Mother Lode: (209) 694-4599
Central Valley: (209) 790-4560

Category: Security

  • How Does Email Archiving Work?

    Email is likely a critical communication channel for your business, both internally and externally. However, you may have concerns about security, accessibility, and storage. The best solution to address all of these is email archiving. In this post, we’ll explain what it is, how it works, and why it should be part of your email system.

    What Is Email Archiving?

    Email archiving is the practice of preserving these communications through cloud-based storage. It enables users to index, search, and retrieve old emails.

    Why Would an Organization Archive Emails?

    There are several business reasons to deploy an archiving solution, including:

    • Business continuity and disaster recovery
    • Internal audits, investigations, and eDiscovery for litigation (especially true for highly regulated industries)
    • Regulatory compliance mandates
    • Following security best practices
    • Record management
    • Protection of intellectual property (IP)
    • Minimizing the need to increase bandwidth while retaining the data

    Your need to archive may fall into multiple categories. It delivers benefits that can help you in various ways, from compliance requirements to cost savings.

    How Does the Archiving Process Work?

    The email archiving process captures 100% of inbound and outbound emails. The system then places these in a secured, cloud environment that’s accessible.

    It’s not the same as email backup. The difference is that a backup only backs up data for a limited time period to restore if necessary. Simply backing up your email doesn’t consider compliance requirements, nor does it help prevent data loss.

    If you’re currently only using a backup approach, you should be aware of its limitations. It’s also important to understand if it can or cannot deliver on all the business reasons you have for preserving email.

    What Are the Benefits of Email Archiving?

    The benefits of email archiving translate into business value. They include:

    Meeting Regulatory Compliance

    Certain industries have mandates regarding email communication if it contains confidential information. One of the most common is HIPAA, which regulates healthcare information. Those in this sector can achieve compliance by archiving.

    The archive keeps the data secure and provides a virtual paper trail should an audit occur. Compliance isn’t an option; it’s mandatory. By leveraging an archiving solution, you can also meet the regulations for FRCP, SOX, FINRA, GLB, NYSE, NASD, SEC, and others.

    Retaining Data

    Even the smallest companies generate thousands of emails. They often contain vital information, so retaining them is appropriate and may even be required. However, keeping them on your email server isn’t sustainable. You’ll quickly see your bandwidth diminish, which could include more costs.

    An archive moves those emails to the cloud and provides you with the ability to search them. The data is secure due to encryption, and you can find what you need in minutes, not hours.

    Achieving a True Backup for Business Continuity

    As noted, an email backup falls short of restoration. In this model, the Office 365 cloud houses the email files; however, this storage alone doesn’t preserve data for the long term. The archiving integration builds on top of what you have to create a permanent place for the emails to reside. You don’t have to do anything extra; it’s automatic.

    Protecting IP

    Emails can often contain IP. In fact, Microsoft reported that as much as 75 percent of company emails include IP. While you may not notice this because the IP is inherent to you, it could become an area of risk. Even the most minor trade secrets need protection. You’ll have more control over the content of these emails with archiving. It provides a repository where data loss isn’t a threat.

    Managing Legal Discovery

    If your company is in the middle of litigation, there will likely be eDiscovery requests regarding email. Without an archive, this will be an arduous task. An archive enables you to search, filter, and find what you need, so you don’t waste time and resources.

    Recovering Deleted Emails

    Deleting emails is a normal function. Most of the time, there’s no cause for concern. However, sometimes a user can inadvertently or purposely delete something that’s important or includes confidential information. Unfortunately, some of your employees may be engaging in risky behavior. A backup is a smart move to mitigate any fallout from such actions.

    What Archiving Features Do You Need?

    Before you choose an archiving solution, here are the features you should prioritize:

    • Security: This is at the top of the list. Find out how the system safeguards data with encryption (both while in transit and at rest) and how it meets compliance requirements regarding data security.
    • Scalability: You don’t want to have limits on storage capacity. Be sure it can meet your needs today and tomorrow.
    • Indexing of all file types: Not all archiving products include all file types or attachments. Ask about what it can index to ensure you’re covered.
    • Constant email capture: Be sure the solution captures and stores all sent and received emails.
    • Search functionality: In most cases, if you need to access your email archive, it’s because you’re looking for specific information tied to litigation, a breach, or an audit. Select a product that makes searching easy with tagging, filtering, advanced search, and categorization.
    • Exporting: Once you find the emails you need, you’ll want to be able to export them for the archive. Make sure this is possible, and that you have multiple format choices.
    • Integration: The standard Office 365 archiving doesn’t offer you complete protection. You’ll need a specific tool that meets all your needs. This will typically require an integration, so be sure that there are no compatibility issues while comparing options.
    • Easy set-up: You shouldn’t have to jump through hoops to add this to your email. It should be simple to implement and not require additional licenses.

