Marketing breaching GDPR is a real issue! The General Data Protection Regulation (GDPR) has had a profound impact on how businesses communicate with prospects and customers, and how they conduct their marketing. There are still businesses that believe that once users consent to their marketing campaigns, they can use the gathered personal data however they want.
But this can get you in a world of trouble!
GDPR is much more complex than getting consent from visitors and users. While many news outlets have placed emphasis on how consent is handled, it’s actually about the way businesses handle and protect personal data, what they use it for, and how they seek permission to use it. GDPR is not a directive – it’s a regulation, and it’s legally binding. Companies could easily breach GDPR with their marketing efforts, and here the 6 common ways it can happen:
#1 Contacting people without active consent
GDPR regulates consent in extensive detail, and according to their regulations, consent must offer real choice, and users have to be in charge! It needs to be prominent, and users should have no issues understanding it. It should also be always requested on its own, not as part of any terms or conditions.
The only valid consent according to GDPR is a positive opt-in and requires you to disclose any third-parties that rely on that consent. You should also provide an easy way to withdraw consent.
#2 Automatic opt-ins
Automatic opt-ins were a common method to trick users who weren’t paying attention to consent. Such tactics are considered predatory and are considered marketing breaching GDPR tactics. Any tick boxes that are pre-ticked or say “click to opt OUT” are a huge breach.
Remember: The only type of consent accepted under GDPR is a positive opt-in.
Where are you storing your lead lists? While it’s very convenient to have them readily available on a shared Google Drive or OneDrive document, that’s a very poor practice and definitely a GDPR breach if you have the link set to public for sharing.
Your leads list should be secured and encrypted, and shared only on a need-to-know basis.
How long you keep the information is also important. Under GDPR’s data minimisation principle, holding information for too long is a marketing GDPR breach,so it’s important to delete it as soon as you don’t need it.
#4 Obtaining lists without confirmation of consent
One way marketers fill up their sales pipeline is with purchased lead lists. There’s a lot of third-party lead generator sites that are willing to sell lists to you. But you have to be careful when buying lists.
If these generators don’t have active consent from users on distributing their data to other parties, then YOU will be the one who’s breaching GDPR as soon as you contact those prospects.
You always need to have proof that they consented to be contacted by you, whether they gave the consent to you directly, or through third parties.
#5 Ignoring erasure requests
Users who have given consent to collect and process their data have the freedom to withdraw that request at any time. They can also request that you delete all the data that you have gathered on them. Not answering those requests is considered marketing breaching GDPR.
Do you know how to erase data? Do you know how much time you have to get back to them once they send a request?
GDPR states that you must act within a month of receiving the request, but there are also instances where you can extend response times; for example, when the user made multiple requests or in case the request is very complex.
#6 Accidentally sharing email addresses
Accidentally sharing any personal information is considered a breach under GDPR.
An accidental data breach is still a data breach, so make sure your emails are secured and encrypted. This way, even if they are accidentally sent to wrong recipients.
Cybersecurity is a vital part of every business that deals with any type of sensitive data. With online threats becoming more diverse every day, and the increasing regulations like GDPR. It is imperative that businesses stay on top of the latest cybersecurity developments for 2019.
Here are the most important things to consider when looking for ways to improve cybersecurity for businesses:
Hacking Is an Industry Now
Hacking has become a lucrative industry, with certain types of data being more valuable than others. Medical records, for example, are worth ten times more on average than credit card details.
Because there is so much money involved in hacking, it is not surprising that hackers are launching highly sophisticated attacks that are hard to detect and can be disruptive not only to normal business operations, but also to wider government-operated systems, like power grids for example. As such, hacking threats should be taken seriously, because a data breach can easily bring your business to a halt or end it altogether.
It’s Harder to Detect Breaches
Ponemon’s 2018 Cost of Data Breach Study states that it takes 197 days on average to detect a breach. After that, it takes another 69 days on average to contain a breach. This is a very long time for a breach to go undetected, costing businesses millions. For smaller companies, such a devastating breach could mean the end of their operations. Larger companies have an easier time to recover, but it still takes months or years.
Third-Party Apps and Vendors Are Common Vectors of Attack
With cloud computing being the new norm, it can be hard to confine sensitive data within an isolated data centre in your office. The majority of data today is stored in the cloud, with many businesses sharing data no only internally, but also to external third-party vendors or applications.
If these apps or vendors do not take adequate security precautions resulting in a data breach, the business can still be held accountable for the loss of sensitive data. Make sure then to check all third-party vendors your business deals with.
Data Protection Is More Important than Ever
Businesses who don’t invest in cybersecurity should be held accountable. It doesn’t really matter whether it was just an oversight or due to negligence – if the someone steals valuable data, there should be serious consequences.
Lawmakers are becoming aware that cybersecurity is an important aspect that needs to be regulated seriously. We are already seeing the adoption of stricter laws and regulations – the General Data Protection Regulation (GDPR) is just one of them.
Not only do such laws and regulations force businesses to improve their security, but they also help protect users against predatory practices like selling data to third parties without the user’s explicit consent.
Any business who is serious about what they do should have transparent data collection and usage policies. They should have adequate security and encryption for their data.
