Thought Leadership

Advanced Notice: Staying Alert and Aware of a Security Breach

admin — Thu, 06 Jan 2022 15:55:58 +0000

Advanced Notice: Staying Alert and Aware of a Security Breach admin Thu, 01/06/2022 - 09:55 Thought Leadership ��Ƶɫ

Locking your digital doors is the most important thing your organization can do—a cybersecurity system is crucial in today's hack-happy world.

Recognizing what a picked lock looks like is the second thing. Cyberattacks do come with warning signs, and your team needs to know those signs so that you can stop a security breach before it's too late.

We hear stories all the time about how a proactive approach to cybersecurity makes a breach less catastrophic. Here's a hypothetical business and name, but the scenario has happened many times.

Jay Duncan and his team learned this the hard way. Jay is the IT director for Sew Clean, a chain of alterations and dry cleaning stores. He has pushed his senior management to move towards a completely digital point of sale system, so their customers' information is stored in their network. Jay installed Intrusion Detection Software (IDS) in the network when they installed the new POS software, thinking that with all that customer data they needed bigger firewalls. The IDS he chose is antivirus software that monitors incoming network traffic.

So far, it's worked out well. Not only are customer's starch choices in the system, but so are their measurements, so they can just drop off basic alterations like hemming. During the pandemic, this full curbside service has boosted Sew Clean's business while their competitors are struggling.

Sew Clean has several branches in the metropolitan area, and Jay oversees a team of six administrators. Together, they keep customer data secure and manage the business operations.

A Series of Peculiar Events

One day, a branch manager mentioned that she had been locked out of her account when she tried to log in. She hadn't said anything about it because she assumed she had missed a capital letter on her password. Jay didn't think much about it; Susan was new and he figured she had just forgotten the sequences. He had also added email encryption to the system for an added layer of security. That afternoon, the operations manager said that the network seemed slow, and some of the computers were inexplicably crashing. Jay immediately shut down his computer, only it would not cooperate and kept running. Jay's suspicions of a security breach were confirmed when a ton of pop-ups started doing just that—popping up exponentially.

Jay realized that a data breach was in progress. He had been discussing plans for an emergency recovery with his IT admins since his first day, so he called his lead engineer and told her "we're hacked, get everyone on site and start working through the plan." Then he called the CEO with the news.

While Jay was having an uncomfortable discussion with the CEO, his lead engineer Jane had shut down all company routers to limit the spread of the hack, and had begun shutting down all servers. Her staff were calling branch managers to tell them to run through the instructions in the red 3-ring binder labeled "Emergency Recovery Plan."

By the time Jay got to the data room, Jane and her staff were almost finished rebuilding the desktop computers in the office. "Jay, I'm glad you made us practice this last month. I've put all the main servers in quarantine, and Tom's signed off on the checks. I'm sending the guys out to the branches to make sure they're all clean. Once that's done, we'll be back in business within an hour".

How Jay Prepared for a Data Breach

Jay and his team knew the signs of a security threat, but the initial signal—a new employee couldn't log in right away—was so subtle that he and Jane dismissed it at the outset. His CEO was grateful that Jay had insisted on additional email security as well as security audit software, although he had grumbled a bit about the cost at the time.

Fortunately, he and Jane both had that emergency plan in place, so they had minimal downtime and no loss of data.

Major Signs a Data Breach is Underway

Jay and Jane knew the warning signals for a data breach and had trained their staff to look out for these signs.

Users locked out of accounts—Susan couldn't log in because a phisher was interfering
Slow hardware and software performance–systems freeze and crash without reason
Abnormal system behavior—lots of pop-up and virus detection messages are a sure sign that malware is worming its way into your network

A security breach attack can even take the form of targeted campaigns that are customized to spoof legitimate notification messages.

More subtle changes to the system are sudden file changes and unusual activity on an administrative account. When Jay realized a cyberattack was underway, he was able to confirm through his security audit software that his admin account was secure and that the malware had not infected the company files.

Your data security should have built-in updates

Data security tools are constantly evolving to keep up with the bad actors in cyberspace. Jay had already installed Microsoft 365 Security Audit software that continuously monitors his email system for vulnerabilities. Hackers are always looking for a way in, and emails are a popular delivery vehicle for testing the waters. Phishing attacks are typically the first breach in a network. The security audit analyzes all network mailboxes for permissions, passwords, MFA, and forwarding settings so that any attempt at breaking in is automatically rebuffed.

Phishing is a highly profitable attack vector

According to an IBM study on overall costs of a data breach, a successful phishing attempt accounts for the second costliest type of attack. Phishing accounts for 17% of all data breaches, and costs companies an average of $4,65 million. Compromised email credentials—when the malware fools the active directory into thinking a request is valid—are responsible for 20% of security breaches. These incidents, however, are less expensive to clean up than a phishing hack.

Phishing breaches that wormed into business email, however, cost an average of $5.01 million in recovery. What's worse, IBM found that phishing only accounts for 4% of data breaches, and takes almost a year—317 days—to identify.

Modern IDS Keeps Up with the Bad Actors

The days when Jay and Sew Clean could keep their data secure with anti-virus software are long gone. As businesses are networked, security levels need to meet that risk by providing safeguards for the entire system. An IDS acts as that gatekeeper, with highly adaptable technologies that keep all your systems secure against consistently more sophisticated cyber threats.

Signature-based IDS takes off from antivirus software, which searches for patterns in byte sequencing—signatures—or known malware instruction sequences. The problem with signature-based IDS is that it cannot identify new attacks as there is no pattern precedent.

Anomaly-based IDS goes a step further and uses AI to identify odd patterns of behavior against a predefined trust model. The downside to this IDS is that fake positives are a possibility; in some instances new legitimate activity gets flagged as malicious.

Until this attempted data breach, Jay and Jane were having a hard time convincing their team and CEO that modern security software was critical for their company and customer information to remain safe and secure. Once the crisis had passed, they were fully on board with learning and staying up to date on security protocols.

Secure Modern Workplace

Security Best Practices for MSPs

admin — Wed, 01 Dec 2021 18:00:00 +0000

Security Best Practices for MSPs admin Wed, 12/01/2021 - 12:00 Thought Leadership ��Ƶɫ

While security has always been a key offering for MSPs, it’s more important now than ever. In the last year alone, phishing and social engineering scams have gone up by an astounding 400%. What’s more, two recent massive breaches—Solarwinds and Kaseya—show that MSPs are at an elevated risk.

As IT business growth expert Richard Tubb explained to CloudAlly, cybercriminals are targeting MSPs because they hold the keys to the whole kingdom. “If you can hack an MSP,” he says, “You can gain access to all their clients.” We talked to him about best practices MSPs can adopt to prioritize security and keep their clients safe in a security landscape that’s getting more complicated by the day.

