BETA: Advanced Features in Admin Portal
We’re moving things around a little to make the platform easier to use and to expose more of the ExchangeDefender security settings. The threats are only getting worse and we need to be more flexible in order to protect you.
Over the next few blog posts we will be introducing you to a more polished ExchangeDefender look as we consider user feedback and change around the overall user experience. It’s no secret that we’ve been making ExchangeDefender friendlier and friendlier and I can’t wait to reveal why… soon.
In the meantime, allow me to introduce you to the ExchangeDefender Advanced Settings. These settings are controlled under the Domain Administrator section of https://admin.exchangedefender.com:
ExchangeDefender helps bridge the need for security and productivity: If the security tool is too convoluted, takes too many clicks, features lots of paragraphs instead of intuitive controls — it’s simple to see why casual users get their security compromised and experience nothing but frustration just trying to get to their email.
We’re changing all that and look forward to introducing you to the new ExchangeDefender shortly.
Education sector big target for hackers, lacks data security
Data encryption used to be optional, but not anymore. In the past, when we referred to encryption, we thought of hi-tech industries with high profile secrets. Encryption is the digital process of taking regular text, like your email or sms messages, and creating an unreadable “code” to protect the plain text. This proven method ensures the confidentiality of the original text. Now, your local small business, and local educational institutions require added security to protect their data from being hacked.
Education industry is a prime target for hackers
Surprised? We’re not. The education industry consists of services from pre-kindergarten all the way to post-secondary institutions. It comprises of organizations that provide lessons and training on a wide array of subjects. These institutions, (both private and public) include K-12 schools, colleges and universities, and job training centers. Can you imagine the large volumes of sensitive data that the education industry holds? Every one you know, including yourself has received some form of education, and therefore have submitted personal information that can be stolen by hackers. The most common forms of information students and staff must submit include: DOB, social security number, home addresses, medical records, and more!
Current struggles that schools face
The biggest challenge that institutions face today is the ability to protect students and staff information. The sheer volume of data that a single school incurs in a single academic year is astronomical. Right now, the industry is lacking the security tools needed to store, and manage sensitive information.
The education sector is finding it hard to comply with the biggest data security mandates, FERPA, and HITECH. FERPA or (Family Educational Rights and Privacy Act) is a federal law that gives parents the right to access their children’s education records. HITECH is The Health Information Technology for Economic and Clinical Health Act, which has to do with the use of electronic health records. This mandate protects educational institutions from penalties from lost or stolen data if they can prove that their data was encrypted prior to a breach.
From an internal perspective, one could assume that the adoption of an institution-wide policy mandating the use of encryption would be difficult, and time-consuming. In the past this may be true, but modern encryption is now cloud-based, and is easy-to-use making a full adoption fast and painless.
The next big challenge is cost. Most schools have a budget for the year that determines what services they can afford. Before, having encryption involved physical disks and hardware making it extremely costly. However, the strongest encryption software products today are available online with no pricey overhead, or storage restrictions.
Big benefits from encryption awaiting Education sector
Every school, and training center should be rushing to use encryption. There are many benefits that could solve Education’s biggest data security challenges. Firstly, encryption enables secure, and compliant communications between educators, students, and parents. It would offer a secure method to share sensitive information, and would provide seamless collaboration.
Second, an encryption software would ensure data privacy. It enables schools to fully comply with current security mandates. Educators can create custom encryption policies that ensure that student data privacy is met by triggering encryption mechanisms automatically.
Using encryption would enable schools to have full visibility of all information being shared, read, forwarded etc. Educators can get instant confirmation alerts when students or parents access encrypted messages. The detailed reporting would satisfy both the FERPA and HITECH directives for educational institutions.
Orlando’s #1 Cybersecurity provider launches small business plans
Orlando, Florida – Smaller businesses can now secure their employees, email, and data for less than $5 a day. Orlando’s top cybersecurity provider, ExchangeDefender has just launched affordable cybersecurity services for small business via its sister company – 365 Defender. Dubbed the “original email experts”, 365 Defender protects businesses against data leaks and email threats like SPAM, phishing, spoofing, malware, and much more!
9 out of every 10 cyber-attacks start with just a simple email. Over half of all U.S businesses lack proper security, making them an easy target for cyber-attacks. 365 Defender is designed to offer SMBs the ability to protect themselves without having a hefty IT budget.
“We are a small business ourselves. We know that most SMBs don’t have a big budget for IT, or cybersecurity. This is why we leveraged ExchangeDefender technologies and expertise to create reasonable options via 365 Defender.”
