ExchangeDefender Blog

Data Security

The importance of data security has catapulted to the forefront because of the fast-moving, unforeseen Covid-19. The pandemic caused most office workers to work from home for months, and required many organizations to build remote workflows. Remote working has offered prime opportunities for hackers to take advantage of unsecured data. The safety of confidential information in the remote workforce is becoming increasingly difficult to achieve without the proper security tools, (which most businesses lack).

ExchangeDefender Corporate Encryption is the perfect solution for organizations that need to secure their company data. Employees are able to encrypt emails simply, and share documents securely with Encryption. (Ask for a demo!)

Skilled Employee Shortage

Yes, we’re in the middle of a talent shortage. Businesses are experiencing a lack of skilled employees as the pandemic, and the Great Resignation movement continues to rage on. The IT department in many businesses are suffering, with 93% of employers reporting an overall skills gap. Staffing issues in IT are creating disruptions in other parts of the business as well – making increasing productivity a dream rather than reality.  

There is an opportunity for MSPs to offer IT services that organizations are unable to fulfill inhouse due to staffing. Services like cybersecurity, data storage, encryption, and disaster recovery are in very high-demand since the beginning of the pandemic. Offering businesses services that are mission-critical, and that can guarantee work productivity or continuity is vital!

Uncertain times

The COVID-19 crisis brought most businesses to a near stand-still causing major stress to business owners, and corporate CEOs alike. The future is uncertain, but what we can do is actively factor in future trends into our business growth goals. This means focusing on what the market needs (like providing solutions related to trends that are exploding), and on your customer base. The best data you have is from your current clients. Look for similarities, ask them questions along the way.

Cybersecurity threats increasing

Approximately 2,200 cyber attacks happen every day, which means every 40 seconds, a hacker gains unauthorized access to information. Company data has become one of the most valuable assets of a business. Data breaches continue to rise as hackers take advantage of vulnerabilities, particularly within the remote workforce. 68% of business leaders feel their cybersecurity risks are increasing.

The most common way of cyber-attack is through email, and every business is susceptible. 94% of malware is delivered by email, and about 50% of malicious attachments are Office files. The pandemic has brought in a new wave of cyber attacks with Phishing. In fact, 1 in 13 requests lead to malware – making it increasingly difficult to discern what is real, and what is not. Human error is driving data breaches, and organizations need to implement security measures to ensure the safety of their people and data. (Explore ExchangeDefender PRO)

Business Continuity / Disaster Recovery

When the COVID disaster first occurred, businesses realized that they did not have an active business continuity plan. This is a plan that details what to do in the event that a disaster, natural, or otherwise happens.  We have experienced a significant increase in demand for email outage protection, archiving, and file sharing services. Businesses have the challenge of making sure they can still operate as usual despite disruption, or public health crisis. Organizations that take advantage of solutions that empower productivity from work or home will experience the least amount of interruption.

The healthcare industry has seen a sharp increase of data breaches since the onset of Covid-19. As we encouraged minimal in-person interaction to minimize the spread, the rise of Telehealth services grew 46% in 2020. It is known that the medical sector has been slower than others when it comes to leveraging new technology. The lack of data security is apparent as 89% of healthcare providers have suffered some type of data breach within the past two years.

So, what’s the deal? Why is the healthcare industry such a big target for hackers?

The healthcare sector mainly consists of businesses that provide medical services, create medical equipment, and develop the drugs that fill our prescriptions. It is a gold-mine for big data that contains sensitive information about patients like date of birth, addresses, medical records, and so much more. Hackers target the industry with data breaches and ransomware to gain full access of medical information of millions of people. 41% of Americans have had their protected health information or PHI exposed in the last three years. The sector’s biggest challenge is managing and securing large volumes of sensitive data. It is extremely difficult to minimize security breaches, and reduce cyber theft when security is not seen as a priority.