AI Helps Companies Protect Against Attacks
Advancements in AI and machine learning have made predictive analytics an ally against cyber attacks. Businesses have more overview of their real-time security than ever before. And predictive analysis helps them promptly detect anomalies in their operations. This is especially beneficial for the financial sector such as banks, and other businesses will reap the benefits as well.
As a business owner, you should be aware of the cyber threats lurking about. Know also that no target is too small for hackers. Make sure to update all your software regularly and educate your employees. Ensure that any third-party vendors or applications you deal with are taking cybersecurity seriously too.
Human interaction is the element that makes social networks so great, and businesses use it to connect with their user bases on an individual level. This human connection is also a vector used by hackers to get access to classified information, as well as access to internal networks and data. Such techniques are known as social engineering hacks.
Social engineering hacks is when hackers present themselves as trusted and friendly individuals or businesses to get their targets to disclose privileged and sensitive information. This tactic requires lots of research on the target to be successful, and the attack if often specifically aimed at individuals who have low-level access within their organisation, as this is enough to get access to everything else once they are in.
Research and reconnaissance include scanning the targets online behaviours and patterns, and social media accounts are a treasure trove of information. This is why it’s so important that all employees keep their social media accounts secure. The following seven tips will help keep social media accounts safe from hackers:
#1 Avoid Taking Part in the Things that Have Your Personal Details
Do you know all those various quizzes that “analyse” your social media account to tell you which “Game of Thrones” character are you most like, or tell you what kind of salad you are? How about some extensive personality tests that ask you to disclose super specific information about yourself to tell you what type of personality you are?
Always make sure to check what type of information you reveal and authorise access to. Many of them will require you to allow access to all your online images, your whole friend list, or your bio and personal information that might include phone numbers and emails. Only use such things if you can be 100% sure that the information you share will be used solely for marketing purposes and not compromise the security of your account.
Password strength is what makes or breaks the security of your social media accounts. First of all, make sure to use a strong password. The holy trinity of strong passwords is a combination of the following:
Lower- and uppercase letters
Numbers
Special characters
Have at least 8 or more characters in your password, and never use personal details and information like your kid’s names or birthdays in your passwords, as this makes access easier. To minimise the risk of being hacked, change your password regularly and never use the same password for multiple accounts. If you have trouble remembering all your passwords, use a trustworthy password manager instead.
Once something is on the web, it stays there forever. Your online behaviours can be tracked, and most people don’t think they are valid targets to be tracked online, so they will reveal too much on too many public places.
Imagine sharing your personal or work email, where you live, or images of your kids and your home to any stranger you meet on the street. It would be quite reckless, wouldn’t it? This is exactly what many people are doing online when they don’t think about their privacy settings and post publicly on their social media accounts.
When using Facebook or any other social media site, make sure to limit your posts and images to your friends only. If you wish to share something publicly, always ensure that it can’t be something used to get access to your accounts or to follow your actions online. Also be wary of friend requests from people you don’t know. Chances are, at least one of them might just be trying to get access to your information.
#4 Up Your Account Security
A strong password is just a first step towards a safer account. Wherever possible, use additional security in form of two- or multi-factor authentication (2FA or MFA) – they will ask you for an additional code that’s generated just for you once you type in your login credentials. This way, if someone manages to crack your password, they will not get any further because they won’t have the code they need.
#5 Use Quality Antivirus Software
Make sure to have good antivirus protection on your PC. Your antivirus must not only regularly scan your PC, but also monitor your online activity. Such suites will immediately let you know if there’s an infected link or attachment in your emails. It can also scan social media messages and quarantine it before you could click on it by mistake.
#6 Only Install Apps from Trusted Sources
Since there’s limited access to good antivirus software for mobile phones, stay safe by only installing apps from trusted sources. Examples of trusted sources are Google Play and Apple’s App Store. Apple, in particular, is very strict when it comes to what apps are allowed on their store. They do a full scan and inspection of every app before it can be approved and published in their store.
#7 Log Out of Devices and Close Old Accounts
If there are some accounts you are not using anymore, it doesn’t mean they are safe from hackers. Always close all old accounts you are not using anymore. This way, you make sure hackers don’t get access to them and use them without your knowledge.
Also, make sure to log in on trusted devices and on trusted networks only. Make it a point to log out of all your active sessions regularly. This will help those services recognise anomalies in your login patterns and detect a possible breach easier.
Have a proactive approach towards your social media security and you will be a very hard target for anyone trying to get access to your accounts. It will be a challenge for anyone to launch social engineering hacks against you.
Have more questions? Check out our Smiley Geeks IT Help Membership from only $69 a month!
The last several years have revealed that hospitality businesses are vulnerable to cyber attacks. Many major hospitality players being victims of cybercrime that was in some cases undetected for years. In a separate post, we have cited six hospitality businesses that faced data breach fines resulting from hospitality business hacking.
Hackers are becoming increasingly innovative in ways they gain access to secure hospitality systems. In contrast, the hospitality sector is lagging behind in security measures. Businesses often don’t treat cybersecurity as a priority but prefer to focus on customer experience only, which can have far-reaching consequences in case of a breach.
The most common factors that contribute to hospitality business hacking and data breaches include the following:
#1 The Number of People Involved
It is the nature of the hospitality industry that makes hospitality businesses such targets – there are so many customers and staff involved that hackers easily benefit from those numbers. Sooner or later, somebody will make a mistake and click on a malicious link delivered into their inbox from a spoofed email address, and that one click is often enough to get access to everything.