Table stakes security

According to Tubb, every MSP should be taking two essential actions to strengthen their own security measures:

1) Prioritize basic, essential cyber security

Too often, says Tubb, MSPs will recommend extensive security measures for their clients, only to fall short of taking their own advice. Making sure strong passwords, password managers, and multi-factor authentication are in place are basic measures, but they’re also absolutely essential, and too often overlooked.

2) Investigate cybersecurity insurance

Unfortunately, we live in an age where supply chain attacks are becoming increasingly common. Tubb recommends that every MSP investigate cybersecurity insurance. “We can’t keep everyone safe,” he says. “We can do our best, but attackers will find their way in.”

Accepting this as an inevitability is the first step, and the second is to seek out specialized insurance for this type of attack. “Go to a specialized, local insurance broker and say ‘We need to mitigate our risk through insurance, and we need this insurance for our clients as well,” says Tubb. There are many brokers who know the IT market well, and building a relationship with them now will help you out down the line.

Rethink recovery

The Covid-19 pandemic changed business continuity and disaster recovery (BCDR) plans as more of the workforce was forced to work remotely. There’s still a need for traditional backup and disaster recovery, but with workers distributed across the world, most solutions are in the cloud. This brings a whole other disaster and recovery problem to the fore.

Some MSPs may assume they’re off the hook for backing up their clients’ cloud-based email, calendar, and business intelligence software—that the vendor will take care of it. However, most major cloud service providers (such as Microsoft and Google) actually recommend a third party backup as part of their service terms. Anyone who’s ever tried to recover or restore third-party, cloud-based data knows that this can take a long time, and the time spent waiting can cause major disruptions to operations.

Tubb argues that MSPs should be asking themselves what they’ve done to mitigate the risk in the event that the cloud-based provider loses the client’s data. Another way to think of this is: if a client wanted to move from one provider to another, how would you help them do the backup and restore to allow them to make that move?

The bottom line is, if your MSP is selling hosted, cloud-based software, you can’t rely on the vendor for backup. You should be offering a backup service as part of your bundled product offering, which will ultimately lower your cost of support and increase your revenue.

MSPs by the numbers: What to track

As Tubb tells it, there are a number of metrics and KPIs MSPs can use to get a read on how well your security measures are serving your clients. These fall into a few small categories.

Customer satisfaction

According to Tubb, customer satisfaction metrics are massively overlooked in the MSP industry. This is despite it being a great tool for direct customer feedback on what you’re doing well and what you could improve. There are two ways to gauge customer satisfaction overall.

The first opportunity is to directly solicit feedback on an interaction-by-interaction basis. As Tubb says, “You should have an option to send a request for feedback automatically with every ticket you close.” While the response rate for this kind of request is historically very low—about 1%—there are tools that make it easier for clients to give feedback that yield a response rate between 40 and 50%. This is a great way to collect feedback, because it gives you the opportunity to jump on a phone call with the client directly if you receive a bad score and see if there’s anything you can do better.

The second opportunity for client feedback is broader, but no less important: net promoter score, or NPS. This metric measures the overall loyalty that your customers feel toward your company, and it’s calculated by asking each customer, at regular intervals, “On a scale of 1-10, how likely are you to recommend us to someone else?” As Tubb explains, on an individual basis, anything less than a 9 should make you nervous, and anything below a 7 puts that client in “detractor” territory. NPS is important to track because it allows you to follow up with clients who give you bad scores to see how you could improve their experience, but it also allows you more generally to keep your finger on the pulse of how loyal your clients feel overall.

Keeping track of KPIs

Which KPIs an MSP should be tracking varies from business to business. Tubb recommends building a set of KPIs by asking yourself what’s important to your business.

For example, some MSPs might want to know their technician to node ratio (that is, how many clients a technician is looking after, where 250-400 is usually a healthy number). Others still might want to keep track of their ticket volume per day, per technician (here, 10-20 tickets per day is considered manageable).

Of course, there are financial KPIs you can track as well that will measure the health of your business. Gross margin will tell you how much revenue your MSP is generating after the cost of doing business, and calculating your percentage of recurring revenue will tell you how much of your revenue is reliably being repeated each month (typically, best in class for this metric is about 70%).

The security world is changing all the time, but introducing consistency around your MSP’s own security, recovery efforts, and KPI tracking can go a long way in ensuring continued success and continuing to serve your clients well.

The Future of MSP

Creating Secure Company Culture and Preventing Human Error: Why Security Awareness Training Isn't Enough

admin — Sat, 20 Nov 2021 03:00:00 +0000

Creating Secure Company Culture and Preventing Human Error: Why Security Awareness Training Isn't Enough admin Fri, 11/19/2021 - 21:00 Thought Leadership ��Ƶɫ

Building a secure company culture includes both increasing employee awareness of potential threats and actively taking steps to combat them before they occur with strong cybersecurity solutions. Although companies that value security often prioritize teaching their employees about how to recognize and manage threats, this is not enough on its own because modern security threats have grown increasingly sophisticated in recent years. The strongest security cultures both raise awareness of potential threats and actively take steps to keep them from happening in the first place. Here is an overview of the importance of creating a secure company culture, as well as helpful tips for increasing the security of your company.

Phishing Attack Sophistication

Email phishing attacks are quickly becoming more sophisticated, and becoming increasingly difficult to recognize. Although many phishing scams follow one of a handful of recognizable patterns that are becoming easier to spot, some attackers are also coming up with new methods for fooling companies. As one example, phishing scams that include multiple steps, such as a fake CAPTCHA page, look more convincing and are often capable of blocking security programs. In this type of scam, entering the CAPTCHA code is a well-disguised method of disabling the user's email security system. Fortunately, many security programs are also adapting to meet the new needs of this constantly-changing type of cyberattack.

Connections Between Human Error and Security Issues

Although it may seem as though security issues are only the fault of employees or only the fault of an ineffective security system, the truth is that businesses of all sizes have some element of both that contributes to security problems.

Your firewall, data loss prevention solution or other cybersecurity system can go a long way toward blocking security issues from reaching your accounts or computer in the first place. On the other hand, the attacks that make it through generally require a person to click on a dangerous link, unintentionally give out confidential information to the wrong person, or otherwise make an error in order to successfully compromise your device or access your company's data.

Because email attacks are growing increasingly sophisticated, it's not enough to rely on security training alone to prevent them. Besides this, security awareness training may not be remembered in detail for very long after the meeting, course or other training. To reduce human error as much as possible, it's important to do all you can to have systems in place to prevent malware or phishing from making it into the user's inbox in the first place. Creating a company culture requires vigilance with security threats by the use of multiple safeguards. In addition to security awareness training, it's important to implement strong cybersecurity solutions that reduce human error as much as possible, and reduce the complexity of these solutions for employees.