Struggling with strict compliance standards

The nature of information that the healthcare industry collects, is subject to some of the strictest data privacy and compliance standards. Healthcare is unique as it manages large volume data that is constantly changing. Complying with data security standards is a major struggle for healthcare as they use Electronic Healthcare Records (EHR), and adopt new cloud technology. Patient EHRs enable doctors to treat via telehealth, and share data digitally which is encouraged by the HITECH act. Unfortunately, many hospitals and clinics have not implemented a secure method of sharing this information which does not fulfill HIPAA standards.

No security training leads to user errors

This is the fact of life, right?  Users cannot manage something effectively without understanding how it works. Approximately 90% of data breaches in 2019 were caused by human error, a drastic increase from 61% two years prior. In general, human error is the leading cause of data breach within an organization. For healthcare, about 40% of employees have received no cybersecurity training whatsoever. This lack of security training is costing the medical sector millions of dollars in damages per year, with the average record stolen costing about $400 each.


Empower medical professionals to implement Encryption software

Healthcare professionals can easily send and receive secure messages with ExchangeDefender Corporate Encryption. Personnel can communicate sensitive data with confidence using a powerful, user-friendly web interface that can auto-detect personal identifiable information (PHI) like patient names, date of birth, lab test results, medical bills, and more! It can prevent accident data leaks by triggering custom policies that the organization creates based on security standards. Using Corporate Encryption will automatically help medical workers comply with HIPAA and HITECH regulations.

Interested in a free trial? Contact us today!

Most common IT challenges for lawyers in 2021

The legal industry is what we, in the tech industry, call ‘late adopters’ when it comes to modernizing their business with newer technologies. Traditionally, legal professionals were not very tech-savvy, and were dependent heavily on the physical handling of documents. Now is the time to spread awareness of the technologies that are available to the legal industry to prepare present lawyers, and future generations of lawyers with the most appropriate technologies. Let’s explore the most common IT challenges that today’s law firm are currently experiencing, and ultimately help suggest the right solutions they need to empower their practice.

Data Leaks

Data leaks or “data breaches” are the most common result of cyber-attacks. A data leak happens when a hacker has accessed sensitive information of a company, and in many cases, has released the information into the public domain without permission.  

The legal industry is a prime target for hackers because of the nature of their business. They deal with sensitive, and confidential information on a daily basis. Due to the lack of security used by many law firms, it is easy for hackers to perform data breaches via malware, phishing, and even denial of service. An email security suite like ExchangeDefender PRO would protect a law firm from email-borne attacks, phishing attempts, and would most definitely prevent data leaks.

Phishing Scams

Phishing attacks have taken over the internet in terms of being the most popular form of cyber-attack. It is the most common way for hackers to win your sensitive information. In fact, Verizon’s most recent Data Breach report claimed that 70% of data breaches involved Phishing.

A phishing scam is when a hacker sends a fake email that appears to be coming from a trustworthy company. The user clicks on the link inside of the email, is presented with a fake landing page, and is deceived into entering their login credentials, or credit card information.

Document Management

Overcoming document management challenges are a major struggle for law firms as the industry has been extremely dependent on physical document copies. The accumulation of these documents as records are proving disastrous for legal practices that have been in business for years. ExchangeDefender’s Web File Server solution would take care of any document management issues. It offers unlimited storage, is extremely secure, and can provide limited access to a lawyer’s clients for seamless collaboration.  

Compliance

Compliance is a major issue for law firms when it comes to the technology aspect. They are responsible for ensuring that their IT solutions are secure enough to keep data safe, and is secure enough to prevent a data breach. This is difficult when many firms do not currently use an advanced email security suite. As cybersecurity providers, it is our duty to keep law firms safe and to ensure that they adhere to state, federal, and international regulations.    

At ExchangeDefender, we are unique just like our clients. Our team members are all from different nationalities, backgrounds, and expertise.