– ExchangeDefender CEO, Vlad Mazek
Service offerings range from Email Security for Outlook and Gmail, to Encryption software that can send secure messages to emails, urls, and text messages. The monthly fees are small business friendly with the cheapest service being just $3 per user, per month. There is no yearly contract commitment, giving businesses complete flexibility to satisfy their ever-changing IT needs.
To learn more about 365 Defender, and to subscribe to a service plan, please visit our website www.365defender.com. Get a free 14-day trial for your business today!
365 Defender is owned and powered by cybersecurity leader, ExchangeDefender. ExchangeDefender specializes in providing email and data security to enterprise since 1997. Headquartered in Orlando, Florida – the IT firm has just launched service plans for small business in hopes of keeping companies safe regardless of their size and budget.
ExchangeDefender CEO talks email-borne threats with Cybernews
Recently, Cybernews reached out to ExchangeDefender CEO, Vlad Mazek to learn more about how we keep businesses safe from cyber-attacks using top of the line security solutions. The informative discussion centers around the topic of cybersecurity, and what that means for the modern business.
With the recent rise in phishing attacks, it is smart to double-check if it’s really your coworker that emailed you.
By now, it’s probably hard to find an Internet user who has never received emails from someone claiming to be a long-lost relative who wants to share their fortune. While the majority of us are familiar with this type of malware, phishing attacks shouldn’t be underestimated. Nowadays, when threat actors start to include more personal details, posing as coworkers or even bosses, staying vigilant is key.
To discuss the topic of cybersecurity and phishing prevention, we reached out to Vlad Mazek, the CEO of ExchangeDefender, a company eliminating email threats before they even reach your inbox.
ExchangeDefender has been providing various security solutions for more than 2 decades. What was your journey like throughout the years?
We originally started ExchangeDefender to improve the reliability of our Microsoft Exchange servers by offloading all the security tools to a more scalable infrastructure. Over the years we’ve expanded our security portfolio to protect other email servers, as well as deliver more secure ways to rely on common office tasks such as file sharing, collaboration, and compliance.
Can you tell us a little bit about what you do? What are the main problems you help solve?
We used to say “We kill SPAM for a living” and to this day we simply eliminate common threats that lead to security compromises and service outages by providing email encryption, long-term archiving & eDiscovery.
We make it easier to rely on email for secure and reliable communication; which we do by keeping potentially dangerous content away from your webmail, mailbox, desktop, or phone. Simply put, we make it easy to get things done more securely.
What technologies do you use to detect and stop threats in their tracks?
We primarily rely on our internal early warning system which tracks unusual activity from known threat actors. Because of our size and client base, we often have the luxury of being among the first to be targeted which helps us identify safe and unsafe developments before they go “viral”.
We also participate in many proprietary, open-source, and data/intel sharing projects that help raise the security profile of everyone involved.
How did the pandemic affect the cybersecurity landscape? Were there any new features added to your services?
Pandemic actually improved the security landscape for our clients because they suddenly had to shift to a remote work model which inherently came with more stringent security requirements and more awareness for security policies and secure collaboration.
We noticed a significant shift from traditional office communication methods to SMS/TXT and we moved quickly to make all of our services SMS-aware. Mobile phones have become a security identification token, a mobile presence device, and far too often a failover computer. That’s why we invested heavily in extending our services to meet our clients’ needs to go beyond just sending email messages.
What sectors (for example, financial, healthcare, etc.) do you think should put extra attention towards email security?
The best way to answer this question is to think like a hacker because for them it’s not personal, it’s business.
Organizations get compromised for one of two reasons:
- They have assets (data) that are valuable
- They have a reputation that is valuable
If you have a lot of valuable data or a trustworthy relationship with your clients, you’re a valuable target regardless of your industry. It would be difficult to hack a financial institution because they have dedicated IT and security teams, go through routine audits, and can respond to threats quickly. Compare that to a small CPA firm that uses standard tools and an antivirus bundle that came with their PC.
When it comes to cyber threats carried out via email, what are the most common ones?