Connections Between Ransomware and Email

Your company's email system plays a vital role in keeping your employees connected with one another and with your customers, and keeping it as secure as possible is a must. Although scammers can use a variety of methods to attack your company, email is one of the most common sources of phishing and other types of ransomware attacks. These attackers send emails containing dangerous links, often while pretending to be a legitimate company, which are designed to gain unauthorized access to your company's financial data, medical records, insurance details, or other sensitive personal information.

Ransomware emails are a growing problem for companies of all sizes and the reality is that approximately 85 percent of data breaches involve a human element of some sort. That's why it's important to tackle this issue from multiple angles. It's recommended that you deploy an email threat protection solution that quarantines potential threat emails and "disarms" links to reduce the chance of an employee accidentally clicking on something dangerous. If you do not have this is place, you are then relying solely on your employees to prevent your network from threat actors. If you have this in place already, it's still important to train your employees to recognize the signs of the different types of phishing attacks in case your solution does not successfully block an attempt.

Steps to Protect Your Data

Taking steps to a vigilant cybersecurity culture is a must to secure your data in the modern world. Here are three steps to implement that can take your tech and data security to the next level.

Train Your Staff to Recognize Potential Security Threats

Although recent data breaches and other security issues have shown that training your staff properly is no longer enough on its own and needs to be supplemented with other solutions, it is still an important step in building a vigilant security company culture. There are several steps you can take to keep your staff alert to potential new threats. It's important to hold regular security awareness training sessions. You can decide what cadence is best for your business. Many small to midsize businesses typically hold a security awareness training once a year, but enterprises may decide it's important to do so multiple times per year (perhaps once per quarter). For those departments more vulnerable to security risks, such as accounting, finance, and engineering, it's a good idea for management to seeking out reading materials or breach examples that highlight the latest risks and information to protect company data and avoid cybersecurity threats.

Increase Accountability

Making sure your company's leadership and employees know exactly what they are supposed to do to protect against potential security threats is a must. However, awareness should also involve a level of accountability to foster a truly strong security culture.

Employees are more likely to make mistakes if they are not clear on what they are supposed to be doing (like dealing with complex security tools) or if they forget any element of their training. Some employees may also intentionally cut corners if they know there is little to no accountability within the company (such as downloading shadow IT solutions if they're faster, or bypass your security systems).

If you have not already done so, now is the time to implement accountability standards to ensure everyone at your company understands the importance of working securely at all times. Simply knowing what potential threats exist and what should be done to prevent them is not enough...making sure your employees are actively doing their part is essential.

Invest in Data Loss Prevention and Email Security Software

It is best practice to go beyond security awareness training to protect your data. A secure cloud is an important step in helping both large and small companies protect their data from a wide variety of potential threats, although it still needs to be monitored regularly to make sure it is doing its job. An email security filtering solution like Email Threat Protection includes, link disarming and a quarantine to prevent network infiltration via email. This would help prevent an email from entering a user's inbox if it's found to be a potential threat. Email Encryption is also an important tool because it helps with email data loss prevention, and also includes a quarantine feature to prevent sensitive data from leaving your employee inboxes. Implementing solutions like these is a simple step you can take to add an extra layer of security to any large or small company.

At ��Ƶɫ, we are here to help businesses of any size find and implement new methods of dealing with potential cybersecurity threats. Although the sophistication of these threats is higher than ever in 2021, striving to build a secure company culture that values actively taking steps to prevent cybersecurity problems before they occur can go a long way toward keeping your company's confidential data out of the wrong hands. Contact us today to learn more about our cybersecurity programs that are available to your business or to get started!

Secure Modern Workplace

Your IT Project Cheat Sheet

admin — Fri, 05 Nov 2021 19:34:38 +0000

Your IT Project Cheat Sheet admin Fri, 11/05/2021 - 14:34 Thought Leadership ��Ƶɫ

What does it take for an IT project to be successful? If anyone knows, it’s Lori Rainery, our Director of Program Management. In her time so far at ��Ƶɫ | AppRiver, she’s managed innumerable IT projects, both small and large. Her claim to fame, however, is that she’s led us through not one, but two domain merges, a herculean effort that most people don’t experience once in their career.

Naturally, when we decided to write a blog post on IT project planning, we knew we’d have to get her input. Here are Lori’s main lessons that she’s learned planning IT projects over the years.

Understand the stakes (and the stakeholders)

No two IT projects are created equal. There are a number of nuances that shape who should be involved in your project and which models you should use to plan it.

First, let’s consider greenfield versus brownfield IT projects. Greenfield projects are defined as those that are completely new, i.e. not building on an existing system or tool. Conversely, brownfield projects often pick up where an old project left off, or involve making changes to an existing system.

As you can imagine, the stakes—and stakeholders—for each of these scenarios are quite different. As Lori tells it, “When you’re creating something completely new, more stakeholders are involved. You need to have the right experts at the table, and you may need to bring in a consultant to lead you through the project.”

Greenfield projects also undergo more scrutiny. In other words, the stakes are higher. “There’s usually more executive involvement for projects like these, which tends to mean a more formal project plan is needed,” says Lori.

Get your plan together

The planning and accountability models for each type of project are different too. According to Lori, “For brownfield projects, everyone usually knows the lay of the land already, so a RACI model will do.”

RACI, for the uninitiated, is a planning model that stands for “responsible, accountable, consulted, and informed.” In a RACI matrix, each stakeholder is listed out, as well as each project task. Then, for each task, each individual is given one or more letters in the “RACI” acronym. For example, a project manager would be responsible and accountable for holding the project kickoff meeting, while other SMEs may be consulted in the kickoff planning, and others will merely be informed when they attend the kickoff meeting.

Greenfield projects, on the other hand, usually require more formal planning and allocation. For this reason, Gantt charts are used more frequently, which offer a much more involved timeline. Looking at a project Gantt chart will tell you when each task begins and ends, as well as the tasks that depend on one another in order to move the project forward.

No matter the size of the project, it’s important to understand the budget requirements and constraints. Greenfield projects usually require more resources and allocation, which often lead to a higher budget.

Decide how much tech debt you’re willing to take on

Another notable difference between greenfield and brownfield projects is the amount of tech debt involved. This refers to the cost of having to redo things later by choosing an easier, more limited solution now.

As you can imagine, people are usually more willing to take on tech debt with brownfield projects. “It is harder to course correct when you’re working with something that already exists, but brownfield projects allow you to apply lessons learned from previous projects,” says Lori. Updating old technology or systems also allows you to work with a known quantity, and the implementation is usually less involved.

