Security

The healthcare industry has seen a sharp increase of data breaches since the onset of Covid-19. As we encouraged minimal in-person interaction to minimize the spread, the rise of Telehealth services grew 46% in 2020. It is known that the medical sector has been slower than others when it comes to leveraging new technology. The lack of data security is apparent as 89% of healthcare providers have suffered some type of data breach within the past two years.

So, what’s the deal? Why is the healthcare industry such a big target for hackers?

The healthcare sector mainly consists of businesses that provide medical services, create medical equipment, and develop the drugs that fill our prescriptions. It is a gold-mine for big data that contains sensitive information about patients like date of birth, addresses, medical records, and so much more. Hackers target the industry with data breaches and ransomware to gain full access of medical information of millions of people. 41% of Americans have had their protected health information or PHI exposed in the last three years. The sector’s biggest challenge is managing and securing large volumes of sensitive data. It is extremely difficult to minimize security breaches, and reduce cyber theft when security is not seen as a priority.

Struggling with strict compliance standards

The nature of information that the healthcare industry collects, is subject to some of the strictest data privacy and compliance standards. Healthcare is unique as it manages large volume data that is constantly changing. Complying with data security standards is a major struggle for healthcare as they use Electronic Healthcare Records (EHR), and adopt new cloud technology. Patient EHRs enable doctors to treat via telehealth, and share data digitally which is encouraged by the HITECH act. Unfortunately, many hospitals and clinics have not implemented a secure method of sharing this information which does not fulfill HIPAA standards.

No security training leads to user errors

This is the fact of life, right?  Users cannot manage something effectively without understanding how it works. Approximately 90% of data breaches in 2019 were caused by human error, a drastic increase from 61% two years prior. In general, human error is the leading cause of data breach within an organization. For healthcare, about 40% of employees have received no cybersecurity training whatsoever. This lack of security training is costing the medical sector millions of dollars in damages per year, with the average record stolen costing about $400 each.


Empower medical professionals to implement Encryption software

Healthcare professionals can easily send and receive secure messages with ExchangeDefender Corporate Encryption. Personnel can communicate sensitive data with confidence using a powerful, user-friendly web interface that can auto-detect personal identifiable information (PHI) like patient names, date of birth, lab test results, medical bills, and more! It can prevent accident data leaks by triggering custom policies that the organization creates based on security standards. Using Corporate Encryption will automatically help medical workers comply with HIPAA and HITECH regulations.

Interested in a free trial? Contact us today!

ExchangeDefender’s Corporate Encryption solution is our rising star, and has become our best-seller for 2020. Recently, we loaded the original Encryption product with tons of new features, and relaunched it as a multichannel encryption software for small business. It is the first of its kind. Now, users can easily send and receive encrypted messages by email, url, or sms.  

Service Highlights and Selling Points

Corporate Encryption features a powerful web interface for desktop and mobile, and can provide on-demand encryption using any email software out there.

One-click encryption is a major highlight with a custom addin available for both Outlook and OWA.

The software boasts powerful policies functionality with custom encryption options like automatic expiration and message destruction.

Corporate Encryption can also auto-detect sensitive information without human intervention. It recognizes patterns like account numbers, SSNs, and DOB. Plus, the service provides even more control with lexicons (keyword matching), and dictionaries.

Talk about advanced, the software also includes a Compliance Officer interface that manages violations of policies on an organizational level, increasing the COs control of sensitive data.

To see all of Corporate Encryption’s features, click here.

The Special Offer

Signup new clients to our Corporate Encryption service, and get the first month free. We’re currently running a special offer to encourage our partners to sell, as well as help boost 2021 revenues altogether. The first month is free with no charges from us, which means partners can make full profit off of the new users.  If you have any questions, please do not hesitate to submit and support ticket. We would love to help you seal the deal, here are a few protips we have to offer:

Tip #1: Partners can also add a one-time onboarding fee for the added users which would increase the profit even more.