Email is the most popular way to get cyber threats into an organization, according to a recent study over 90% of security compromises started with email and it has not changed significantly in the past few years: the #1 cyber threat is from spear phishing. Spear phishing is a practice of forging the identity of the sender and the look of the email to something the recipient would find trustworthy enough to click on. What has changed significantly is the end goal of spear phishing:
- Deployment of RAT (Remote Access Trojan) software
- Theft of PII (personally identifiable information)
- Theft of security credentials
This list actually flipped in the last two years mostly due to the sophistication of RAT software that can give an attacker access to the entire network instead of just a single PC or cloud account. The latest variants target UEFI bios which keep the threat in place even after you get rid of the infected hard drives. As these threats evolve, they also highlight other security issues on the network which makes them difficult to remove and require constant monitoring.
With so many teams working remotely nowadays, what are the best practices when it comes to secure file sharing?
The single most important recent advancement in overall IT security that really deserves wider adoption is the use of MFA/2FA/OTP: multi-factor authentication that requires secondary verification before accessing any sensitive system or information. Working remotely, outside of a managed network and access to IT staff, creates a new universe of security threats that should be mitigated by:
- Deploying & requiring MFA for access
- Deploying a more aggressive backup and imaging solution
- Controlling and reducing the attack surface (by limiting access only to required web sites & services)
Besides secure collaboration solutions, what other security measures do you think modern companies should invest in?
You are probably already spending too much on overlapping, redundant, and underutilized security solutions.
The best security investment you can make today is to get an audit of your existing security portfolio and its integration. Being secure doesn’t come simply from paying for a security software/service license – it has to be properly integrated, configured, and monitored in order to truly keep users away from dangerous content. Due to the chronic lack of security focus and the habit of deprioritizing security for the sake of end-user comfort, many organizations find themselves in a perilous situation with cyber insurance demands.
We are seeing organizations getting compromised not because they don’t have security solutions or adequate training but because they don’t take the time to properly and fully implement the security solutions they are already paying for. An overwhelming majority of ExchangeDefender subscribers rely on less than 30% of the security features they already pay for.
Can you give us a sneak peek into some of your future plans for ExchangeDefender?
Our biggest technical investment for 2022/2023 is to make it possible to access external content (email attachments, files, messages, sites & services) in a secure online sandbox environment where dangerous content wouldn’t even have a chance to reach the user’s desktop, phone, or network.
Our biggest investment is in the area of security audits and assessments. While there is always a shiny new tool or service that promises better security, our data indicates that it’s rarely the lack of a tool, and more often the lack of proper deployment and management of sensitive information that leads to a security compromise.
We’ve helped countless businesses that have been compromised over the years and it usually comes down to neglect of security processes combined with a lack of a plan to respond and recover from a hack. Our future plans are to help organizations change that scenario because cybersecurity isn’t something you buy, it’s something you do.
To celebrate the launch of our new small business service plans, we are currently offering 30-day free trials for any service. Interested in ExchangeDefender? Please visit www.exchangedefender.com/business to request your free trial today!
4 cybersecurity stats that every lawyer should know
Cyber-attacks on the legal sector are on the rise. Legal practices are big targets for hackers due to their access to sensitive information, and severe lack of security.
Here are four statistics that ring alarm bells in the industry:
Number one: One in four law firms have experienced a security breach of some kind. Even more have had malware or viruses according to a 2019 American Bar Association survey.
Number two: Data breaches cost your local small practice an estimated average of $36,000 dollars. To put in perspective, a new legal assistant salary for the year would costs the firm about the same price. Also, at least 31% of their clients terminate their relationship with the firm afterwards.
Number three: 61% of ransomware victims in the legal sector were Law Firms in 2020. It is the highest of the legal profession, with Courts, and Legal Services coming in second.
Number four: 94% of malware and ransomware attacks were delivered by email in 2020. There are new malware and viruses being discovered every day.
The bottom line
Law firms pose a higher risk for data leaks due to their business nature of storing and sharing sensitive information. ExchangeDefender provides affordable email security, email archiving, and email continuity solutions to the legal industry. One of our largest client bases, the legal industry relies on ExchangeDefender to mitigate risks of cyber and email attacks.
Secure your law firm, explore our small business plans today!
Email Security that protects your small business
Running a business isn’t easy, and protecting your business from cyber-threats is becoming increasingly more difficult. Hackers want it all, your personal and business details, your client’s payment information, and so much more! It’s no surprise that small businesses are prime target, about 43% of SMBs lack any type of cybersecurity defense plan. That means almost half of all small businesses don’t have any (cyber) security to protect them against cyber-attacks.