Regardless, Lori suggests that whether you’re continuing old work or taking on something totally new, to make sure what you’re working with is scalable, efficient, and as automated as possible. The more you can avoid having to manually update things in the future, the better.

Understand the use cases

For any IT project, it’s important to understand exactly how the system, tool, or software will be used, and by whom. As Lori tells it, “Lots of people are tempted to jump in head first, but sometimes you need to slow down and focus on all the moving parts ahead of time.”

The type of project management model you choose can heavily influence this process. The two most common approaches are agile and waterfall, and while both have their merits, they’re also very different.

Agile project management is a more iterative approach that breaks a project down into two-week sprints. It allows for lots of course-correction and collaboration throughout the project lifespan, which is great. However, its looser nature also means that at times, use cases are not fully worked out in advance. “When it comes to project work,” says Lori, “Agile has taken the forefront, but some aspects of waterfall should still be used to really capture requirements at the beginning so that you’re not uncovering them mid-cycle.”

A waterfall approach is much more linear and detailed. It requires distinct, sequential planning rather than everything happening concurrently. While applying this level of detail to an entire project may not make the most sense, there are definitely certain phases, like planning and resourcing, that can benefit from it.

Keep your stakeholders engaged

Perhaps the most challenging part of managing any IT project is the people aspect. That is, keeping everyone involved accountable and aware of what’s happening. According to Lori, this is an ongoing effort that starts in the kickoff stage. “I always invite everyone to a project kickoff,” she says. “If a person attends and decides that the project doesn’t affect them, they can at the very least elect to look at the project dashboard for updates.”

For people who are more involved, the kickoff is a great time for them to identify when they may need to be looped in. “From there, I can set reminders to notify people when it’s their turn to jump in,” says Lori.

Overall, automation is an important part of keeping people accountable. “You have to be very proactive, and there’s a lot of follow-up required to make sure people are doing what they said they would,” says Lori. “As a project manager, the more you can automate, the better.” This includes setting time-based reminders to follow up with people whenever an action is required on their part.

Be flexible, but hit your target

You can plan every aspect of an IT project down to the letter, but according to Lori, a successful execution ultimately relies on your willingness to be flexible. “You always need to read the room and adjust accordingly,” she says. “Often projects fail because the PM has a routine that doesn’t work with their stakeholders.”

If it’s clear that engagement is slipping, or that people are dropping the ball on their tasks, Lori’s advice is to keep communicating and keep people looped in. “Even when there’s the slightest slip, don’t be afraid to ask for help from the stakeholders who can jump in,” she says.

If you plan well, automate appropriately, keep in contact with the right people, and allow for the plan to change if it needs to, you’ll be on the right track. But remember, no project is a true success until the thing you set out to do has been done. “You can hit all your success criteria, but if everyone’s done what they can and you still can’t use a new software until next year, did you really succeed?” says Lori.

Whether it’s a true success or not, every IT project is a chance to learn, improve, and find out what motivates your team—all good things as you forge ahead into the future of IT.

Secure Modern Workplace

6 Proven Tactics to Improve Work from Home Security

admin — Fri, 08 Oct 2021 19:10:33 +0000

6 Proven Tactics to Improve Work from Home Security admin Fri, 10/08/2021 - 14:10 Thought Leadership Sheila Carpenter

I’ve been working in IT Security for over 25 years, and even so, 2020 brought with it changes I never would have predicted. Along with the rest of the world, ��Ƶɫ | AppRiver was forced to become a fully operational remote workforce in just one week when the pandemic took hold.

Thankfully, I’ve spent my career focusing on compliance, business continuity, running IT, cloud offerings, and supporting customer-facing services, so getting our employees to a place where they could work remotely in a secure way allowed me to draw on my greatest strengths as an IT professional. As I mentioned back in March of last year, being an early adopter of cloud solutions in addition to having a comprehensive crisis plan also helped in making the transition a relatively smooth one.

Even so, I’ve learned—and reaffirmed—lessons over the last year-and-a-half that would be useful to anyone trying to improve their work from home security, pandemics notwithstanding.

While most businesses have had no choice but to figure out how to go fully remote, some of these transformations came at the expense of sustainable security. For any businesses planning to look at remote work as a long term strategy, it’s time to reassess any “band aid” solutions that may have been applied and look at ways that security can be prioritized permanently. Here are the top lessons I’d like other businesses to keep in mind as they transition to a fully remote workplace.

Enable VPN and create awareness around safe connections

Perhaps the number one security risk for workplaces with a remote workforce is employees using a connection that’s not secure.

While in the early days of the pandemic, most employees were home-bound, there is a higher likelihood now that they could be logging in from a cafe or other public Wi-Fi network. Public Wi-Fi poses a very high risk for malicious activity; hackers can easily take advantage of weak security to steal confidential information this way.

Your best defence in this situation is enabling a virtual private network (VPN) and communicating to your employees the importance of using only safe connections. In a survey of 100 IT professionals that we conducted along with Pulse this year, 38% of respondents reported that a VPN solution was the most important aspect of their overall workplace security, but 21% of respondents reported that their VPN was the IT solution they were least satisfied with.

Not having a safe and secure VPN solution in place now will only cause more problems down the road.

Enable multi-factor authentication (MFA)

While there’s no surefire way to keep hackers from trying to access your company’s sensitive information, you can make it harder for them to do so.

MFA offers an additional step beyond just a password that adds an extra layer of protection for users (and ultimately for your business). While a password could be compromised at any time, enabling MFA adds additional steps to this process to avoid any damage being inflicted as a result of a compromised password.

By using MFA, users will be asked to verify their identity on a different known device. While this measure isn’t 100% foolproof (no security measure is), it can go a long way in keeping everyone’s information and data safe.

Have a plan for mobile device management

When working remotely, sometimes it’s easier for employees to communicate using their own personal cell phones. This is especially true for any workforce that needs its employees to be on the move or complete site visits.

If you have employees who need to use a mobile device for work, consider using Mobile Application Management or Mobile Device Management. Both of these solutions can help govern business communications and systems used on the phone.

These solutions can also be used to clear a phone of its contents if an employee leaves the company or if a device is stolen, ensuring that your data will be kept safe in the event of a worst-case scenario.

Ensure cloud backup is enabled

It’s very important for remote workplaces to ensure that they’re regularly backing up company data to the cloud.

In the case of a data breach or ransomware attack, data can be locked down without you being able to access it, causing you to lose data on your email, CMS platforms, or any number of important servers housing sensitive information (for an example of a company that went through this very thing, check out our story on what happened to Cozad Community Health System [1] when they were hit with a Ryuk attack in the middle of the night).