Tip #2: The (general) market price for Encryption ranges from $4 to $10 per user, per month. Selling our service would offer a generous profit per user as we are offering it for under $2.

Tip #3: Access our sales and marketing collateral for Corporate Encryption to help seal the deal. For any questions, please contact us.

Special offer expires 06/30/21   

There are tons of Antivirus software to choose from and finding the right solution for your business can be complicated.  ExchangeDefender can help in assisting SMBs to make the right decision. 

What makes a good Antivirus?

Any Anti-virus will do just that, to some degree, that is to fights viruses and other malicious software.  Maintaining your personal identification and safeguarding your privacy goes well beyond standard virus protection.  SMB’s must understand the difference between an average antivirus protection and outstanding antivirus protection. Don’t rely on just the antivirus that’s built-in to your computer applications.

The difference between good and GREAT

What makes a great Antivirus? A multithread and multi-layered protection approach scanning incoming data.   Remember extra, matters – especially if they are within budget.

A few must-haves when selecting Antivirus protection:

  1. Real-time Protection against viruses, trojans, malware, spyware, and adware.
  2. Cloud based, User control, Firewall protection
  3. An Antivirus that works well with others, i.e., MaC, iPhone, and Android
  4. Attachment blocking and attachment policy management
  5. Stops identity theft by blocking phishing attempts

This is where ExchangeDefender comes in with our top-selling advanced security suite known as ExchangeDefender PRO. ExchangeDefender possesses enterprise-grade email security suite offering multi-level protection against email-borne attacks. It not only provides exceptional virus protection, but also, phishing, spoofing, attachment blocking, Fraud prevention and so much more.

Our commercial antivirus engines use up to six antivirus engines to scan each incoming message

Cyber attacks continue to rise in 2021

Cyberattacks are here to stay and data breaches are on the rise as we come into the new year, affecting business owners with financial loss, brand damage, and legal ramifications.  It is imperative for businesses of all sizes to prevent data breaches.  ExchangeDefender’s high Throttled Malware & Trojan Control – has a built-in identification system that tracks the message & attachment MD5 checksums and responds by temporarily delaying messages that match the bulk-mail criteria. 

Malware Attachment Filtering & Sanitation is a must – The days of text-only SPAM are long gone. Today SPAM is distributed as a PDF, zip file, image, even an audio file! At the same time, we use our email as more of a file sharing mechanism than a communications platform. Subsequently, it is essential to understand the attachment type and what type of a threat it poses. ExchangeDefender analyzes attachments on multiple layers, using checks for file names, file types, MIME headers and archives to properly protect you from all dangerous content. 

From a business perspective, your brand reputation could be on the line, a solid Anti-virus software service would prove essential to protect your company’s, files, systems, and sensitive data. 

To learn more about ExchangeDefender’s advanced email security suite,
please click here.

ExchangeDefender Email Encryption is a service that helps you control and distribute sensitive information. There is no shortage of solutions that help comply with the alphabet soup of regulatory requirements that help mitigate data leakage – the real challenge is making people that rely on encryption to be more productive.

We spoke to thousands of our users, across industries, to gain understanding for how they use the service and what would make it optimal. Here is their wishlist, delivered:

Encrypted Messages are about more than email

While Email Encryption services were designed to automate encryption of email that contained sensitive information, the practical use for email encryption is simply to securely deliver and track access of those messages. Depending on the urgency, sensitivity and the receiving party, ExchangeDefender’s Advanced Encryption Options make it possible to customize how long the message is available for, if the recipient needs to enroll in the service or simply click to view, who should be notified of message delivery/receipt/read status, and more.

ExchangeDefender is the only Email Encryption solution to feature multi-channel delivery of sensitive content. Simply put, organizations no longer only share data via email. Companies are now texting more than ever, as well as leveraging different portal and chat solutions to which sensitive content can be attached. ExchangeDefender enables you to send encrypted messages – automatically based on content or by your custom preference –  but you can send it as an email, as an SMS/text message to a mobile phone, or as a URL link pasted on Facebook/Slack/Teams or any web or social media property.