    Learn More About Email Archiving

    Email archiving is a smart decision for any business. It elevates your security, helps you meet compliance, protects your IP, and ensures access when you need it. Learn more about why you should add it to your email today by taking a tour of the NTELogic Email Archiving solution.

  • Is Your Email Exchange Secure and Compliant?

    Email is a critical channel for communication for any business. In highly regulated industries, the security requirements for email differ depending on the information it contains. That means you need a secure email exchange to meet compliance. But how do you know if your email solution is really secure and compliant?

    The answer depends on the configuration of the email exchange and its features. Let’s take a look at what your system needs to ensure security and compliance.

    What Compliance Regulations Require Email Exchange Security?

    Several regulations impact email communication. The most prominent of those is HIPAA, which applies to PHI (protected healthcare information). It affects any healthcare organization or vendor to the space and requires them to protect PHI via encryption.

    Additionally, other regulations include:

    • GDPR (General Data Protection Regulation), which impacts any organization that collects data from citizens in the European Union.
    • FINRA (Financial Industry Regulatory Authority), which impacts organizations relating to investment banking.
    • SOX (Sarbanes-Oxley Act), which applies to publicly traded companies.

    What Constitutes a Secure Email Exchange?

    There are multiple components necessary for secure email. When evaluating your current email or looking to upgrade, these are the areas to focus on regarding security and compliance.

    Email Encryption

    Email encryption describes the process of protecting content when exchanged in the channel. It ensures that only the intended recipient can access the content. Encryption has two subsets: in transit and at rest. Both require protection and should use technology like Public Key Infrastructure (PKI), S/MIME, and X.509 certificates to verify confidentiality, authenticate users, and ensure message integrity.

    Email encryption doesn’t require your users to make any changes. Instead, admins can determine which regulations are relevant to their business and then build rules. Your email provider hosts the hardware and software, but you have control privileges, allowing you to determine the exact security profile, including monitoring for certain words or going more in-depth to develop complex rule chains.

    Scanning Capabilities Prevent Email Leaks and Data Breaches

    The worst possible outcome of an email with secure information is a leak or breach. With these rules in place, if a user doesn’t follow them for information that should be encrypted, the system returns it to the sender or deletes it. Not only is the body of the email scanned, but attachments are, as well.

    It also doesn’t matter from what device the email originates. It could be from a smartphone, Windows app, or desktop.

    Email Encryption and HIPAA Compliance Templates

    Another key thing to consider with encryption is HIPAA compliance templates. These templates include preconfigured compliance code sets, keywords, and policies that adhere to all measures regarding PHI in email communication.

    More Ways to Build a Secure Email Exchange for Your Business

    Encryption of emails is the foundation for a secure email solution. There are more layers of protection to add, as well.

    Minimize Threats with Advanced Technology

    Phishing emails are a significant concern for any organization. They are a leading cause of data breaches. While you should educate employees on the topic, you also need to be aware that they are often the weak link. Build in more protection with technology that scans for and filters out these messages and spam.

    But what if those emails still make it to an inbox? It could happen, so installing one more safeguard for point-of-click protection is a good idea. Basically, it blocks a user from accessing known phishing sites or a web page with malicious code. The technology can live scan a page. If it detects something, it alerts the user.

    Anti-virus engines are crucial to detecting email threats, and advanced technology like AI is now poised to support targeted attack protection. AI can flag emails that look suspicious into an attack category. It can automate remediation if necessary and protects in real-time.

    Keep Software Up to Date

    One major cause of noncompliance or security incidents is the failure to patch software. Exchange should auto-update with any new fixes. You can’t easily do this unless the cloud hosts the email exchange. With this model, every device connected to your network gets the update.

    Protect Data that Leaves Your Organization

    Email communication and sharing of confidential information happen both internally and externally. Sending data outside your organization can include the same encryption rules, which protect from intentional or accidental data leakage. With this in place, outbound users get alerts about security measures.