A cloud backup solution makes it easy to automatically back up data and recover it from another system at any point in time. Backing up to the cloud also ensures that your information is kept safe in the unlikely event that a disgruntled employee may try to leak or delete important company data, never to be recovered.

Secure Modern Workplace

��Ƶɫ Secure Cloud: A Security Platform Designed for Simplicity

admin — Fri, 12 Mar 2021 01:25:17 +0000

��Ƶɫ Secure Cloud: A Security Platform Designed for Simplicity admin Thu, 03/11/2021 - 19:25 Thought Leadership ��Ƶɫ

In the spring of 2020, we introduced a major advancement of our platform – ��Ƶɫ Secure Cloud. ��Ƶɫ Secure Cloud is a platform designed with your business in mind. The modern, intuitive and unified interface makes it easy to access and administer ��Ƶɫ security and compliances services, and Microsoft resold services. It is one cloud platform providing you with everything needed to make your business resilient, defend against cyber threats, secure data and communications, and send files with confidence.

With the integration of our Secure Suite of products, enabling a single pane of glass for simple configuration and management, it was essential that we incorporate a modern and intuitive interface. Gone are the days where technical users were expected to read thick manuals or take training classes that last days or weeks before they could effectively use a cloud-based product. Today’s administrators expect an easy-to-use interface, otherwise they will rightly look elsewhere.

Just as exciting as the release of the newly redesigned platform is that our existing customers are automatically being upgraded to Secure Cloud. Beginning this month, thousands of legacy ��Ƶɫ Email Encryption customers will now have access to this powerful modern interface. This will be done with no impact on their current workflows and no configuration changes, making the experience seamless for customers. Once the upgrade is complete our customers will be presented with a new welcome screen and an updated interface.

What’s Next?

Once the upgrade is complete, you’ll be able to take advantage of all the great things ��Ƶɫ Secure Cloud has to offer further enabling remote work, cost savings and risk management.

The recent SolarWinds attack is further evidence that a multi-layer defense strategy is necessary to keep your organization safe. This is particularly true when it comes to the top attacked channel – Email. Sophisticated nation-state threat actors like APT29 (aka CozyBear) are targeting businesses of all sizes and using spear phishing attacks as the initial threat vector. To employ a multi-layered defense strategy organizations need:

Dual layered protection technologies that are designed to stop malware, ransomware, phishing, and impersonation.
3rd party real-time security monitoring, alerting, and automated remediation.
A responsive partner that immediately response with live assistance 24/7.

��Ƶɫ Secure Cloud helps organizations achieve and perfect this strategy. With the integration of Advanced Email Threat Protection, Security Audit and Phenomenal Care, we’ll help ensure that even sophisticated attackers won’t get to your data. For more information on Secure Cloud, check out our portfolio overview: ��Ƶɫ Secure Cloud Portfolio Brief

Token-Based Authentication: What Is It and How It Works

admin — Wed, 10 Feb 2021 01:18:18 +0000

Token-Based Authentication: What Is It and How It Works admin Tue, 02/09/2021 - 19:18 Thought Leadership David Bisson

In a previous post, ��Ƶɫ | AppRiver discussed how those responsible for the SolarWinds attack had abused tokens and certificates as part of their infection chain. The malicious actors went on to abuse those same types of assets in additional campaigns targeting other entities. This resulted in a confirmed certificate security incident at an email security provider.

Acknowledging these malicious activities, ��Ƶɫ | AppRiver felt it necessary to provide its customers with a series of articles that discuss the affected types of authentication methods and how they work. We’ll begin with token-based authentication.

Token-Based Authentication: An Overview

Token-based authentication addresses some of the limitations of session-based authentication. In the latter, a server creates a session for a user when they log in. It stores the session ID in a cookie, which accompanies all subsequent requests if the user stays logged in. The server then verifies a user’s identity by comparing the cookie to the session data stored in memory.

An illustration of session-based authentication. (Source: Sherry Hsu)

The problem here is that session-based authentication suffers from certain drawbacks. First, it requires that the server stores sessions in its memory. There’s also the issue of cookies working across multiple devices of different mediums (such as web and mobile).

That’s where token-based authentication comes in. This form of authentication involves an application providing a signed token to the client upon validating a set of user credentials. The client stores that token and sends it with each request, at which point the server verifies the token and sends along information.

An illustration of token-based authentication using a JSON Web Token (JWT). (Source: Sherry Hsu)

In this sense, token-based authentication differs from session-based authentication in that it’s stateless. It doesn’t involve storing information about a user on a server or in a session. It stores that data in the token on the client side.

Benefits and Challenges of Token-Based Authentication

Token-based authentication comes with many benefits. Chop-Chop notes that tokens work on different websites and mediums, as well, which creates an opportunity for a greater diversity of users—especially those using mobile devices. On top of all that, tokens stand in for a user’s credentials in the process of granting access to data; someone who compromised a token would not automatically gain access to the affected user’s account credentials.

That being said, token-based authentication isn’t without its challenges. Devbridge Group notes that some session tokens are not generated in a secure manner, for example. This makes it possible for an attacker with a large enough sample of session IDs to figure out a pattern and guess the tokens for a larger pool of users. There’s also the issue of attackers leveraging insecure token storages, multiple logins and/or long token validation times to steal authentication secrets.

How to Securely Use Token-Based Authentication

Acknowledging the risks discussed above, here are a few best practices for securely using token-based authentication:

Generate strong tokens. In particular, Devbridge recommends that the tokens feature a large set of possible values, incorporate a degree of pseudorandomness and consist of at least 16 bytes in length.
Give tokens an expiration. It’s important to set conditions for how long a token remains valid, notes Auth0. Obviously, if a user is still active, the token can automatically renew. But there’s also wisdom in allowing a token to expire when the user logs out and terminating the token no matter what after a certain period of time has elapsed.
Disallow multiple logins. As noted by Devbridge, it’s possible to use key attributes to prevent parallel authentications where more than one person is interacting with the same user account simultaneously.
Securely store tokens. Local storage is not the way to go here. DEV Community recommends the use of a cookie policy called SameSite for specifying the conditions under which a cookie can be passed in a cross-domain request. A Strict SameSite policy along with the requirement that people must a browser version that supports this functionality will help to keep session tokens secure.

Up Next in the Blog Series….

We covered the basics of token-based authentication in this post. Next time, we’ll do the same for a form of certificate-based authentication. Stay tuned.