Simply put, when you need to know that it got there securely and what they did with it afterwards, ExchangeDefender has the policies, processes, and automation to make it possible and simple.

Encryption isn’t an IT / CCO problem, it’s a business challenge

No software to install. No need to change any DNS records or move your email hosting. No devices or appliances to maintain or support. It takes just a few minutes to sign up for ExchangeDefender Corporate Encryption, add your users, and set the default corporate encryption policy and suggested lexicons/pattern searches to keep everyone secure. In minutes, IT’s job is done.

The real encryption challenge is with the people that rely on encryption to get things done. Staff that sends out hundreds of encrypted medical records each day. Staff that communicates sensitive financial information between multiple organizations. Staff that is more concerned about the message getting to the intended recipient that can easily access it – or they become the front line IT support for every recipient that can’t view the message, didn’t get the message, or worst case scenario, message was sent to the wrong party (you can revoke it at any time).

ExchangeDefender approaches the business challenge by helping the sender customize the environment and save settings to eliminate repetitive work.

Outlook or Outlook Web App

ExchangeDefender Corporate Encryption comes with an Outlook and OWA add-in product that adds buttons to the Outlook/OWA ribbon. Safe delivery of sensitive information is really just a click away: just click on encrypt. This approach removes the need for the web interface entirely, and follows the default encryption policy as defined by your IT and Chief Compliance Officer.

Activity

Most of encrypted email work is related to message delivery: When you want to know that they got the message and what they did with it. With traditional offerings this is a painful process of searching through tons of email notifications – but ExchangeDefender takes that a few steps forward.

ExchangeDefender Corporate Encryption features a powerful Activity tab that enables users to see live activity across all the messages they’ve sent recently. For example, if you’d like to know whether the recipient attempted to print or forward a message you restricted them from printing or forwarding, you’ll find an alert on the Activity page. If you send a ton of mail, our powerful search will help you define the actions you’re looking for, search for a specific time period, or just search by text/subject. From there you can export it to Excel, PDF, CSV, or just print out the report.

If you don’t send a lot of messages or dislike constant email notifications from encryption services, we’ve got you covered as well. ExchangeDefender features a weekly email report that shows you all the messages you sent and the associated activity.

Management Default Policies

ExchangeDefender makes it really simple to define a corporate security policy that automates the encryption of sensitive information. Whether you want to screen for standard personally identifiable information (PII), or use one of the predefined lexicons for a number of industries, or you want to define a default corporate policy to keep all users secure, ExchangeDefender has you covered.

Sender Policies

ExchangeDefender keeps its users productive by eliminating the user interface clutter – a byproduct of a highly flexible and customizable interface. Sending an encrypted message is simple and requires no training by design, the entire process is obvious and intuitive.

To be productive, you will need to rely on some of the more advanced features of ExchangeDefender Encryption that help control notifications, message rights, message age, and additional security requirements. ExchangeDefender allows you to save your policy customizations as a new policy, so that all the settings you configured can be reused and reapplied with just one click, on demand.

The Encryption Opportunity

The purpose of email encryption is to help automate the encryption of sensitive information. ExchangeDefender excels at this requirement with domain policies, lexicons, advanced pattern searches, and custom policies.

There is a lot more to encryption when you consider the people that rely on it to do their job – and ExchangeDefender offers Outlook/OWA addins to make encrypted email as simple as a mouse click. From there we provide powerful Activity reports in the encryption portal that allows you to search for messages, activities, and even filter down to the right time frame. Because encryption isn’t only about sending – it’s about knowing that the message was received securely – you can create custom reports that can be printed, saved, or exported to Excel.

Ultimate opportunity is in realizing that message encryption needs to evolve with how we work. Covid-19, office closures, physical distancing, and reducing touch points has made us all rely on social media, chat platforms, portals, and social media to communicate with our coworkers, partners, and clients. We now share sensitive information via email but also over the web and via text/sms to mobile devices. ExchangeDefender supports them all, secures them all, and enables secure productivity.