    Choose a Credentialed Provider

    The best way to ensure you have the proper encryption configurations and the most sophisticated protection technology is to work with a credentialed provider. That means using the cloud, which is safer and more flexible than an on-premises solution. In addition, you don’t have to worry about developing a top-tier infrastructure; a credentialed partner has this. The best way to gauge this is to:

    • Understand their encryption methods.
    • Review all their tools to prevent and remediate threats.
    • Receive confirmation that they meet compliance mandates through certifications or auditing standards.

    How Secure Is Your Email Exchange?

    In reviewing all these security and compliance elements, you may realize there are serious gaps in your current solution. So be proactive in fortifying it to ensure your email doesn’t cause a breach, which could result in regulatory fines and reputational harm. Get more information on email security by reading our whitepaper, A Guide to Security and Privacy in an Exchange Email Environment.

  • Cybersecurity for Employees: Awareness Can Save You from a Breach

    Your company might use iron-clad network protection and implement encryption across the board. However, your data and systems are still at risk of a cyberattack if you aren’t focusing on employee awareness. This risk exists because employees are behind a significant chunk of data breach incidents. These basic steps can help to raise employee awareness and ensure your company is protected.

    Human Error Is a Major Cybersecurity Weak Point for Businesses

    Employee negligence is a major cybersecurity issue for businesses of all sizes. Shred-It’s Ninth Annual Data Protection Report revealed that human error continues to be the driver of most data breaches. Fifty-three percent of C-suite executives cite external human error or accidental loss as primary problems. Twenty-eight percent of small business owners feel the same way. In the report, Ann Nickolas, Senior Vice President of Stericycle, says, “For the second consecutive year, employee negligence and collaboration with external vendors continues to threaten the information security of US businesses.”

    A data breach can have severe consequences when you add up reputational damage and lost revenue. Employee retention can be a problem as well – 33 percent of respondents in the Shred-It survey stated that they are likely to seek employment elsewhere after their employer experiences a data breach. That goes for both breaches of consumer and employee data.

    According to the 2020 Cost of a Data Breach report published by IBM and the Ponemon Institute, the average cost of each lost record is $146. As losing thousands of records during a breach is common, shoring up your employees’ cybersecurity habits is well worth the effort.

    Use this security checklist for in-office and remote employees to figure out what steps your company can take to reduce the risk of a breach.

    1. Train employees to recognize phishing emails

    Email phishing attacks are common. With this type of cyberattack, a hacker sends an email that appears legitimate and asks the recipient to share information or download a file.

    To protect against phishing emails, it’s important to use advanced email protection, which will help to weed out spoof emails and other external threats. Also, make sure all of your employees understand what a phishing email looks like, what the risks are if they fall for one, and what they should do if they spot what they think might be a phishing email message.

    2. Password Security

    A strong password policy is often the first line of defense against cyber attacks, yet many organizations continue to follow outdated guidelines that expose them to significant risk.

    According to Verizon’s 2020 Data Breach Investigations Report, lost or stolen credentials remain the number one hacking tactic used by malicious actors to perpetrate data breaches, with compromised or weak passwords responsible for 35% of all breaches.

    Password Sharing

    While sharing a password might seem convenient and harmless, it can have serious consequences. Passwords should never be shared with others. Period.

    Password Reuse

    Use different passwords for different accounts. That way, if one account is compromised, at least the others won’t be at risk.

    Password Length & Complexity

    Length trumps complexity. The longer a password is, the better. Use at least 16 characters whenever possible. Make passwords that are hard to guess but easy to remember.

    3. Require Multi Factor Authentication (MFA)

    With Multi Factor Authentication, even if a hacker steals an employee’s password, they still will be locked out of their device or system. This is how it works: an employee will use a password and another identifier such as biometric data or a code sent to their email or phone number. Since a hacker can’t steal biometric data and likely doesn’t have someone’s device, as well as their password, their chances of breaking in drop to nearly zero.

    4. Establish a data breach policy

    What an employee does after a suspected data breach will determine how quickly your business recovers. If they don’t act quickly by alerting your IT team, a hacker may have enough time to infiltrate your systems and do extensive damage. With a fast response, it’s possible to lock down your network and mitigate the risks.