We do not aim to offend or demoralize any individual or groups, unless they are spammers or hackers. 🙂

Some of the industry standard terms used in the backend, that have been part of IT for decades, may sound offensive to clients in the modern workplace. Non-technical clients who are not accustomated to traditional IT terms are rightfully shocked when they see terms like “master-slave replication”, “whitelist”, and other similar racially sensitive wording.

SPAM filtering and email security should not be offending our clients so we’ve gone through an audit of our web site, our portals, our mobile apps, and our backend in an effort to rephrase some of the industry terms that may be offensive. 

Our client base has changed over the past 24 years, (our services are predominantly used by non-technical staff) and this was a part of our larger effort to make ExchangeDefender more user-friendly. 

We want to make our services more accessible for users that have never used ExchangeDefender, or an enterprise security software; you will see fewer IT acronyms. Instead, we’re rephrasing our services to sound like spoken English, for example: To block senders from sending you SPAM you will now add their address to a “Block list”.

The most profitable ExchangeDefender solutions for 2021 will certainly not surprise you. Most of us have had to change how we work, and where we work from, because of the covid-19 pandemic. These special circumstances have caused an increase in demand for some IT solutions over others. Our recent survey data shows that our top three most profitable solutions this year focus on data security, and business continuity.

ExchangeDefender PRO

ExchangeDefender PRO is our pride and joy of our entire service portfolio. It provides clients with advanced email security that protects their organization. ExchangeDefender PRO is compatible with all major email service providers, including Outlook and G-suite for business. Email-borne threats like SPAM, viruses, malware, phishing, spoofing, and more are prevented by our all-in-one email protection. 70% of our partners this year have indicated that selling email security features, like SPAM filtering, and Anti-Virus has made their IT business profitable.

Corporate Encryption

Keeping company, and client data safe has become the forefront of security solutions this year. Hackers are on the rise, and the need to secure information is more critical now than ever. ExchangeDefender Corporate Encryption is the second best-selling solution in our service portfolio this year. Encryption enables businesses to encrypt emails simply, and share documents safely from a secure portal, or inside of Outlook with a one-click encrypt option. A whopping 83% of our partners noted in the survey that they are currently selling ExchangeDefender Encryption, or have recently added the service to their MSP business.

Live Archive

Our rising star, Live Archive has been voted ‘rookie of the year’ for its email continuity benefits. ExchangeDefender Live Archive provides organizations with email outage protection, the ability to send and receive email during a service outage. The market demand has skyrocketed for businesses that require that company email be available at all times. The continuity solution is always on, provides real-time archiving, and includes up to one year of rolling storage. Partners took advantage of the high demand, and saw an increase of new clients ready to pay for the ability to prevent email outages as they work from home. The shocking low price for the service made it a no-brainer for businesses who need to keep their organization sending and receiving email without interruption.

We are stepping up our game when it comes to ExchangeDefender support, making it faster and easier to get answers and support when you need it, how you need it.

It’s no secret that we’ve spent most of our Covid-19 time improving the user experience and making our products and services easier to use, manage, and support. We’ve upgraded documentation, our portals, our web sites, and even created automated troubleshooting apps that help you fix issues without waiting on or dealing with support.

Starting Wednesday, October 6th, 2021 the support experience will change for the better as well. Our primary goal with this update is to speed up the resolution time (time between problem being reported and it being fixed). We’re trying to create a more predictable and flexible way getting help from us regardless of how technical you are.

Enhancements

Sidebar

Over 80% of our support requests are answered by pointing users to documentation. With that in mind, we’ve redesigned the process to better identify the service, issue, and the user that is experiencing the problem. The system automatically reviews everything as you’re opening the ticket and advises if there are known issues with your account/configuration, and provides links to documentation and fixes. We expect this to be very popular with our growing service providers (we’ll train your staff for you!)

Collateral

If everything appears to be correct (we cannot replicate the issue remotely and the issue is on the client device or network that we do not have access to), the ticket process will immediately ask for additional collateral and troubleshooting info. The goal here is to collect enough information to get the issue addressed right away instead of going back and forth.