It’s easy to see why Corporate Encryption is our most popular product, please submit a ticket for a free trial.

ExchangeDefender Encryption enables organizations to securely send, receive, and manage confidential email, providing an easy, seamless way to implement content protection. ExchangeDefender uses bank-grade Encryption with 256-bit keys, to secure all encrypted emails.

We are proud to announce the brand new interface and full feature functionality and reporting for ExchangeDefender’s Corporate Encryption.

Let’s take a quick tour!

Encryption Dashboard

This is Corporate Encryption’s brand new dashboard view. It is the first page you see after logging in. Your recent messages and recent portal activity is available on your dashboard.

Encryption Inbox
Compose a New Message

You can access your messages by tapping the Inbox tab. You can compose an encrypted message from this page. Encryption offers two levels of encryption, categorized by ENCRYPT and CLEARENCRYPT, and encrypts all email and attachments on every server where they reside.

Message View
Replying to a Message

The new web interface is sleek and modern, we have minimized the number of pages you visit to get things done. Finally, same page, one-click and done. You can select a recipient or a group to send the message to, the level of encryption, and even attach files.

Create a New Group for your Contacts.
Group’s List / Create a New Group
Contacts List / Create a New Contact

Encryption enables you to create groups for contacts list to make it easier and faster for you to communicate with your most popular contacts. You can add as many groups and as many contacts as you like. By clicking your Contacts tab, you can create a new contact, and you can access information on all of your important clients.


To access ExchangeDefender Corporate Encryption, visit encryption.exchangedefender.com or login to your ExchangeDefender Admin portal > Quick Launch > Encryption

What is Phishing?

In recent years, spear phishing attacks have been on the rise, and have costed American businesses millions of dollars per year in time and resources.

Phishing is a fraudulent attempt via email to obtain sensitive information like username, passwords and credit card details. This type of attack is tricky because the phishing email appears to be from a trustworthy entity like Netflix, or Apple for example.

Furthermore, the phishing email typically has a call to action, and directs the user to a website via a link within the email. This website then asks the user to update personal information – and boom, your information now is in the hands of hackers.  

According to a recent study by Verizon (2019), over 80% of security compromises start with a spear phishing email. ExchangeDefender can help you eliminate spear phishing threats or just provide notifications to your users when they get tricked into clicking on a link leading somewhere dangerous.

The solution: ExchangeDefender Spear Phishing Protection

ExchangeDefender provides the most sophisticated and most comprehensive real-time protection from email phishing threats through ExchangeDefender Phishing Firewall, External Sender flagging, real-time databases of safe and dangerous sites, and flexible phishing content handling policies.

The Basics:

1. ExchangeDefender’s phishing protection works on every device that is wifi-enabled with the ability to receive email.

2. There is no download or installation required for the security feature.

3. Our email spear phishing protection enables you to whitelist and blacklist email addresses and domains.

Spear Phishing Protection Highlights:

Phishing Firewall

ExchangeDefender rewrites the URL of links in HTML emails and redirects you through our cloud filtering service that can alert or block threats you may inadvertently click on. (Learn More)

Flag External Emails

ExchangeDefender modifies the subject of messages received from outside of your organization, so nobody can ever mistake a message from external source or a coworker. ([EXTERNAL])

Blacklist / Whitelist

ExchangeDefender Phishing Firewall allows organizations, domains, groups, and users to maintain a list of safe and dangerous web sites, to which traffic should be allowed to pass or be blocked.


To learn more about ExchangeDefender’s Email Phishing protection and how it works, click here.

You can also explore our advanced email security suite that includes phishing protection, and so much more!


ExchangeDefender has been seeing an elevated amount of malware originating from hacked Exim mail servers. While we tend to score those messages higher by default to keep our clients protected, one of our clients discovered a scenario in which a user could get a dangerous payload through our scanners (requires multiple manual steps and a sophisticated recipient with imaging software willing to go through multiple hoops). Which this is exceptionally unlikely, we wanted to address a few of the topics anyhow.