Once inside, hackers will easily find employee credentials to get access to sensitive information, such as customer names, emails, addresses, current residence, credit card information, loyalty programs and points, and more, and use all that information for monetary gain or to sell it on the dark web.
Another big issue that contributes to the high vulnerability of the hospitality sector is the current hospitality retention rates. Retention rate in the hospitality industry is quite low in comparison to averages or other industries. In the UK, the annual staff retention level is just over 70%, which is concerning since the average retention is usually around 85%. Not only are staff usually less interested in the long-term protection of the business, but frequent changes of users and passwords often leads to bad practices like sharing or logging in for each other.
#2 Unsecured Networks Result in Hospitality Business Hacking
One of the easiest ways hackers are able to access guest and employee data is through Wi-Fi networks that are poorly secured and unsecured. While it’s hard to make sure a Wi-Fi network is 100% secure against attacks, hospitality businesses can do a lot to minimise the risk.
First of all, a network should never be unsecured. While it might seem like a great perk – use your network easily without having to ask for a passcode – this also means that anyone can access it, hackers included. The passcode should always be complex to avoid hackers simply guessing it. Businesses should avoid setting up “12345” or the business name as the passcode.
In addition to the right encryption settings for all the networks, it’s important to separate them too. Guests should always have a separate network for all their devices. Sharing the same network for business devices and guest devices is a recipe for disaster. Some of your guests may not be as innocent as they appear. They may be accessing your internal systems and data whilst also enjoying your coffee.
Another fault of many businesses in the hospitality industry is their lack of understanding of cybersecurity. Hotels are now interconnected digital systems that compete for customers by introducing new digital experiences. As such complex systems, they have a large number of endpoints – like the above-mentioned Wi-Fi networks, but also HVAC systems, Points of Sale (PoS), electronic door locks, smart devices – through which customer data is accessed and stored.
It’s true that they do adopt new technology and software to streamline their operations. But their outdated security measures don’t cover new security threats. You see, each of the endpoints used can also be an entry point for hackers to steal data. Sometimes, it’s enough to delay updating your PoS system for hackers to get a successful entry.
Because hospitality businesses deal with such a large amount of sensitive data daily, it’s of utmost importance that they also understand the risks that come with the benefits of new software and tech solutions.
Most hospitality businesses will agree that customer satisfaction and the overall experience with their brand is what matters most. The competition is fierce, and it’s very easy to lose customers. In their battle to retain customers, they will often prioritise to spend their money on user experience. As a result, they streamline all their internal operations towards this goal.
Providing a seamless experience in every single one of their locations require interconnection of all hotels from the same chain. For this reason, they are able to easily share their data on customers between locations. This way, the customer’s preferences when it comes to rooms and suites and other data that help make them feel welcome is accessible at any time, no matter which of their hotels the customer walks into. Such data sharing happens within the hotel chain national network, which all hotels have access to.
This interconnectedness can have far-reaching consequences – just one breach into a single hotel from the whole chain is enough for hackers to quickly gain access to their whole system and steal information from central data points.
#5 Lack of Education Lead to Hospitality Business Hacking
With a lack of understanding of why security systems are crucial for all the digital systems in the hospitality industry, cybersecurity is often put into the back seat. This, in turn, results in a severe lack of education for staff members and partners.
If employees working in hospitality do not know how to spot risks, the chances of hospitality business hacking skyrocket. Not all employees are tech-savvy or IT professionals. Some of them don’t know how to spot a phishing attempt. However, with the right training, you can greatly reduce the chances of being hacked.
The best approach here would be to have cybersecurity staff that will take proactive measures to keep all systems secure. Therefore, it’s not a bad idea to appoint a Chief Information Security Officer (CISO) who would oversee all security-related operations. The CISO ‘s responsibility includes setting up a plan in case a breach happens.
The hospitality industry will remain a high-risk target for cyber attacks, and there will always be a risk. However, taking the right countermeasures will minimise hospitality business hacking. This ensures that if a breach does happen, there are rules in place that will help detect it quickly. Consequently, businesses take the right course of action.
You’ve probably been in a situation where you desperately need an internet connection for your devices while you’re out and about. Most public places offer free internet. Public Wi-Fi, however, is risky business, and it’s best to avoid it.
The Risk of Public Wi-Fi
Coffee shops, airports, hotels, and restaurants offer their Wi-Fi without a second thought, but most lack proper security measures. Those networks are often the prime spots for hackers to execute their attacks and get access to sensitive information or spread malware. One of the most concerning ways they do this is with a device called Wi-Fi Pineapple.
Primarily, Wi-Fi Pineapple is used by companies specialised for penetration testing networks of various businesses. Even though the original use of the device is to audit wireless networks and test for vulnerabilities, hackers realised they could use it too.
How Hackers Use Wi-Fi Pineapple
Because Pineapple is so cheap (the whole kit costs about $100/£75), hackers use it to get access to sensitive information or spread malware.
They set it up as a fake Wi-Fi hotspot (known as a rogue access point –rogue AP), which enables them to do an attack called “Man-in-the-Middle” (MitM).
They fake a network SSID (name) that sounds reputable, like a hotel name, by changing one letter in the name, and then wait for unsuspecting users to connect their devices.