Be Cyber Smart: How to Defend Against Phishing Attacks for NCSAM 2020

admin — Thu, 22 Oct 2020 23:56:17 +0000

Be Cyber Smart: How to Defend Against Phishing Attacks for NCSAM 2020 admin Thu, 10/22/2020 - 18:56 Thought Leadership David Bisson

Every October, the Cybersecurity & Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) promote the National Cyber Security Awareness Month (NCSAM). The theme for NCSAM 2020 is “Do Your Part. #BeCyberSmart.” The purpose of this message is to emphasize personal accountability when it comes to defending against cybersecurity threats such as phishing attacks.

In support of NCSAM 2020, ��Ƶɫ | AppRiver is pleased to share some email security best practices from the end of its 2020 Mid-Year Global Threat Report. Individual users and organizations alike can leverage these steps to harden their email security and keep themselves safe against phishers and email-based attackers.

These recommendations are presented below.

Never Reuse Passwords

Organizations and users want to make sure they don’t reuse their passwords across multiple services and accounts. The danger here is that malicious actors could attempt to conduct what are known as password reuse attacks. In these operations, nefarious individuals use a set of login credentials they compromised with a phishing email or other attack to try to authenticate themselves across other accounts so that they can gain even greater access to broader swaths of their victims’ digital presence. Acknowledging that threat, organizations and users are advised to create a strong and unique password for each of their web accounts and services.

Use a Password Manager

Creating a strong and unique password for multiple accounts might be easy enough. But remembering them is another thing entirely. To make this easy, users and organizations might be tempted to use shortcuts that make the process of remembering their passwords easier. The issue is that those methods could ultimately weaken their security and leave them more exposed to the threat of account takeover by a phisher. Consequently, organizations and users should consider using a password manager. Not only do these solutions help by remembering passwords for their customers, but many of them also have built-in tools for generating strong passwords that organizations and users can then use to protect their accounts.

Always Use MFA

Even if they have strong and unique passwords that are stored with a password manager, users could end up falling for a phish. (It’s nothing to be ashamed about it. Sometimes we let our guard down. It’s human nature.) Fortunately, organizations and users alike can further protect themselves against phishers by implementing Multi-Factor Authentication (MFA) as an additional layer of email security. This mechanism requires that all users provide multiple factors of authentication such as a thumbprint or security key in order to successfully log in. This helps to protect an account even in the event that a phisher compromises the login credentials.

Verify Suspicious Messages

Sometimes, users will receive a message from (what appears to be) a trusted contact. But something’s wrong. Maybe the grammar’s slightly off. Maybe the email has an unusual sense of urgency. Maybe the message just doesn’t sound like how the sender usually sounds. In those cases, users should take the initiative to verify the email by contacting the sender via another medium such as telephone. Organizations can support this type of verification by creating security policies that mandate multi-media verification for things like authorizing wire transfers and/or changing the banking details of a trusted vendor.

Avoid Clicking Links

This goes without saying, but users want to be careful when clicking on email links if they want to avoid falling victim to a phishing attack. Nefarious individuals are known to include malicious links in their emails. In the event a recipient ends up clicking on that link, the phishing email could send them to a malicious domain designed to steal their account information and/or install malware on their device. Users can avoid this fate by exercising caution around all email links, and organizations can reinforce this behavior using ongoing security awareness training.

Invest in a Robust Solution

Organizations and users would be mistaken to rely solely on awareness in the fight against phishing. To be truly secure, they should also invest in a security solution that’s capable of scanning incoming email messages for malware signatures, campaign patterns and other indicators of known threat behavior. The solution should perform this type of analysis in real time so as to allow legitimate correspondence to reach its intended destination.

Learn how email threat protection tools from ��Ƶɫ | AppRiver can help you do your part and stay cyber smart for this year’s NCSAM.

Microsoft Inspire 2020: Day One

admin — Thu, 23 Jul 2020 23:24:13 +0000

Microsoft Inspire 2020: Day One admin Thu, 07/23/2020 - 18:24 Thought Leadership Justin Gilbert

Over the next few days we’ll unpack all the best bits of Microsoft Inspire and end it all with a virtual happy hour on Friday afternoon. If you can’t be at the event hopefully you can join us and our experts as they cover lessons learned on Friday at 4 Central/5 Eastern. Whether you missed Inspire or just missed a particular session stop by and see what you missed.

As someone who hasn’t missed a Microsoft Inspire event in years its odd to be sitting at home watching Gavriella Schuster kicking off Inspire in shorts and flip flops instead of seeing her on stage in person. However, Microsoft isn’t letting a virtual only experience slow them down. Born out of necessity this year’s virtual Inspire experience is highlighting the power of partnership and technology with a focus on being together, when we can’t be together. We’ve all been to scores of webinars over the past few months so it’s interesting to see how Microsoft is using this new medium to engage with the partner community in a new and invigorating way. With live Q & A throughout as well as on demand content this isn’t the same type of webinar we’ve all become accustomed to but instead it’s deeply interactive and immersive. A few examples of their commitment to keeping education vibe alive are:

Ask the Expert
Networking Activities
Educational sessions that extend beyond the event

But enough with the preamble, let’s get to the event!

Kick Off

Gavriella Schuster, CVP One Commercial Partner, summed up what our partner community has faced in the first part of this year and what we’ve accomplished together,

“Seeing businesses impacted due to the pandemic is extremely sad but certainty comes from one single truth: human connection, technology, innovation and partners. As those on the frontline worked to protect us, partners created the solutions to innovate and problem solve, regardless of the complexity. Microsoft partners created innovative solutions to face these challenges.”

Based on that opening Microsoft’s Partner Priorities for FY21 aren’t surprising:

Remote Work
Business Continuity
Security
Cloud Migration

Next up was Judson Althoff, EVP, Worldwide Commercial Business, who highlighted how “Tech is the center of how customers will survive these times and thrive moving forward” and covered 3 areas of focus for his team in enabling this:

Respond
Recover
Reimagine

Judson covered a good bit around the transformation into a remote working culture and as a company who’s made this transition this next bit was poignant,

“Digital Transformation: Any good Digital Transformation is Business Transformation empowered by technology.”

Microsoft’s focus on then taking this transformation and becoming an agent for societal change looks to be a key driver in the years ahead. However, you don’t get there without a very healthy partner community driving growth and Microsoft is the reigning king of the channel:

Year to Date Numbers:

95% of Commercial Revenue is influenced by 300,000 ��Ƶɫ.
44% growth in co-sell revenue with 65% partner transactions via CSP.
1B Windows 10 monthly active users
13B in Commercial Cloud Revenue
59% in Azure Revenue Growth
Productivity Suit: 75M Daily Active Users on Teams in April. Up 70% from the month before.