We also tried to strike a balance across our client base when it comes to technical expertise and urgency. If you have a problem that is urgent and you want us to drop everything to help you – we can do it! If you’re not very technical, or not in a rush, or don’t have the time to do diagnostics – we can help.


Summary

We’re been quite busy during Covid-19 lock/slow-down and we wanted to do something to improve the experience and quality of our technical support. The new system puts you in control of the support. You choose how urgent the issue is, how much diagnostic information you provide, and the service level you need. We’re going for a win-win with this release: giving you more control, more access, more flexibility, more documentation – and a faster resolution time for the end user.

As you have noticed, DMARC is quickly becoming a requirement for reliable email delivery. On November 1st, 2021 the ExchangeDefender network will only relay and support domain names in compliance with DMARC requirements. These standards help address the risk of having the domain hijacked, used in a phishing campaign, and destroyed sender reputation.

The process takes less than 5 minutes (it’s just two DNS records) and it will make sure your mail doesn’t bounce or end up in Junk.

If you know what you’re doing, here is a quick guide:
https://www.exchangedefender.com/docs/dmarc

If you would like us to do it for you, please submit your request:
https://www.exchangedefender.com/security-lockdown

For more info, please see below:

Blog: ExchangeDefender Security Compliance

Webinar: New Email Authorization Standards (20 min)

P.S. Now would also be a great time to review your user accounts and confirm everything is correct. After November 1st, we will only be able to relay mail for known users and domains that pass DMARC (SPF + DKIM) validation.

Download your ExchangeDefender digital assets today!

Our marketing team has just released a collection of digital assets made specifically for our ExchangeDefender partners. The new marketing collateral was created to provide our clients an easy way to promote Exchangedefender services online, particularly via their social media channels.

What is a digital asset?

A digital asset is Marketing’s fancy way of saying “any design that is in digital format”. Digital assets are created electronically, and come with a right to use, this means you can share them at your discretion. The top five most common types of digital assets are images, PDFs, videos, presentations, graphics, and audio files.

The collection of social media posts is available on our Marketing page, and is free of charge. Further, on this page – you’ll find tons of marketing collateral that is ready to be downloaded immediately. Each of our solutions has a data sheet available that provides an overview of the service for you to share with your clients. Additionally, if you would like to have your marketing collateral branded with your own company logo, you can submit a marketing request.

How to use

There are plenty of ways to share the new social media posts. We have taken all of the hard work out of promoting our services via facebook, twitter, linkedin, instagram and more! You can see from our own facebook page (@exchangedefender) that we share these types of posts every day. We also use these designs inside of our newsletters to highlight particular services, or features. (ExchangeDefender uses constant contact for email newsletters, you can also use mailchimp as well to accomplish the same thing.)

Another way to use our digital collateral is via text message. If you use sms texting, like ExchangeDefender SMS Proxy you can instantly send an SMS with an image post. Sharing these posts via text will assure you that your client has seen the information you sent. (About 90% of people open their text messages within just a few minutes.)

Ready to get started? Here’s what to do next:

To start posting, please visit www.exchangedefender.com/marketing and navigate to the “Digital Assets” section of the page. To download, simply select the file, and it will automatically download. You should be able to locate these files on your computer in the downloads folder.  

ExchangeDefender is helping our clients and partners comply with email validation & authorization requirements. DMARC (SPF + DKIM) help prevent unauthorized hijacking/spoofing of your domain name and are used by email services to separate legitimate email from SPAM.

We’ll offer assistance for SPF + DKIM

In order to assure reliable email delivery, ExchangeDefender is offering assistance with SPF + DKIM rollout from September 20th through October 20th. All domains must be brought to compliance by October 30th, 2021 in order to continue relaying mail through ExchangeDefender. We’ll even do it for you, for free.

For more information on our new email security standards, please see our DMARC webinar, and read our DMARC guide.