ExchangeDefender PRO is our crowned jewel, our most advanced multi-layered email security suite that protects your business against email-borne threats like SPAM, viruses, malware, phishing, spoofing, and more! Small businesses have smaller budgets, and we understand that which is why our cyber security solution starts at just $5 per user, per month. Adding security to your organization would bring peace of mind as it would safeguard your business against malware and sophisticated phishing attacks. There’s simply no excuse not to protect your business. We tell our clients, if you can afford a Big Mac from McDonalds, you can afford cybersecurity.
ExchangeDefender PRO stops email-borne threats
ExchangeDefender’s powerful email security suite offers a multi-level protection against email-borne attacks. The advanced threat protection features help defend users against threats hidden in emails, attachments, and links. Approximately 90% of all cyber threats originate via email, which requires businesses to have advanced threat protection. ExchangeDefender’s email protection goes beyond the average spam and virus filtering service.
ExchangeDefender PRO prevents data loss and theft
88% of businesses suffer a data breach due to lack of proper email security protocols. Our email protection enables companies to custom their own keyword policies, along with other sensitive data (credit card numbers, social security numbers etc.) they wish to keep private. ExchangeDefender PRO offers complete enterprise-grade threat protection that can help your company defend against the most sophisticated attacks, in addition to the more traditional threats like spam, viruses, and malware.
ExchangeDefender PRO prevents account takeovers
ExchangeDefender Email Protection keeps businesses a step ahead of hackers with AI-based threat detection. Corporate Account Takeovers has costed U.S businesses millions of dollars in 2019, and therefore has become the new focus of security concerns for SMB. ExchangeDefender PRO provides the strongest defense against spear phishing, account compromise and domain fraud. It offers protection to employees from falling prey to sophisticated email-based attacks.
It’s time for you to feel safe with our full stack email security solution, compatible with all major email service providers – including Office 365, on-premise Exchange, and G-suite for business. Get Started for just $5 per user, per month!
Top 3 most profitable solutions in 2021
The most profitable ExchangeDefender solutions for 2021 will certainly not surprise you. Most of us have had to change how we work, and where we work from, because of the covid-19 pandemic. These special circumstances have caused an increase in demand for some IT solutions over others. Our recent survey data shows that our top three most profitable solutions this year focus on data security, and business continuity.
ExchangeDefender PRO
ExchangeDefender PRO is our pride and joy of our entire service portfolio. It provides clients with advanced email security that protects their organization. ExchangeDefender PRO is compatible with all major email service providers, including Outlook and G-suite for business. Email-borne threats like SPAM, viruses, malware, phishing, spoofing, and more are prevented by our all-in-one email protection. 70% of our partners this year have indicated that selling email security features, like SPAM filtering, and Anti-Virus has made their IT business profitable.
Corporate Encryption
Keeping company, and client data safe has become the forefront of security solutions this year. Hackers are on the rise, and the need to secure information is more critical now than ever. ExchangeDefender Corporate Encryption is the second best-selling solution in our service portfolio this year. Encryption enables businesses to encrypt emails simply, and share documents safely from a secure portal, or inside of Outlook with a one-click encrypt option. A whopping 83% of our partners noted in the survey that they are currently selling ExchangeDefender Encryption, or have recently added the service to their MSP business.
Live Archive
Our rising star, Live Archive has been voted ‘rookie of the year’ for its email continuity benefits. ExchangeDefender Live Archive provides organizations with email outage protection, the ability to send and receive email during a service outage. The market demand has skyrocketed for businesses that require that company email be available at all times. The continuity solution is always on, provides real-time archiving, and includes up to one year of rolling storage. Partners took advantage of the high demand, and saw an increase of new clients ready to pay for the ability to prevent email outages as they work from home. The shocking low price for the service made it a no-brainer for businesses who need to keep their organization sending and receiving email without interruption.
Due soon: ExchangeDefender DMARC Compliance
As you have noticed, DMARC is quickly becoming a requirement for reliable email delivery. On November 1st, 2021 the ExchangeDefender network will only relay and support domain names in compliance with DMARC requirements. These standards help address the risk of having the domain hijacked, used in a phishing campaign, and destroyed sender reputation.
The process takes less than 5 minutes (it’s just two DNS records) and it will make sure your mail doesn’t bounce or end up in Junk.
If you know what you’re doing, here is a quick guide:
https://www.exchangedefender.com/docs/dmarc
If you would like us to do it for you, please submit your request:
https://www.exchangedefender.com/security-lockdown
For more info, please see below:
Blog: ExchangeDefender Security Compliance
Webinar: New Email Authorization Standards (20 min)
P.S. Now would also be a great time to review your user accounts and confirm everything is correct. After November 1st, we will only be able to relay mail for known users and domains that pass DMARC (SPF + DKIM) validation.