Once connected, they will intercept all communication between devices and the web.
Another way they can get your device to connect automatically is to spoof the SSIDs saved by your device.
When you have Wi-Fi on, your device will actively scan the surrounding for networks that you have saved and enabled auto-connect.
Your device does this by actually broadcasting the SSID of all saved networks.
Wi-Fi Pineapple can read those broadcasts, rename its SSID to match one of your saved networks, and your device will automatically connect to it.
It’s always better to tether your internet connection from your phone to avoid those risks.
Advantages and Disadvantages of Tethering Your Internet
Tethering is easy to set up –basically, you use your phone’s data plan to get an internet connection. It can be done via Wi-Fi, Bluetooth, or USB.
Advantages of Tethering
Safer than using public Wi-Fi
Your personal hotspot; nobody else can use it
Safe to browse all sites and log in to sensitive websites too (like a bank account)
Disadvantages of Tethering
Some carriers block this option, and you might have to pay extra fees to use it.
Can drain the phone battery quickly if the phone is not connected to a power source.
Can use up your data plan if your connected devices are not set up to treat the connection as a metered one.
Even so, battery drain or a small one-time fee is acceptable when compared to the risk of losing your personal information or business accounts because you used public Wi-Fi.
How to Tether Your Phone
ANDROID
For Wi-Fi tethering, you should go to:
Settings > Wireless & Networks > Portable (Wi-Fi) Hotspot > Set Up Wi-Fi Hotspot.
Enter SSID (name) of the Hotspot.
Choose a security option – always go for WPA2 PSK (safest encryption).
Set up Password.
(Optional) Choose an AP Band – 2.4 GHz is the default, but you can go for 5GHz too if your devices support it.
Turn on HotSpot, find it with your device, and connect to it.
For USB tethering, you should:
Connect the phone to your device via USB.
Disable Wi-Fi.
Go to Settings > Wireless & Networks > More… > USB Tethering and activate it.
iOS:
Go to Settings > Cellular or Settings > Personal Hotspot.
Turn on Hotspot using a slider.
You can choose to connect your devices via Wi-Fi, Bluetooth, or USB.
For Wi-Fi, you will have to set up Wi-Fi Password first (under Personal Hotspot).
Bluetooth connection only works with Macs, PCs, and third-party devices;to connect other iOS devices, you need to use Wi-Fi.
For USB, you will need the latest iTunes on the device you want to connect.
Keeping your personal and business data safe wherever you might be should always be your primary concern. Particularly in this day and age.
Even though public Wi-Fi networks are convenient, you are at high risk every single time you connect to them, even if it’s just for a few minutes. Tethering your internet is simple, convenient, and gives you your very own personal and secure hotspot.
Email accounts are used as the most common point of entry by hackers to get access to networks and either disrupt services, steal information, or spread malevolent software to more accounts. But, if you improve your email security, you can prevent this!
So, What Is Email Security?
Put simply, email security is a term that encompasses all the measures taken to secure access to an email account and contents of all emails of that account.
15 Ways to Improve Your Email Security
Email accounts are fairly easy to hack, simply because of the sheer number of email accounts there are. With everybody having at least one account, a simple error like clicking an infected link is often enough for them to gain access.
Coupled with a lack of knowledge, some people are easy targets, and can be the weak link for businesses or home offices to get a malware infection or lead to a security breach.
This is why it’s important to be up to date with email security measures and be able to spot hacking attempts.
Here are some of the ways you can improve your email security and help keep your personal and business data safe.
1. Use Strong Passwords
Weak passwords are one of the simplest ways to get access to an email account.
Often, people use simple passwords out of convenience, but this makes them more vulnerable. Most services won’t even let you have generic or weak passwords anymore and demand that passwords have at least eight characters, must include upper- and lowercase letters, at least one number, and one special character.
Our tips for strong passwords include:
Avoid using meaningful passwords – like the name of your spouse, children, or pets, birthdates, and similar. It’s best to use everyday items that don’t have much meaning. For example, look around your room or office and pick an item or two, then use them to make a password.
Change your password every 3-6 months. Set a reminder on your phone or work calendar to do so.
Avoid leaving all of your accounts logged in on multiple devices ALL of the time.
Don’t write your password down and stick it to your desktop screen! (it happens more often than you think!)
Think it’s hard to steal your password? Read this:
This puts an extra layer of security in addition to a username and password. It makes it harder for attackers to gain access. With 2FA, the user, after putting in their username and password, also has to input additional information, such as an additional PIN or password, or a security token.
3. Avoid Logging In to Free Wi-Fi and then Signing into an Email
While free Wi-Fi sounds great in theory, in practice, it’s chock-full of hazards. Using public Wi-Fi puts you at risk of being hacked, as hackers might be using the same network to gain access to other devices – if you log in to your email account, they can easily get access immediately.
If you truly need internet access out in the public, it’s best to use your phone and tether a connection instead (just make sure you use encryption while doing so).
4. Use Professional/Paid Services and Avoid the Free Ones
While free email services are convenient (for example, Gmail), they don’t have all the features you might if you’re a business. Always opt for professional and paid services (for example, G-Suite email services) as they have priority support and better security features.