Opportunity Growth:

Expecting 7.1 Trillion dollars in investment in Direct Digital Transformation by 2023.
34M gaming PCs to be shipped this year
59% of Services partners revenue to come from Cloud by 2021

If the lack of stock of Nintendo Switches at my local Walmart is any example I’d wager that the gaming industry is one of the few to be exceeding expectations during this work from home era so while interesting it’s not surprising to see Microsoft calling out that portion of their business. With the kickoff ended lets dive into some of the digital breakout sessions and see some of the great content you should be on the lookout for.

Unlock your opportunities with new commerce experience and Cloud Solution Provider program

Speaker: Mark Rice; Microsoft

Summary: Unlock your growth opportunities with the Microsoft new commerce experience and Cloud Solution Provider (CSP) program. Drive your success by accelerating digital transformation for your customers. Join this session to learn how you can seize the expanded opportunities across customer lifecycle and deliver unique solutions and services with Microsoft.

Key Take Aways:

Microsoft new commerce experience is aimed at addressing the rapid digital transformation happening today. Some key numbers:

64% of business leaders say they have will undergo digital transformation within 4 years
In Microsoft’s estimation 2 years’ worth of business transformation occurred in the past 2 months with remote working taking the lead
73% of companies are creating their own IP
Public Cloud is expected to reach $200 Billion this year with 69% of enterprise customers focusing on a hybrid (cloud/on prem) strategy

To address customers who still have a need for on premise software licenses Microsoft is evolving the CSP program to support digital transformation by allowing partners to purchase on-prem software licenses through the CSP Program.

Help customers reduce risk and build resilience with security, compliance and identity solutions

Speakers: Andrew Conway - Microsoft Corporation ; Ann Johnson - Microsoft Corporation; Vasu Jakkal - Microsoft; Alym Rayani – Microsoft

Summary: With the shift to remote work and the need to build resilience for the future, we see an increase in customer demand for security, compliance and identity solutions. Microsoft delivers integrated capabilities to help customers streamline and strengthen their security, while saving money. In this session, we’ll share the investments Microsoft Security is making to support our partner ecosystem and help customers, with a focus on Zero Trust, threat protection, and information protection.

Key Take Aways:

As a security company first and foremost this a a session near and dear to our hearts. It’s good to see Microsoft’s focus and acknowledgement that working with vendors like ��Ƶɫ |AppRiver is key to protecting customers.

Microsoft security strategy follows 3 core principles:

Built-in Security and compliance into the Microsoft platform and across all clouds and platforms
Deep use of AI and Automation: Microsoft sees more than 8 trillion threats across their platforms every day
Integration across the entire ecosystem and not just throughout the Microsoft platform

Microsoft adapted and simplified their go to market strategy across 2 top priorities:

Secure Remote Work: Securing access with Azure AD, managing devices through Microsoft Intune and new capabilities such as Windows Virtual Desktop. For Compliance, it’s Information Protection specially Data Loss Prevention in Teams and Risk Management.
Streamline and Strengthen Security while Saving Money: Across M365 E5 and Azure. Our approach is compromising to reduce licensing complexity while increasing security

Product Strategy: Identity, security and Compliance:

Zero Trust security is now the industry standard with the following key principles:
1. Verify Explicitly: By enabling strong authentication and authorization across all data points.
2. Least Privilege Access: Granting minimum access to people only when they need it for as long as they need it.
Assume breach: Always assume breach to detect breaches more quickly

Insider Risk Management was released in M354 earlier this year. It uses machine learning and automation to create a visual summary of risks within an organization. New features announced today:

New signals from Windows 10 Endpoint and Microsoft Defender ATP
Integrating Insider Risk Management with other services customers are using via APIs
New Policies and Settings

In the coming months Microsoft also expects to launch advanced security competencies and specializations to showcase partner’s deep security specializations.

Business Applications, the next big ISV opportunity!

Speakers: Steven Guggenheimer - Microsoft Corporation, Casey McGee – Microsoft, Toby Bowers - Microsoft Corporation, E.J. Tague - WalkMe Inc.

Summary: The market for line of business (LOB) applications is growing as more businesses want to respond to customer needs faster, more intelligently and tailored to their industry needs. Join a discussion with your peers and learn how the ISV Connect program can help you grow your business. We will also share the improvements we are making since it launched a year ago.

Key Takeaways:

There are huge names in the ISV space but Microsoft feels that half of this market (even post COVID) will be driven by the rank and file ISVs and not the major players. It is also a number that reflects all segments of the market and not just Enterprises.

When opting to build a business application Microsoft feels that partners are best suited choosing Dynamics over the competition (shouldn’t be a surprise to anyone). A few metrics on ROI do lay out a nice story to back this up:

While Microsoft didn’t go over requirements the tiers for ISV’s looking to dive into business app development over Dynamics look interesting:

In the next few months a full UI change is coming to Appsource. In addition Microsoft expects to deliver better lead management and lead qualification for their partners.

Leading with purpose, building torward inclusive and sustainable growth

Speakers: Gavriella Schuster - Microsoft, Pamela Maynard - Avanade, Arnaud Mourot - Ashoka

Summary: Expectations for business leaders have changed, customers and employees want businesses to contribute to a more inclusive, just, and sustainable world. Leaders who recognize this moment—and market opportunity—are integrating purpose-led strategies and building purpose-driven organizations. In this session, Gavriella Schuster, CVP, One Commercial Partner, will discuss with change-makers and purpose-driven leaders how technology leaders can align purpose with profit to build a brighter future.

Key Takeaways:

It shouldn’t be surprising that people want to work with an organization where it feels like they matter. Recent Studies by Harvard show that purpose driven organizations have a higher level of engagement from a people perspective, retention, and innovation. The results also show that those companies tend to be more profitable. In addition to higher profits these organizations also attract and retain more talented employees. Some key metrics to keep top of mind when thinking about your own organizations focus:

Purpose oriented companies reported 30% higher levels of innovation and 40% higher levels of workforce retention than their competitors
Companies with more diverse management teams have 19% higher revenue due to innovation
The global market opportunity associated with delivering on the UN sustainable developing goals is estimated to be $12 Trillion
There’s a projected 26 Trillion dollars of economic gain in climate action and sustainability solutions

While focusing on the betterment of society is a noble objective there are also financial drivers that make this a benefit to businesses around the world.

Your best self: How authenticity creates stronger leaders

Speakers: Bozoma Saint John - Netflix, Evelyn Padrino Espiga - Microsoft Corporation

Summary: Trailblazing brand and marketing executive Bozoma “Boz” Saint John, CMO for Netflix, is unapologetic about showing up as her full self and making no excuses for being YOU. These principles have served her well and propelled her to executive roles at Pepsi, Apple Music and Uber. Join “Boz” at this fireside chat as she discusses the power of authentic leadership as a pathway to building genuine connections in your personal and professional pursuits.