    Tell your employees who they should contact if they notice a suspicious email, receive a security alert, if their device is stolen, or if they believe something is amiss with your company’s networks. Also, let them know they won’t be reprimanded if they fall victim to an attack. Employees should know they have their employer’s support. Otherwise, some people may not speak up when there’s a problem.

    5. Discuss mobile device usage

    If employees are using their smartphone or another personal device for work, teach them how to use their devices securely.

    • Always install the latest updates to ensure they’re using the newest operating system. These updates often include critical security updates.
    • If your company isn’t using a virtual private network (VPN), employees need to be very careful about what network they use when accessing business apps remotely. Only log on when using a secure network. They shouldn’t ever use public networks such as those found in coffee shops and airports.
    • Practice good flash drive hygiene – only use company-issued drives. Once one leaves the office, it should be wiped clean or discarded upon return.

    Make Cybersecurity a Part of Your Work Culture

    Following cybersecurity best practices such as using two-factor authentication, avoiding suspicious emails, and practicing good password security can go a long way in protecting against an attack. But, if cybersecurity isn’t a part of your work culture, it’s easy for these best practices to be forgotten.

    Cultivate a cybersecurity-aware culture by openly talking about risks, updating your employees about new best practices, providing training for new employees, and refreshing knowledge with regular internal messaging such as company-wide emails or training meetings.

  • Protect Your Employees Against Vishing

    Cybercriminals are always looking for new ways to scam users. Attacks continue to be more sophisticated and common. Organizations must remain vigilant and understand all the different avenues, including vishing (voice phishing), which uses the telephone as the channel for scamming.

    This post will define what vishing is and critical steps to take to protect your employees from falling prey to it.

    What is Vishing?

    Vishing is a cybercrime that uses voice communication, most often VoIP (voice over IP) phone systems. Cybercriminals use social engineering tactics to attempt to defraud the person on the other end.

    In many cases, these scammers impersonate the government, the IRS, a bank agent, the police, or another trustworthy organization. The content of the call is typically a threat of arrest, bank account closure, or other serious consequences.

    Unfortunately, many fall victim to it, giving in to the demands of the scammer. They may release private information, such as banking accounts, Social Security numbers, or other sensitive data.

    What’s the State of Vishing?

    Vishing grew tremendously in 2020, somewhat as a consequence of remote work. The FBI (Federal Bureau of Investigation) and CISA (Cybersecurity and Infrastructure Security Agency) released a joint advisory on the surge.

    They noted that in mid-July, a vishing campaign targeted various companies through VPN login pages. Actors created phishing pages for the internal VPN login page. They then created employee dossiers with social engineering tactics. The hackers often posed as another employee using spoofed numbers. They advised victims of a new VPN page, which they would send to the targeted employee. When the victim used the fake VPN page, the hacker could gain access to the company’s networks.

    The combination of VPNs and the elimination of in-person verification made these attacks fruitful for many.

    One example was the Twitter breach in July 2020. Hackers were able to hijack 130 accounts of prominent figures. The company admitted that social engineering and phone spear-phishing were the cause.

    Vishing Techniques

    There are several ways that cybercriminals can execute vishing.

    • VoIP: Creating fake numbers is easy for hackers. That can appear to be local or use the 1-800 prefix.
    • Wardialing: This approach uses software to call specific area codes and leave an urgent voicemail claiming that some security issue occurred. In the voicemail, they ask the victim to call back with account information.
    • Caller ID Spoofing: This is similar to VoIP vishing. Cybercriminals use a fake number or caller ID. It could appear as unknown or as a legitimate number, such as the phone number of a trusted government organization.

    These represent the more technologically forward tactics. However, there’s a low-tech way for hackers to get information—from your trash. They can collect vital information if documents aren’t shredded or properly destroyed.

    Now that we’ve covered the background of the topic, let’s discuss prevention

    Ways to Protect Against Vishing Attacks

    There are many ways to protect against cybercriminals that use these tactics. They fall into a few buckets of awareness, technology, and best practices.