Every domain that uses ExchangeDefender to send or receive email is required to update their SPF and DKIM records. Failure to comply will result in having your email bounced.

How to get started:

Step 1: Contact your DNS Administrator

You will need to contact your DNS administrator or DNS hosting provider to create the following DNS records:

SPF Record
DNS Record Type: TXT
DNS Record Value: “v=spf1 include:proxy.exchangedefender.com -all”DKIM Record
DNS Record Type: TXT
DNS Record Hostname: default._domainkey
DNS Record Value: “v=DKIM1; k=rsa; s=email;  p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkMvl3dS3g9XbhxtD16tSx/l+s0cxVv73/NCHywH2HFED61k+orBj4QY96FJcUD7MOwmwjC7Igtz5P9fVOLFoMr+d8g8c5J5OIA8Xj2ap4jsEnSF3rRrCNJDxojPvtGA1+ENwGpheHtniZG/fgVguDL+M1zXNRsYTybzKwU49tmP4RyIFIC8NEV7jqrGSVWpQSXc12JlvmLQX1J5tdnWvTR7/NGOzyth0rYP1STKj1hHU9ZVN+x8VFiumlPdpDQBMn5Bzu/Cs6pzrSHJqGBcVer4mccpnCOX9bG3sR7wU6nDIv3rvwIlfBymylcZruJvjsXZAZaameUBpgGgmibpkwIDAQAB”

Step 2: Validate your DNS records

After the DNS records are published please validate them using public tools like MX Toolbox (https://mxtoolbox.com/SuperTool.aspx) or DMARC Analyzer (https://www.dmarcanalyzer.com/dkim/dkim-checker/). Until your DNS records validate, you are not in compliance and will have issues with email delivery.

Step 3: Turn on DKIM signing

After your DNS records have been published and validated, you will need to turn on DKIM signing. Go to https://admin.exchangedefender.com, login as Domain Administrator and go to Mail Flow -> DKIM Signature.

Finally, click on Accounts and confirm that all your email addresses are listed and associated with appropriate users.


We’d love to help, if you’d like us to take care of this for you free of charge please fill out this form:
https://www.exchangedefender.com/security-lockdown

email authorization webinar

Welcome to 2021: Comply with the industry security standards or your mail gets bounced.

Believe it or not, that’s the best case scenario: When you actually know your email wasn’t delivered.

Most of the time, though, your sender reputation is scored by internal/proprietary lists and the message is just moved to trash. Worst case scenarios – where hackers are using your domain and email address as impersonations (to launch attacks) or to fool internal employees.

ExchangeDefender has always provided technology and policies to help manage this, but few of our partners have fully adopted it. We have been seeing an escalation in attacks over the past year and it’s only a matter until these security gaps are exploited.

We don’t want to see that happen to you. It is important enough that we are willing to help tighten your security and deploy auth protocols on your behalf, free of charge. Only catch is, it has to be completed by October 31st, 2021.

Too good to be true? Tune into our webinar next Thursday to get the specifics about what needs to be done and how. We will be covering:

– Best practices for email deliverability
– Required DNS records for SPF & DKIM
– Review of domain security policies
– Email delivery troubleshooting

Please register for the webinar:

XD Security Standards Compliance
Thursday, September 16, 2021 (Noon EST)
https://attendee.gotowebinar.com/register/3868159289922543632

We cannot overstate the importance of getting this done. ExchangeDefender (and practically everyone else) will no longer relay mail beyond 2021 without valid email authorization DNS records in place. Don’t wait until December and face expensive consulting contracts, we can handle this for free now and it will take less than 10 minutes of your time. That is how committed we are to keeping you secure and your email arriving where you send it, in the Inbox, every time.

P.S. We strongly encourage you to attend the webinar live so you can ask questions. As DNS is not something we host/offer please keep in mind that our support team will not assist or troubleshoot DNS issues for you.