5. Educate Yourself
One of the best ways to stay secure is to be aware of all the risks and ways hackers might try to get access to your email. It’s extremely important for businesses to train their staff as well, to minimise the risk of someone accidentally clicking an infected link.
6. Use Anti-Virus That Includes an Email Scanner
Anti-virus software will scan your device for malevolent activity, but it’s not a bad idea to get AV software that also includes an email scanner. Such scanners will actively scan all links and email attachments and alert you about infected items.
7. Don’t Click Links from Emails and Don’t Log In on Email Pop-Ups
If you are unsure about a link from an email, never click on it. The link might lead to a site that downloads and installs malevolent software to your device. Any pop-up window that requires you to log in to your email is likely a scam too. Always log in through the actual service.
8. Check the Original Sender
If you receive an email that seems to be a bit off, always check the sender. Often, the sender name will be spoofed to make you believe they are someone else. You can do so by hovering over the “From” to see the actual email address and not the name of the sender.
9. Help Your Provider
Every time you mark an email as spam or junk and report them, you help your provider filter the emails better in the future. This way, harmful emails will never even manage to reach the inbox.
10. Be Careful Signing Up for Things.
Using the same email for all the services – from those you use regularly to some obscure mailing lists, is always a bad idea. Always have a “throwaway” or temporary email address for services or websites where you only need one-time access.
11. Check Who Has Your Email
Never share your email on just any websites or public places. Also, avoid posting to public forums with your main email address to make sure it’s not collected and ends up on spam lists.
12. Protect Sent Emails
Use encryption services to protect all sent email. Some services even make it possible to see the email only if the recipient has an authentication code, and you can redact access at any time you see fit. We use Microsoft’s Azure Information Protection and recommend it to our clients for automatic email and file encryption.
13. Be Careful What You Share Online
Avoid sharing personal information that could give hackers an idea on what you are using as a password! And I’ll say it again, don’t use obvious personal information as your password!
14. Run Regular Backups
With so many ransomware attacks happening lately, make sure your data is backed up regularly, just in case!
15. Be Careful About Apps
Avoid installing apps from third-party sites on your computer, browser, or phone. They are often infected with malware. Instead, only download from trusted sources, and always regularly update them.
These are all ways to improve your email security, whether you’re a personal user, have a business account, or are looking for organisational email security! Just remember, the more measures implemented, the higher the security of an email account.
Summary: With Microsoft Threat Protection (MTP), Microsoft has announced big changes coming to their security apps. Focusing on bringing a unified solution that correlates data across their cybersecurity services, they want to offer an end-to-end security solution that will help users stay one step ahead of sophisticated cyber attacks.
With the global cyber security landscape becoming more diverse, it is becoming increasingly difficult to stay protected against cyber security threats. The cyberspace is a new battlefield, and businesses should always assume that someone is attempting to hack into their systems and exploit their environments.
Microsoft Threat Protection (MTP) Is the Answer to New Cybersecurity Threats
Microsoft Threat Protection (MTP) is the most exciting update of the Microsoft Ignite 2018 that was held from September 24 to September 28, 2018, in Orlando, Florida. The Ignite Panel on Microsoft Threat Protection explained a large portion of the changes coming to their cyber security services.
What Is Microsoft Threat Protection (MTP)?
Microsoft Threat Protection is Microsoft’s latest response to the increasing complexity of the digital estate and security issues that come with it.
Anything connected to the internet can be attacked. This not only includes laptops, tablets, phones, but also IoT devices such as smart meters, smart watches, and others – all of them are possible vectors of attack. The endpoints in the environment that are a target of cybercriminals are not just computers or phones, but complex systems like smart cities, sensors, smart cars, and smart energy grids.
These are coordinated and intelligent attacks, and it’s been an ongoing game of cat and mouse, where cybercriminals land a blow, the security experts respond, then cybercriminals find new exploits, and so on.
Microsoft Threat Protection aims to break this cycle and ensure to stay one step ahead by using the power of cloud computing, automated responses, and scaling capabilities to secure everything.
Why Did Microsoft Decide to Develop MTP as an End-to-End Security Solution?
The digital environment is more diverse than ever before, and Microsoft Threat Protection aims to offer a solution that protects enterprises and their digital environment against a growing number of sophisticated cyber attacks.
Once a cybercriminal gets access to any device within a system, they also get access to everything that the device has access to, searching for additional logins on the affected device to move across your whole environment.
Microsoft Intelligent Security Graph
The Microsoft Intelligent Security Graph is the foundation of all the security services included in Microsoft Threat Protection. It gives insight into various attack vectors and shows how many security threat signals are coming in daily from consumers and corporations – 6.5 trillion signals a day. Those signals are gathered from users, corporations, and Microsoft services.
The graph shows just how many signals are detected in various areas, such as Outlook, where over 400 billion emails are analyzed, or from 1.2 billion devices that are scanned each month, where over 5 billion threats are detected in that time.
Every single security alert and signal that is received is part of a larger attack, and it’s difficult (and very expensive) to correlate all signals across all devices. The Microsoft Intelligent Security Graph requires analysis by more than four thousand in-house security specialists, with over $1 billion invested each year into cyber security.
It is virtually impossible for most enterprises to have access to such security skills and budget to correlate all threats to their digital estate. Microsoft, therefore, offers enterprises the ability to use Microsoft’s vast cloud computing capabilities and insights by choosing MTP as their ultimate cyber security solution for all digital devices and assets you have in their environment.