    Ensure Every Employee Is Aware and Trained

    Employees are often the weak link in a cyber breach. Vishing is just one more way to isolate them. The best thing you can do is to create a continuous campaign of awareness around cyberattacks. It should be part of your wide-ranging cybersecurity education. Here are some ideas for implementing and maintaining such a campaign:

    • Every new employee should undergo training.
    • All employees should have at least yearly training if not more.
    • IT teams should work with marketing or HR to deliver bite-sized security content. You could distribute this via internal newsletters, intranet sites, or visually with signs and posters.
    • If employees receive a suspicious call, they should have a process to report it to security leaders.
    • Companies should issue advisories to employees about specific scams going on right now, so they’ll be more alert (i.e., scams related to COVID-19 or the IRS around tax time).
    Use Technology to Prevent Calls

    Most organizations employ cloud-based phone systems. Often these platforms have built-in spam caller protection. That’s a good first defense. The technology can detect calls from fraudsters. You then have the chance to either block them or send them to voicemail, so they never get answered.

    Further, phone systems today are often part of a unified communications (UC) platform. There are various security features you’ll want the system to have to protect it from hackers. Having these features in place will mitigate any attack if the hacker successfully gets information from the employee.

    • Advanced firewall systems that prevent intrusions and integrate with VPNs and traffic management
    • Intrusion protection systems (IPS) for detecting traffic that appears suspicious that made it through the firewall
    • DDoS (Distributed Denial of Service) protection
    • Commercial-grade edge routers, which are configured to resist IP-based network attacks
      Regular vulnerability scans
    Other Best Practices to Protect Against Vishing

    There are several other practices to put into place to keep vishing attacks at bay. The use of mobile apps via your UC platform will keep calls routing through your company’s VoIP. Calls won’t come directly to your smartphone number.

    You can also let employees know, especially those working in contact centers, that it’s okay to hang up the phone. If an employee can quickly define the call as vishing, the best thing to do is end the call.

    Finally, be sure you have strict security protocols about exchanging information, especially around accounts or wires. With this as part of your bedrock, employees won’t fall for scams.

  • Ransomware and Malware Threats: The State of Cybersecurity

    Cybersecurity is a growing concern for organizations all over the world. A single attack can lead to thousands or even millions in losses, and cybercriminals continue to come up with more sophisticated methods of attack. Ransomware and malware threats are some of the most common types of cyberattacks.

    Let’s take a look at how big of a risk these threats are right now and dive into what the average small to mid-sized business can do to protect itself from an attack.

    Ransomware and Malware – What’s the Difference?

    Ransomware and malware are sometimes used interchangeably, but they aren’t the same thing. It’s important to know the difference to ensure you have the right protocols and cyber protection in place to protect your business.

    Malware

    Malware is a blanket term that refers to all types of malicious code or files that are used to damage a user’s device or network.

    • Trojan horses, worms, spyware, and viruses are all types of malware.
    • Hackers send malware through emails, USB drives, and software installations. You can also open your computer or your network up to malware simply from browsing the internet.
    • Once malware is on your computer or network, it can cause a number of problems ranging from slowing down performance to a loss of control over your data.
    Ransomware

    Ransomware is one type of malware, and it’s generally the most difficult one to protect against. A cyber attacker will use ransomware specifically to stop you from accessing your system or your data until you pay them a fee. It’s essentially malware designed to hold your device or network for ransom.

    • Ransomware is primarily delivered via phishing emails. A tainted email will have a malicious attachment or a deceptive link that takes you to an infected website if you click on it. Cyber attackers can also send ransomware in an instant message.
    • With this type of threat, an attacker may lock you out of your system or encrypt your files so you can’t access them.

    How Big of a Threat Are They?

    Robust antivirus software and email encryption can help to protect against many malware threats. Ransomware, however, is a massive business threat. It doesn’t matter if you have a global enterprise or a small company – all organizations are vulnerable.

    To give you an idea of the size of the problem, look at these numbers:

    • In 2021, global ransomware damages are expected to cost organizations $20 billion – that’s 57 times more than the cost of damages in 2015.
    • By the end of 2021, a business will be attacked by ransomware every 11 seconds.
    • From 2019 to 2020, there was a 62 percent increase in the number of global ransomware attacks.
    • Last year, more than half of all successful ransomware attacks occurred in the US.

    NTELogic.com | The State of Cybersecurity

    Wondering what happens in a typical ransomware attack? Often, cyber attackers will lock your system and demand payment, usually in Bitcoin. Other times they will take down your IT system or wreak havoc in other ways. Because you can’t access your data when you’re under attack, you may also have to deal with days of downtime.