1. CIOs, MSPs, and Domain Administrators can manage attachment policies

If you go to https://admin.exchangedefender.com and login as the Domain Administrator, you can manage attachment policies under Configuration > Attachments. You can find more about ExchangeDefender configuration at https://www.exchangedefender.com/docs/domain#configuration

2. We do not deep-scan file system images (.iso/.img)

As a policy we do not deep scan .iso or .img file system images. The files themselves are scanned for both malware, viruses, and other parameters (for example, if someone renames a .exe to .img, or embeds malware in one we will still filter it out) but we will not mount file system images and go through each file inside. This is not a popular attack vector (requires multiple actions by the user and most will require Administrative access and specialized software) but it is technically possible.

3. You should implicitly distrust anyone on hacked Exim servers

ExchangeDefender cannot globally block Exim servers (because there is always going to be that one “business case scenario!!! we cannot block our $2 cPanel VPS!”) but if you can possibly block them – by all means do. While this is generally not necessary (ExchangeDefender maintains a proprietary list of pwn3d Exim servers and routinely moves them to SPAM or SureSPAM), it’s a good idea not to accept any mail from these servers at all.

4. You should implicitly junk SPF failures

Same as #3, it’s a really good idea if you have the luxury of not dealing with people that shouldn’t be running an email server. ExchangeDefender tracks SPF failures and notes them in the headers that can be used to aggressively filter out messages sent out from invalid ranges. Just look for a “Received-SPF: softfail” in the message headers.

Received-SPF: softfail (inboundXX.exchangedefender.com: domain of transitioning postmaster@gmail.com does not designate 67.82.55.11 as permitted sender)

What this means is that the organization has designated an IP range that legitimately relays messages, and this message came from an IP address outside of that range. 99.99999% of the time it’s a spammer. 0.00001% of the time it’s just a poorly configured server. It’s your choice to assess the risk and implement this if possible and we recommend it.

Finally, if you are actively monitoring security and communicating with your clients, we do manage a NOC site that logs major issues at https://www.anythingdown.com. If you’re one of our MSP or enterprise clients, you also have a branded version of this software free of charge at https://www.xdnoc.com that you can attach your domain name to and offer these alerts to your clients without copying and pasting around.We hope this helps and we appreciate your trust in keeping you safe online.

For more information, please see our ExchangeDefender Guide for Domain.

Our last webinar announced our strategy for expanding the level of protection we offer to our ExchangeDefender users that goes far beyond just email. Our three-pronged approach will now include software, services, and training. We are best known for our email security service “ExchangeDefender” but as the email threats escalate in frequency and evolve in complexity, it is time to add a software component.

Over the past decade we have been developing Wrkoo (codename: “Shockey Monkey”), a business management solution centered around helpdesk and service delivery. As that product has grown to better manage accountability and task tracking, it became a perfect solution for us to use to help our ExchangeDefender users be more secure. Specifically, ExchangeDefender knows about your preferences and security policies – Wrkoo has the capabilities to help your entire organization work better together to create a more secure environment. You will see this distinction and the advantage in action later this week when we announce the Password Vault.

Our implementation is very simple and straight-forward. Every ExchangeDefender Pro protected organization will get it’s own Wrkoo portal (ex: https://exchangedefendercom.wrkoo.com) absolutely free of charge. All the users in ExchangeDefender will automatically be added to the Wrkoo portal and same login credentials will work on both sites.

As we add business-level features that help improve user security, they will be available via https://admin.exchangedefender.com portal under the Shortcuts dropdown (same place you find your Web File Server, LiveArchive, ComplianceArchive, Encryption, etc) as well as via direct login to the Wrkoo portal. This will help our clients quickly navigate between their files, passwords, archives, and all other services.