Key Takeaways:

The authenticity it requires to really show up as yourself and be brave in it is really hard and very complicated. You can’t just wake up and be an authentic leader. It’s something that you have to really practice. Being authentic is showing up as your true self. There’s a difference between authenticity and perfection. The more transparent you are the better leader you are. Try to use every opportunity you’re in to see your own evolution and humanity.

Appreciate your individuality. You have been taught a way of leadership but what if you’ve never seen yourself? You’re going to downplay those parts of yourself that you don’t think a leader should be and that’s a shame. When we think about partnership we always think of what we’re bringing to the table rather than how we’re going to serve the partner. It’s about how people come together rather than how one will serve the other.

Bozoma approaches partnership by finding out what the organization requires from her. How they see themselves shining through her. They should be on the same page so no unbalance occurs. According to Bozoma, if she’s not failing then she’s not taking enough risks. She needs to push through her comfort zone because that’s where the real hits are. The success. You have to get up and keep going.

Organizations benefit so much from authenticity and authentic leaders. There’s no downside. It’s on the shoulders of leaders and colleagues to see authenticity around the table. To not look at guide lines and policies as ways to make you behave, but as if they are written just to help you as a map. True authenticity doesn’t mean that you’re just bringing your full self but also accepting other people’s full selves.

��Ƶɫ|AppRiver Makes the Secure, Modern Workplace a Reality for Customers

admin — Wed, 15 Apr 2020 21:14:43 +0000

��Ƶɫ|AppRiver Makes the Secure, Modern Workplace a Reality for Customers admin Wed, 04/15/2020 - 16:14 Thought Leadership ��Ƶɫ

Secure Your Workplace

Over the past 20 years, ��Ƶɫ established itself as a leader in cloud-based email security, and one that grew into an even larger, stronger company in the past year through the acquisition of AppRiver, a go-to email security platform supporting 80,000 businesses globally and 5,000 managed service providers (MSPs).

Today we launched Secure Cloud, bringing together our proven security, compliance and productivity solutions on a secure platform, to empower customers and partners to establish a secure, modern workplace. We’re helping businesses create a space where employees can collaborate securely and productively – a critical capability at times like these when businesses across industries are forced to adapt to remote work.

Secure Cloud consists of the Secure Suite of applications, including:

Productivity: A modern workplace for better data sharing, collaboration, flexibility, and remote work
Security: Reduced risks caused by human error and security-related obstacles to productivity. Threat detection and risk mitigation are constant, automated, and dynamic
Compliance: Best-in-class email encryption, secure file sharing, and business communications archiving (email, social media, instant messaging)
Cyber intelligence: Insights derived from our encryption network, threat and compliance research, complete Office 365 security audits, and advanced technologies
Phenomenal Care: 24/7/365 support team that addresses regulatory changes and active attack vectors while solving issues quickly with 97% first call-resolution

The Secure Suite brings together more applications than ever before, including brand new capabilities like Secure File Sharing and Digital Signing. With such a comprehensive suite of applications in place, customers are armed with everything they need to make greater productivity gains without compromising security.

What This Means for our ��Ƶɫ

The Secure Cloud creates a tremendous opportunity for channel partners to grow their business, starting with simply having more proven technology solutions that can help build and optimize their portfolios.

But perhaps one of the most powerful components of the Secure Cloud, particularly for MSPs, is the Secure Platform, a cloud-native architecture that delivers the capabilities of the Secure Suite at scale. The platform creates an intuitive end-user experience that allows for:

Centralized management with a single pane of glass, giving MSPs the necessary tools to access, extend and integrate the various applications of the Secure Suite
Easy product provisioning
Flexible, consumption-based billing
Simplified administration and reporting

And, because it’s incredibly simple to use, it requires no training.

Setting our partners up for success has and always will be one of our top priorities. In the coming weeks, we'll be sharing resources and hosting live training for all our partners, including sessions tailored to MSPs and VARs. Stay tuned for more information on partner enablement for Secure Cloud.

��Ƶɫ and AppRiver have always been dedicated to providing powerful solutions for securing communications, but Secure Cloud is the pinnacle of our shared vision to help customers and the wider partner community embrace a secure, modern workplace – the lifeblood of any company operating in today’s business environment.

Whether you’re looking to enhance productivity or regulatory compliance, protect against threats, or migrate to the cloud, Secure Cloud is here to help you, or help your customers, set up and maintain a workplace for the future.

Thought Leadership

Advanced Notice: Staying Alert and Aware of a Security Breach

A Series of Peculiar Events

How Jay Prepared for a Data Breach

Major Signs a Data Breach is Underway

Your data security should have built-in updates

Phishing is a highly profitable attack vector

Security Best Practices for MSPs

Table stakes security

1) Prioritize basic, essential cyber security

2) Investigate cybersecurity insurance

Rethink recovery

MSPs by the numbers: What to track

Customer satisfaction

Keeping track of KPIs

Creating Secure Company Culture and Preventing Human Error: Why Security Awareness Training Isn't Enough

Phishing Attack Sophistication

Connections Between Human Error and Security Issues

Connections Between Ransomware and Email

Steps to Protect Your Data

Train Your Staff to Recognize Potential Security Threats

Increase Accountability

Invest in Data Loss Prevention and Email Security Software

Your IT Project Cheat Sheet

Understand the stakes (and the stakeholders)

Get your plan together

Decide how much tech debt you’re willing to take on

Understand the use cases

Keep your stakeholders engaged

Be flexible, but hit your target

6 Proven Tactics to Improve Work from Home Security

Enable VPN and create awareness around safe connections

Enable multi-factor authentication (MFA)

Have a plan for mobile device management

Ensure cloud backup is enabled

�����Ƶɫ Secure Cloud: A Security Platform Designed for Simplicity

Token-Based Authentication: What Is It and How It Works

Token-Based Authentication: An Overview

Benefits and Challenges of Token-Based Authentication

How to Securely Use Token-Based Authentication

Up Next in the Blog Series….

Be Cyber Smart: How to Defend Against Phishing Attacks for NCSAM 2020

Never Reuse Passwords

Use a Password Manager

Always Use MFA

Verify Suspicious Messages

Avoid Clicking Links

Invest in a Robust Solution

Microsoft Inspire 2020: Day One

�����Ƶɫ|AppRiver Makes the Secure, Modern Workplace a Reality for Customers

Secure Your Workplace

What This Means for our �����Ƶɫ

��Ƶɫ Secure Cloud: A Security Platform Designed for Simplicity

��Ƶɫ|AppRiver Makes the Secure, Modern Workplace a Reality for Customers

What This Means for our ��Ƶɫ