    No matter what the specifics are, ransomware attacks are always difficult and often very expensive. Your business may have to pay for:

    • A ransomware recovery IT team to get your company back online and to ensure the IT infrastructure is secure
    • A digital forensics team to identify exactly what happened
    • A public relations firm to help you with any reputational damage caused by the attack
    • The actual ransom – you can hire a ransomware negotiator to try and bring down the cost of the ransom and to manage the transaction on your behalf

    How to Protect Against Malware and Ransomware Threats

    While the threat of these cyberattacks is unnerving, there are many tools a business can use to mitigate risk and keep your systems protected.

    • Real-time backup. With real-time file backups, you can restore your files to any point you need to from the cloud. This enables fast recovery from ransomware attacks. It may save you from having to pay a ransom and reduce business downtime. Make sure your cloud backup solution includes advanced antimalware and antivirus software.
    • Employee training. Phishing emails are the main point of entry for ransomware attacks. All it takes is one individual unknowingly clicking on a malicious link or file attachment to put your business at risk. Make sure all of your employees are aware of the threat of ransomware attacks. They should know how to spot a phishing email and what to do if they think they may have clicked on a malicious link. Also, in general, all employees should be cautious of any email or instant message that they aren’t familiar with.
    • Advanced email protection. Because emails are ground zero for cyberattacks, it’s worth it to consider an advanced email protection solution. Ideally, your email protection comes with anti-phishing and anti-spoofing protection to help filter out external threats, malicious link protection, and outbound scanning. This helps to prevent malware from spreading if an employee clicks on a phishing link.

    NTELogic offers comprehensive, multi-layered email protection for SMBs, as well as secure backup and file management. Our expert team is also happy to talk to you about how Email Protection, ShareSync, and other Intermedia solutions can help protect your business from ransomware and malware threats. Contact us today to learn more.

     

  • Cybercriminals Exploit QR Codes

    The growing use of QR codes – those funny looking square bar codes showing up everywhere – makes mobile transactions more efficient. It also presents a growing cyberthreat.

    I guess I’m not surprised. Sadly, cybercriminals gravitate to highly successful and useful tech tools to perpetrate their crimes. Our growing use of QR codes makes them an ideal tool to exploit our trust in them.

    In the Government Technology article Combatting the Growing Cyberthreat of QR Code Abuse, author Dan Lohrmann smartly lays out the looming threat of how malicious QR Codes can infiltrate mobile devices and wreak havoc in a variety of ways. What’s particularly insidious about this is how easy it is to create and distribute a malicious QR Code. 

    In his article, Dan quotes an India Tech Online report that explains “victims scan fraudulent QRs and find themselves taken to malicious websites where they are asked to provide login, personal info, usernames and passwords, and payment information, which criminals then steal. The sites could also be used to simply download malicious programs onto a user’s device.” Same old phishing scheme, different approach.

    What Can Be Done?

    Like any other link or request for information – especially if unsolicited – think before you click (or scan). Always verify the legitimacy of a QR Code before using it.

     

  • Exchange Email Environment Top Tips for Security

    Exchange email is an essential tool for any business. By leveraging the cloud, organizations no longer have to house email servers on-premises, lowering costs and improving accessibility. While many Exchange environments offer the same features and functionality, they don’t all have the same security.

    If you’re considering a switch to Exchange or updating your current environment, consider these top tips for the most secure solution.

    The State of Email Security

    Email is essential to business communications. It’s also a vehicle for infiltrating networks via phishing techniques. According to the 2020 Verizon Data Breach Investigations Report, 25 percent of data breaches involved phishing.

    The pandemic has also been a flame to the fire for phishing. From February to May of this year, phishing attacks have risen over 600 percent in some areas.

    Phishing isn’t the only cause for concern. Many workers send sensitive data via email without encryption or security protocols, making it easy for hackers to intercept.

    You know these risks are real and have the potential to devastate your business. There are legal and brand reputation consequences for failing to protect against them. While there are threats internally and externally to your email security, there are also best practices to take to minimize risk.

    Tips for Secure Email Exchange

    Protect your email communication by implementing and maintaining these best practices.

    Choose an Exchange Partner with Credentials

    Any cybersecurity expert will vouch for the fact that cloud Exchange email is much safer than on-premises solutions. You likely don’t have the resources to build a robust security infrastructure, but the right Exchange partner can.