ExchangeDefender Security Compliance
ExchangeDefender is helping our clients and partners comply with email validation & authorization requirements. DMARC (SPF + DKIM) help prevent unauthorized hijacking/spoofing of your domain name and are used by email services to separate legitimate email from SPAM.
We’ll offer assistance for SPF + DKIM
In order to assure reliable email delivery, ExchangeDefender is offering assistance with SPF + DKIM rollout from September 20th through October 20th. All domains must be brought to compliance by October 30th, 2021 in order to continue relaying mail through ExchangeDefender. We’ll even do it for you, for free.
For more information on our new email security standards, please see our DMARC webinar, and read our DMARC guide.
Every domain that uses ExchangeDefender to send or receive email is required to update their SPF and DKIM records. Failure to comply will result in having your email bounced.
How to get started:
Step 1: Contact your DNS Administrator
You will need to contact your DNS administrator or DNS hosting provider to create the following DNS records:
SPF Record
DNS Record Type: TXT
DNS Record Value: “v=spf1 include:proxy.exchangedefender.com -all”DKIM Record
DNS Record Type: TXT
DNS Record Hostname: default._domainkey
DNS Record Value: “v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkMvl3dS3g9XbhxtD16tSx/l+s0cxVv73/NCHywH2HFED61k+orBj4QY96FJcUD7MOwmwjC7Igtz5P9fVOLFoMr+d8g8c5J5OIA8Xj2ap4jsEnSF3rRrCNJDxojPvtGA1+ENwGpheHtniZG/fgVguDL+M1zXNRsYTybzKwU49tmP4RyIFIC8NEV7jqrGSVWpQSXc12JlvmLQX1J5tdnWvTR7/NGOzyth0rYP1STKj1hHU9ZVN+x8VFiumlPdpDQBMn5Bzu/Cs6pzrSHJqGBcVer4mccpnCOX9bG3sR7wU6nDIv3rvwIlfBymylcZruJvjsXZAZaameUBpgGgmibpkwIDAQAB”
Step 2: Validate your DNS records
After the DNS records are published please validate them using public tools like MX Toolbox (https://mxtoolbox.com/SuperTool.aspx) or DMARC Analyzer (https://www.dmarcanalyzer.com/dkim/dkim-checker/). Until your DNS records validate, you are not in compliance and will have issues with email delivery.
Step 3: Turn on DKIM signing
After your DNS records have been published and validated, you will need to turn on DKIM signing. Go to https://admin.exchangedefender.com, login as Domain Administrator and go to Mail Flow -> DKIM Signature.
Finally, click on Accounts and confirm that all your email addresses are listed and associated with appropriate users.
We’d love to help, if you’d like us to take care of this for you free of charge please fill out this form:
https://www.exchangedefender.com/security-lockdown
[WEBINAR] How to: Comply with new email authorization standards
Welcome to 2021: Comply with the industry security standards or your mail gets bounced.
Believe it or not, that’s the best case scenario: When you actually know your email wasn’t delivered.
Most of the time, though, your sender reputation is scored by internal/proprietary lists and the message is just moved to trash. Worst case scenarios – where hackers are using your domain and email address as impersonations (to launch attacks) or to fool internal employees.
ExchangeDefender has always provided technology and policies to help manage this, but few of our partners have fully adopted it. We have been seeing an escalation in attacks over the past year and it’s only a matter until these security gaps are exploited.
We don’t want to see that happen to you. It is important enough that we are willing to help tighten your security and deploy auth protocols on your behalf, free of charge. Only catch is, it has to be completed by October 31st, 2021.
Too good to be true? Tune into our webinar next Thursday to get the specifics about what needs to be done and how. We will be covering:
– Best practices for email deliverability
– Required DNS records for SPF & DKIM
– Review of domain security policies
– Email delivery troubleshooting
Please register for the webinar:
XD Security Standards Compliance
Thursday, September 16, 2021 (Noon EST)
https://attendee.gotowebinar.com/register/3868159289922543632
We cannot overstate the importance of getting this done. ExchangeDefender (and practically everyone else) will no longer relay mail beyond 2021 without valid email authorization DNS records in place. Don’t wait until December and face expensive consulting contracts, we can handle this for free now and it will take less than 10 minutes of your time. That is how committed we are to keeping you secure and your email arriving where you send it, in the Inbox, every time.