ExchangeDefender admin portal has been designed from the standpoint of email security and corporate policy enforcement and it is very quick, efficient, and easy to use. Once you look at securing your business beyond just SPAM filtering, things get complex and importance shifts to communication, training, and overall awareness. These are the areas that Wrkoo shines at through its calendars, tasks, tickets/cases/issues, knowledge base, and the ability to help the entire organization communicate and be on the same page. It really is a perfect medium to help everyone in your business manage their information in a more secure and practical user -friendly way.

Our mission remains the same: to keep you safe online. As the threats evolve and management of compliance, reporting, audits, and training becomes more complicated – our solution is there to help you scale and address those issues without spending more money. ExchangeDefender and Wrkoo are here to make that possible.

As noted nearly two months ago, ExchangeDefender is starting Automated ExchangeDefender Provisioning. In the long, long ago when everyone ran their own Exchange servers, ExchangeDefender offered XDSync to automate creation of ExchangeDefender users as soon as they were added to the Active Directory.

Fast forward to 2019: Few people still run their own Active Directory and most users are now on cloud-based email services that don’t use Active Directory. This puts a burden on our CIO/MSP/IT personnel that has to manage users manually – so we solved that problem with ExchangeDefender. Here is the user experience.

Automated Provisioning – User Experience

When ExchangeDefender detects a new email address from your domain sending outbound mail, it will automatically provision the account for you. This way nobody has to deal with the account management and maintenance, nor do they have to filter and audit the list as local accounts, distribution groups, etc do not send out external emails anyhow. If they do, from the licensing standpoint, it’s treated as a user. When we detect a new user, they get this email:

The email contains branding and contact information of an MSP if the client is managed by an MSP. Otherwise, only the domain administrator and ExchangeDefender basic contact info is provided.

At this point, the user is added and configured for ExchangeDefender services according to the domain defaults the IT department configured for this domain.

Clicking on the “Complete Enrollment” button takes the user to the website to setup basic settings. This part is actually VERY cool and something our clients have been begging for – something that shows the user how to actually use the product.

The enrollment wizard is only 2 steps long and gets the essential settings that 99% of users change.

Setup your password, tell us what to do with SPAM, tell us what time you want the email report (if enabled by CIO/MSP/IT) and that’s it – user is done. We’re also working on additional customization/templating of the welcome emails which should be launching later this year.

Over the past year we’ve been introducing enterprise security measures to help protect our clients from an increasing volume of attacks. Email is the single most abused gateway for email threats – with 91% of corporate breaches starting through email – and it’s only getting worse.

If you’ve used Yahoo, MySpace, or hundreds of popular free web sites (go to https://haveibeenpwned.com/ to see how/who exposed your data) your credentials and other information is available on the web. Hackers are using these passwords and personal information to guess their way into other sites that haven’t been breached – so if you use the same or similar password (or only change the site id, or one number or letter to make it different) then you’re making it very simple for hackers to get into your account.


And we get it. Dealing with security, passwords, and locking down online services is time consuming. But as the company whose main purpose and mission is to keep you secure – we want to help save you time and make it easier for you to be secure.

For the details on all the stuff we’ve got coming in September, we’d like to invite you to our webinar:
    ExchangeDefender Security Upgrade
    Tuesday, September 10th, 2019
https://attendee.gotowebinar.com/register/6898777257651237900

In the meantime, we’re going to help our partners and clients not make things “stupid easy” for hackers – by globally resetting ExchangeDefender passwords that are older than 1 year. We’ll do this on September 1st, in a very minimally intrusive way, and for those that don’t use ExchangeDefender on the daily basis (and mainly just release SPAM from quarantines) the password change won’t affect them.

Using an OTP/2FA or VPN services or all the free features that are built into ExchangeDefender to keep you secure is obviously our preferred way but as we’ve noted – the realities of SMB concern for IT security – so we need to try something else. We really hope our partners and clients can take the time to attend the September Webinar, as we believe the stuff we’ve built will help lock down your organization and make security manageable again.