How Microsoft Security Solutions Used to Work…
Before this, Microsoft’s threat protection was divided between their various services, which meant that cyber attacks could happen outside of those areas, in the gaps that were not covered by a specific service.
By bringing all these services closer together and having multiple apps address the different aspects, those gaps are covered and the risk of a breach is lowered.
What Services Does Microsoft Threat Protection Include?
Microsoft Threat Protection isn’t a single app that covers all cyber security needs. It’s a group of services that work together to ensure all attack vectors are suitably covered from multiple angles.
The Services included in MTP are as follows:
Azure Active Directory – This covers identity and access management.
Azure Advanced Threat Protection (ATP) – This covers detection of advanced attacks across the digital environment.
Microsoft Cloud App Security – This is a Cloud Access Security Broker (CASB) that covers data protection in the cloud environment.
Microsoft Intune – A part of Microsoft Enterprise Mobility and Security, Intune is a cloud-based service that helps you manage mobile devices, apps, and the way workforce accesses and shares company information.
Windows 10 – These are updates to existing security services like the Windows Defender.
Azure Security Center – This is a unified security management system that protects hybrid workloads running in Azure and other environments.
Windows Defender Advanced Threat Protection – Windows Defender is getting new capabilities that include post-breach detection, investigation options, and response.
Office Advanced Threat Protection – This covers malicious attacks found in emails, collaboration tools, and links.
Office Threat Intelligence – These are threat protection capabilities across all Office apps.
Windows Server Linux – This covers Linux based servers.
Exchange Online Protection – This covers email filtering, spam and malware protection, as well as protection against messaging policy violations.
SQL Server – A protection through advanced machine learning.
Those services work in tandem to secure the five pillars of cyber security. This gives them greater coverage of possible attack vectors and in case one service doesn’t address a specific vector, the other will. These are the five pillars:
Identities – This pillar includes vectors such as users and admins and is protected by the following services: Azure Active Directory, Azure Advanced Threat Protection, and MS Cloud App Security.
Endpoints – This includes all types of devices and sensors that could be possible vectors for a breach. It’s protected by Microsoft Intune, Windows 10, Windows Defender ATP services.
User Data – All email messages and documents are protected by Microsoft Cloud App Security, Windows Defender ATP, Office 365 ATM, Office Threat Intelligence, and Exchange Online Protection.
Cloud Apps – All data stores and SaaS solutions/apps are covered by MS Cloud App Security, Office 365 ATP and Exchange Online Services.
Infrastructure – All enterprise servers, virtual machines, networks, and databases are protected by Windows Server Linux, SQL Server, and Azure Security Center.
How Do Enterprises Use and Benefit from MTP
A good example of how enterprises benefit from MTP is Telit, who has over twenty years of experience in IoT and offers end-to-end IoT solutions. They use Microsoft’s services to protect everything: from IoT Products, over Services, IoT consulting, and building systems for enterprises.
They realized quickly that by having a unified system, they can address any security issues more efficiently and save a lot of money when compared to using different providers for each aspect of their business.
Your enterprise will benefit because instead of using the top services for each category, the MTP unified system can secure all of the following, and more:
Mail protection and encryption
Mobile device management
Endpoint security
Incident response
Cloud access
Securing data and apps
Data classification and governance
Data loss prevention
Compliance (GDPR)
Identity protection and privacy
Microsoft Threat Protection addresses the following cybersecurity pain points and helps enterprises by offering the following:
Integration – All security products should aim to be closer together and better integrated. This improves response and automation and closes gaps is security where attackers often operate.
Intelligence– The power of the cloud can improve security across all apps.
For example, businesses can have an overview of each user activity and get alerts on unusual activity or devices for each of their accounts or identities.
MS combines machine learning to detect deviations from usual patterns in user/ID/machine behaviour and activity.
Automation – The focus is placed on incidents that are most important, not all of them. This saves time on mundane and routine tasks through automated actions for each type of attack.
Alerts are correlated across machines and network to figure out how it happened and whether it’s part of a larger incident.
The incident takes X number of alerts and groups them together, shows the timeline of all alerts, and shows affected machines, emails, users what investigations and actions were taken.
By combining services to correlate alerts, better detection and response is achieved, and it’s easier to secure all the attack areas, strengthening the overall security.
A User-Centric Approach – Solutions are geared toward how users work.
For example, in emails, you will be able to display the underlying URL instead of the text part to immediately see if the link was spoofed. This offers security against threats targeting users (phishing etc) while not undermining the user experience.
Ecosystem–Intelligent Security Association – Instead of trying to cover every security aspect on their own, Microsoft is working with over thirty leading security tech providers to expand security coverage.
The Purpose of MTP
Microsoft wants to take a more active part in the realm of cyber security, and their threat protection gives them an important role of a cloud security provider. With their Intelligent Security Graph analysis, their Microsoft Threat Protection combines integration, intelligence, and correlation, and gives enterprises access to their computing power and scale.
Ideally, MTP will offer the following:
Protection Against All Attack Vectors – The optimal solution is to stop all attacks, but since this is impossible, it should stop as much as possible from breaching the system.