    To gauge the safety of a provider, look for one that meets established auditing standards, such as PCI (payment card industry) and SOC 2 Type II. Achieving these standards is a clear message that the provider has security and data breach protocols in place.

    Ensure Physical Security of Your Email Servers

    Exchange email lives in the cloud, but there are still physical servers at data centers. That means there is still a level of physical security. When comparing providers, ask about the facility’s security.

    Do they have camera surveillance? Secure access policies? Security guards?

    Use Email Encryption

    You can significantly reduce the risk of email data leaks with encryption. Email encryption delivers specific defenses, with outbound email content filtering and scanning of the content and attachments. The technology uses Public Key Infrastructure (PKI), S/MIME, and X.509 certificates to verify confidentiality, user authentication, and message integrity.

    This functionality is a requirement for certain compliance mandates, like HIPAA. However, it can be a useful tool for any industry, regulated or not. With Exchange, you can configure your policies around encryption to cover your specific needs.

    Protect Mobile Devices

    One of the most important benefits of Exchange email is its mobility. Your team can check email from any device, and many are probably using smartphones. When comparing different providers, be sure to ask if security features extend to mobile. Don’t assume that they do.

    With smartphone protection, you’ll also have peace of mind about lost or stolen devices. You can remote wipe them if necessary to protect confidential or private data.

    Arm Your Email System with the Right Defenses

    In the world of rising cybersecurity risk, your email system needs proactive defenses. You’ll find them with a multi-layered approach. Those defenses may include:

    • Anti-spam filtering: Removing spam can mitigate risks and improve bandwidth. You can control these settings and create white and black lists.
    • Continuous updates: Exchange should be auto-updating to fix any weaknesses from previous versions.
    • Malware protection: Stop malware from ever hitting the inbox.
    • Safe link features: This functionality prevents users from accessing known phishing sites.
    • Tier-1 antivirus: This security principle is universal, but not all protections are the same. Seek out solutions with proactive scanning and frequent virus definition updates.

    Document Email Practices and Educate Users

    Having a robust environment and proactive protections is essential to Exchange security, but so are your users. Your organization should document the policies around sending emails, especially if the information is confidential or protected.

    Employees can often be the “weak” link in security. They can also be the last line of defense. To empower them, you’ll need to educate them. Practice this as part of your culture, so they know what to look for and how to handle certain scenarios.

    NTELogic Exchange Email Goes Beyond Secure

    Our Exchange email platform delivers an abundance of security features. The platform encompasses all the best practices and more. Additionally, it offers flexibility and can boost productivity. 

  • What Is the Dark Web?

    What Is the Dark Web?

    You hear the term Dark Web frequently, but what is the Dark Web really?

    The Dark Web is World Wide Web content that exists on darknets, overlay networks that use the Internet but require specific software, configurations, or authorization to access. Content on the Dark Web is not indexed by regular search engines. Users of the Dark Web can communicate and conduct business anonymously without divulging identifying information, such as the user’s true identity or location.

    What Data Is On the Dark Web?

    The Dark Web is commonly used by cybercriminals to publish hacking information and hacking tools, lists of Personally Identifying Information (PII), such as names, dates of birth, email addresses and more, financial data, and other stolen data.

    Accessing the Dark Web

    Accessing the dark web requires the use of an anonymizing browser called Tor. The Tor browser routes your web page requests through a series of proxy servers operated by thousands of volunteers around the globe, rendering you and your IP address unidentifiable and untraceable.

    Is the Dark Web Illegal?

    Not everything on the dark web is nefarious or illegal. The Tor network began as an anonymous communications channel, and it still serves a valuable purpose in helping people communicate in environments that are hostile to free speech. People use it in countries where there’s government eavesdropping or where internet access is criminalized.

