Sharing – ask how they get important documents to their clients or vendors?
7. Don’t talk about Malware – ask them what they currently do to protect their staff from taking down the whole office.
Your clients have been hearing about SPAM and Virus protection for over a decades now, they view it the same way they view every other software license cost – part of doing business. The problem in 2018 is that it’s no longer just the technology complexity dictating business spending, regulatory bodies and government are getting involved in it too. Nearly every industry is subject to some new regulation, record keeping process, security audit, assessment or other “time waster” that they will have to deal with. So start clipping news articles and send them headlines with the message “We really need to set you up with ExchangeDefender so you don’t end up in the next article” – and I don’t mean it in a sarcastic or fear mongering way at all, nearly a quarter of my office time goes to time travel discussions and things businesses wished they had in place before they got in trouble. Talk to them now.
The Bottom Line:
Businesses you are trying to sell technical solutions to are already dealing with a lot of nightmares related to technology. They don’t want another thing to manage, report, customize, tweak and learn: they want something that reduces all of that work. That something is ExchangeDefender, all-in-one, end-user friendly email solution that removes things they don’t need to look at and makes stuff they are looking for easy to find.
I encourage you to talk to your clients less from a technical solution standpoint and more from the business process implementation. Yes, they may trust you because of your technical expertise but what you need them to understand (and what will ultimately earn you the business) is which business issues are going to be addressed by spending a few dollars a month. If they can identify with the problem, they will pay for it to go away because everyone is always trying to reduce costs and labor is the biggest one of them all. Help make them more productive.
ExchangeDefender Address Book Lockdowns
Effective March 1st, ExchangeDefender will only allow delivery to email addresses that exist in our Service Manager or ExchangeDefender Admin Portal. This is a non-event for 99.999% of our clients (it’s only being mentioned because it’s a refresh of the AUP/TOS policy) and it is intended as a security precaution against threats we’re seeing in the wild and on our honeypot networks.
The Problem
ExchangeDefender as an SMTP proxy will scan and deliver any email targeted at a protected domain. Even though we sanitize each message and do not permit dangerous content through, if the email address does not exist on the clients server, the message will bounce to the sender. Now, imagine that sender doesn’t have an SPF/DMARC, and imagine that the address itself is spoofed – now send that message a few thousand times and an attacker can destroy a mailbox simply by overloading with non-delivery receipts and bounce messages.
Why this happened in the first place
Bad automation. It happens, and when it happens on a scale of ExchangeDefender, it creates an issue. So to minimize complaints, we just stopped actively enforcing address book validation. To those of you protecting servers on networks outside of ExchangeDefender’s control (think Google, Office 365, etc) the management and addition of new addresses will become automatic. Here is a peak at our new support portal. It should make a lot of you very happy.
Figure 1: Service Manager. Instead of having a ton of accounts in the listing, everything is now logically grouped by a Company. This way whenever you go to manage one client you only see the users belonging to that client and any addition or modification will pull pricing, configuration and meta data from that organization’s settings. This should virtually eliminate mistakes, billing issues and configuration problems.
Figure 2: Adding a new mailbox. The process is streamlined, clean and remarkably simple. The reality is that IT departments are no longer in charge of this anyhow, neither are our MSP partners. Businesses want the ability to control memberships, configurations, distribution lists, permissions and everything in between.
Figure 3: Mailbox permissions, settings, etc. There are several screens for this but needless to say we’re looking to expose a lot of the features that can be managed granularly in a way that businesses expect them to. Let’s face it, your average office manager dealing with the new hire isn’t about to fire up remote PowerShell; Strong passwords, additional features, granular control, public folder and distribution group membership templates, etc are all coming soon.
Other really cool stuff is coming very soon as well, we’re pretty excited with what we’re building and delivering… but the focus for us always remains on the security and safe communication – and everything that supports it goes hand in hand.
Client Support – Can’t someone else do it?
On February 1st, ExchangeDefender will officially start providing end user support for all email issues related to our platform. For our many partners and resellers this means that we will, under your name and brand, take and place calls and help your clients solve email problems. At no additional cost, across our entire Pro line of services: ExchangeDefender Pro, Exchange Pro, Compliance, and Encryption.
It just makes sense. Our entire service lifecycle is structured around ITIL, integrates into our partners support infrastructure seamlessly, is covered by our SOC1 and SOC2 audits, comes with advanced reporting, security/id, session and call recording… and a lot more that we cannot publicly disclose. But if you join me:
Wednesday, February 7th, Noon Eastern
Click here for the NDA & Instructions
This is going to be one of the denser webinars we’ve ever put together and the audience includes everyone from management down to helpdesk – what I have on deck is a layout of our service model, our scope, our escalation policies, our compliance protocol, authentication and validation service, etc. Consistency in this service is key so winging it or improvising isn’t an option.
-Vlad
P.S. I encourage you to check this thing out live. If you think this will be a service you offer down the road, this webinar (minus the Q&A) will be required viewing and the software will track attentiveness so if you even mildly care, I’d tune in or make someone at the office watch it.