QUICK Detections When a Breach Occurs – Since some attacks will sneak by, it is crucial that they are detected as soon as possible.
Response and Remediations – Once a breach is detected, adequate action should be taken. Here, automation options help take care of smaller threats by automatically remediating them, while larger threats will be brought to attention and the system will await input on what to do with them.
While MTP will make it easier to protect every aspect of your digital estate, user education and training are important too. Here, MTP wants to help businesses teach their employees about security risks, what they have to understand, and why they might be targets.
Ultimately, Microsoft Threat Protection should reduce complexity, time, and lower costs on incidents by offering an end-to-end security solution that also works with external security providers to truly extend their cyber security reach where it matters.
Small and micro-business owners or entrepreneurs aren’t exempt from GDPR and they must still find solutions that will make them compliant.
While large enterprises have the means to implement the newest security measures easily, smaller businesses and entrepreneurs just don’t often have access to the right technology.
The simplest way to protect the data is to encrypt your email so you retain control over all data you send. Encryption ensures that only the contents of your email are accessible by the right recipient. If somebody else gets it by mistake or because it was forwarded, they won’t be able to read the contents.
The alternative is having a ‘Do Not Forward’ function on that prohibits the receiver from forwarding the email in the first place. Best case, you have both in place for full protection
This system can even automatically detect sensitive data when configured correctly. With AIP, only the rightful recipient can read the email, and they won’t be able to forward it to anyone.
Unfortunately, this solution can be pricey for smaller businesses and the tool is focused towards the larger enterprises.
Smaller businesses and entrepreneurs need to look elsewhere.
My Protected Mail Helps You Keep Email Data Confidential
This is where My Protected Mail can help you here. This solution is similar to AIP but specifically focuses on providing services to small businesses, micro-businesses, and individuals. My Protected Mail offers encryption services (EaaS – encryption as a service) for your email communication. This benefits business owners because:
My Protected Mail not only uses the same principle as AIP but also the same architecture – it’s powered by Microsoft 365 Azure Information Protection.
The encryption process is automatic and super easy to use. When emailing through My Protected Mail, it will be encrypted automatically, giving you control over all data you are sending.
Each email you send through the system is also automatically flagged as “Do not forward.” This ensures all contents of the email stay with the recipient and cannot be shared with other parties.
How to Use My Protected Mail to Encrypt Email Messages
My Protected Mail is a cloud-based solution and doesn’t require any additional software installation on your part; you just need to make a few changes in the way you send your email. Here’s how:
Instead of putting the recipient address into the recipient header, you will put [email protected] in there.
The recipient email address goes to the Subject line instead.
When you have finished writing your email, hit Send, and that’s it!
(Plus it works on whatever device or service you’re using so can work on a MAC too)
Sending Encrypted Email From a MAC
The recipient will get an email that will require an OTP (one-time passcode) to access the email. This passcode is received once the recipient clicks the link “Sign in with a one-time passcode.”
The best thing is you can try it out for free as the Free plan allows you to send up to fifteen emails per month and includes basic reply functionality (meaning you will continue the conversation protected).
The best ticketing software helps tech support resolve issues faster and allows managed service providers to offer a better service! Here are seven excellent IT ticketing software solutions that will optimise your IT support:
Spiceworks is amongst the best ticketing software solutions, and all their products are free!
It’s a full help-desk system with multiple-channel ticket support and network monitoring. All systems are customisable to meet the requirements of any business.
The most prominent features include automatic ticket routing, prioritisation, and notifications for IT teams, as well as a knowledge base for most common issues that can be integrated into a ticket.
ManageEngine’s ServiceDesk Plus is a solution that helps an IT managed service provider with advanced automation options of many processes.
The project management module supports tracking of any number of IT projects and helps with planning. Ticket routing, prioritisation, and escalation options make it a favorite of many IT teams. The IT ticketing software automatically informs users about any changes to the status of their tickets and reported issues.
The analytical capabilities help link recurring issues to the root cause and eliminate their occurrence permanently. The knowledge base keeps the ticket inbox decluttered through self-service for end users.
BMC’s Remedy Service Desk is the best option for an IT managed service provider who caters to enterprise users. It provides MSPs with a comprehensive service management suite that can be deployed in the cloud or on-premises.
Their incident management with service impact analysis is their best feature. It helps IT staff see how problems and incidents affect business systems.
Problem management detects recurring incidents and helps trace the cause.
Knowledge management delivers the required information directly to users and staff.
This service desk supports a multichannel report of incidents and issues via email, web service, self-service, social, or chat. Pricing is provided per request.
Freshdesk is a solution that can work for internal IT departments, but it’s actually an IT ticketing software that’s better tailored for an IT managed service provider. Customer tickets are processed in a swift manner thanks to ticket workflow optimisation, routing, ticket response automation options, and service level agreement (SLA) management. The IT team can collaborate on a single ticket and resolve complex issues faster.
There’s a free plan available, while other tiers span from $19 to $89 per agent per month.
Zendesk is one of the best-designed ITSM solutions out there. Asset, problem, and incident management are done via a ticketing system that includes all the tools an IT team needs: ticket priority, tracking, and resolving have powerful automation options.
Everything is available from a central interface: on-premise information and third party apps, as well as self-service options and workflows, which makes it one of the best ticketing software designs available.