  • COVID-19 and Cybercrime

    FBI Warns of Email Phishing Attacks in COVID-19 Pandemic

    Several of our clients have reported an increasing amount of phishing email messages showing up in their Inboxes and those of others in their organizations. The global efforts to combat the COVID-19 pandemic have understandably diverted much of our attention. Businesses large and small are reeling from the economic impacts. More than ever, we must keep our cyber guards up.
    Cybercriminals are always looking for new ways to steal your money, identity and data. Protect yourself and do your research before clicking on links purporting to provide information on the virus, donating to a charity online or through social media, contributing to a crowdfunding campaign, purchasing products online, or giving up your personal information in order to receive money or other benefits. These are just a few of the ways cybercriminals are using to infect computers with malware, steal usernames and passwords, gain access to business information and more. On Friday March 20, 2020, the FBI issued an alert addressing these emerging threats.
    According to the FBI alert, phishing emails are being sent daily in record numbers. Be on the look out for phishing emails that ask you to verify your personal information in order to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money. Phishing emails may also claim to be related to:

    • Charitable contributions
    • General financial relief
    • Airline carrier refunds
    • Fake cures and vaccines
    • Fake testing kits

    Also watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
    Remember, you are the first line of defense against phishing attacks and malware infections. Following these simple steps will limit your chances of biting on a phishing scam or malware infection:

    • Don’t open messages from unknown senders
    • Do not click on any links. By hovering your mouse pointer over the link, you can see the actual link displayed in a pop-up info balloon. If the link address looks unusual or does not match the site it states it’s from, it’s a phishing attempt.
    • Call the sender and ask them if they sent you the message. Only follow the link or open the attachment if you can verify its legitimacy with the sender.
    • Do not provide personal information to any unsolicited requests for information
    • Type in a trusted URL for a company’s site into the address bar of your browser to bypass the link in a suspected phishing message
    • If you want to donate, visit the fundraising organization’s web site directly, don’t use any links from any other source.
    • Only provide personal information on sites that have “https” in the web address or have a lock icon at bottom of the browser
    • Immediately delete messages you suspect to be spam

    Email phishing messages can be safely deleted. If a message appears suspicious and you would like help determining whether it’s a phishing attack or not, please call our office at (209) 790-4560 option 2, or send us an email at support@ntelogic.com.
    If you believe you have already responded to an email phishing message, clicked on a suspicious link or opened a suspicious attachment, notify your supervisor and manager, and then call our office at (209) 790-4560 option 2.

    Remember to always stay safe online and think before you click!

  • Do You VPN?

    NTELogic.com | VPN ServicesDo You VPN?

    If you travel for business, it is highly likely you’ve connected to the free Wi-Fi in the airport terminal, local coffee shop or even on public transit. Have you ever connected to that free Wi-Fi in your hotel room and gotten a creeping sense of dread, wondering if anyone might be able to see what you’re doing online? That’s not just a feeling, it’s a reality. Public and free Wi-Fi networks are the playground of cyber thieves. With a VPN – Virtual Private Network – you can protect your online transactions from snooping eyes.

    What Is a VPN, and How Does It Work?

    A VPN creates an encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, so your data is secure from prying eyes along the way. Because your traffic is exiting the VPN server, your computer appears to have the IP address of VPN service server, masking your identity and location.

    Do I Need a VPN On All My Devices?

    Short answer is yes. You need a VPN on all your devices that connect to Wi-Fi outside your trusted office or home network. For the most part, VPN clients are the same for both Windows and macOS.

    What a VPN Won’t Do

    Even with a VPN, things like cookies allow companies to track your internet usage even after you’ve left their sites.

    Protect Yourself With a VPN

    Today, many of us have multiple devices that connect to the web. Modern devices are more powerful than the top computers of just 10 years ago. The internet however, hasn’t really changed. It was designed to be distributed and insecure. Cyber criminals take advantage of the insecure nature of the Internet. This means, unfortunately, it is up to individuals to protect themselves. Antivirus apps and password managers go a long way toward keeping you safer, but a VPN is a uniquely powerful tool that you should definitely have in your personal security toolkit, especially in today’s connected world.

    Ready to Give It a Try?

    Many of the VPN service providers offer a free trial. Others offer a basic VPN service for free, and additional features with a paid version. We are proud to have partnered with Hide Me. Register here (link) for a free account and start your VPN service today. Each free account includes 2GB of data transfer, 1 simultaneous connection (1 device) and your choice of 5 worldwide proxy servers.
    Once you see how powerful and easy to use the Hide.Me VPN service is, we’re confident you’ll want to upgrade to the paid subscription. By upgrading your service, you’ll enjoy unlimited data transfer, 10 simultaneous connections (10 devices) and 60 worldwide proxy server locations. NTELogic takes care of upgrading your service so you never have to worry about a lapse in protection. Give it a try today – it’s free!