There’s a free trial and five price tiers that span from $5 to $199 per agent per month.
Jira Service Desk is available as a cloud-based or on-premise solution that includes problem, change, and incident management, while the self-service feature helps users resolve tickets on their own by accessing a knowledge base.
The most notable feature includes the ability to link the Service Desk IT ticketing software to software issues, so the required IT experts will be notified about the issue faster.
There are two price tiers: $10 for up to three agents, and $20 for four to five agents, and discounts for larger groups.
This is a cloud-based IT ticketing software that offers a wide array of features: from help-desk automation and IT asset management, all the way to performance analysis and monitoring.
Their incident report and service request modules, as well as their remote control capabilities, are their strongest features. They help track and resolve issues quickly. Their ticketing system is extensive and includes incident management, knowledge base, and a self-service portal, and incidents can even be reported via email. The tickets can be assigned automatically to the most appropriate IT professional, while escalation rules ensure all tickets are addressed in a timely manner.
The pricing is available from the vendor per request.
The best ticketing software helps resolve IT issues quickly but also plays a proactive role: by analysing incident reports, problems can be eliminated before they cause large-scale issues by tracing the root cause.
If you need help managing your IT support, contact us to discuss a quote.
Did you delete metadata on redacted documents the last time you sent them?
If not, it’s easy to see the original information if you know where to look and then you might as well not have redacted them at all! This doesn’t just apply to ‘Top Secret’ documents anymore, it also poses a problem under GDPR.
For example, it’s easier to redact personally identifiable information (PII) you don’t want to share when sending a document to third parties or externally. Rather than getting consent from each user or changing your document (or database) altogether.
But.
Some people have been making mistakes. The ICO reported that in Q4, failure to redact data was one of the most common types of data security incidents. So, ultimately, if you don’t delete the metadata on redacted documents it can lead to a data breach! To remove the risk, it’s best to remove the metadata. Here’s how it’s done:
Delete Metadata on Redacted Documents in Word
Select and open the Word document you want to remove the data from.
Click on the “File” tab and select “Info” from the menu.
Choose “Check for Issues” and select all the data you want to check the document for:
Comments, revisions, and versions
Properties and personal information
Headers, footers, watermarks
Hidden text
Document server properties
Custom XML data
Ink
Click “Inspect” and review the results.
Choose “Remove all” to strip the document of metadata.
Delete Metadata on Redacted Documents in Excel
Select and open the Excel workbook you want to remove metadata from.
Select “File” > “Info” and under “Check for Issues” choose “Inspect document.”
Select the data you want to check:
Comments and annotations
Properties and Personal Information
Hidden rows and columns
Hidden worksheets and names
Custom XML data
Invisible content
External links and embedded files
Macros
Cached data
Choose “Inspect” and review the results.
Select “Remove all” on each type of information you want to remove.
NOTE: If an Excel workbook was saved as a shared file, some information can’t be removed. This includes document properties, personal information, comments, annotations, headers, and footers. To remove these, you first have to unshare the workbook. Should you remove hidden rows and columns with data, this can affect calculations and formulas.
Delete Metadata For PDFs
Unfortunately, in the free version of Adobe, access to metadata is limited. So whilst you can view the properties, you can’t edit or remove them. To remove you’ll need a subscription to Adobe Acrobat XI or a specialist tool. But, here’s how to do it with an Adobe Acrobat XI license.
In Adobe Acrobat XI, locate the Tools panel in the top right corner.
Open the “Protection” tab and locate the “Hidden information” heading.
Select “Sanitize document” and click “OK.”
To choose what to delete, select the “Remove Hidden Information” option.
Name your file and click “Save.”
Delete Metadata on Redacted Documents in PowerPoint
Select and open the Powerpoint presentation you want free from metadata.
Under the “File” tab, go to “Info” > “Check for Issues” > “Inspect document”
Select the data you want to check:
Comments
Properties and personal information
Revision data
Custom XML data
Off slide and invisible content
Macros
Click “Inspect” and wait for the results.
Click on “Remove all” on all the information you want gone.
Delete Photo Metadata
Okay, this one might be a bit of a stretch as far as GDPR is concerned, but we figured we might as well show you how to do this as well whilst we were here! Also note that you can access photo metadata if you’re adding it to a document, so you’ll need to remove it before adding to a redacted document.
Right-click the image file and go to “Properties.”
Go to the “Details” tab.
Select “Remove properties and personal information.”
Select which data you want to remove.
Although it might seem like a faff! Incorrectly or failing to redact documents properly will lead to data breaches. Particularly when sending files publicly! so, delete metadata on redacted files and you should reduce your risk significantly.
Whether you’ve had a data incident in the past and you need to write your report ASAP or you’re being proactive about the future, our Data Breach Report Blueprint has everything you need to write a comprehensive report, and more importantly, understand how to analyze the data breach from a business perspective and stop it happening again.
Whether you’ve had a data incident in the past and you need to write your report ASAP or you’re being proactive about the future, our Data Breach Report Blueprint has everything you need to write a comprehensive report, and more importantly, understand how to analyze the data breach from a business perspective and stop it happening again.
X At Towerwatch we use cookies to improve your experience. Please accept these to continue, you can adjust these cookies or turn off non-essential cookies in the cookie settings. Accept, Continue To SiteSettings
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.