Category: Information Security

Posted on by

How to Secure Microsoft 365 for Remote Working

secure Microsoft 365 graphic

It seems that remote working won’t go away after the pandemic passes. In fact, organisations in most industries are working towards making it a permanent and viable option. 

Large enterprises and corporations like Facebook and Google plan to keep the model for a while. While others like Twitter, Slack, and Zillow decided to allow (most or all of) their employees to work from home permanently. Their decision-making points towards the likeliness of remote work becoming a permanent option in most companies.  

SMBs looking to secure work from home 

According to Intermedia’s survey, small to medium business owners believe the remote work model will stay permanently. The survey indicates there is an overwhelming preference in keeping remote work as a long-term option. With 57% of SMB owners stating that employee availability and life and job satisfaction have increased, and citing a drop in overhead costs as a benefit that enabled them to stay afloat during lockdowns. 

Those SMBs deciding to embrace the model are in the midst of preparations to make remote work permanent. 

The Microsoft 365 suite is heavily used among SMBs, as their subscription model offers industry-leading functionality at a reasonable price. With access to security and operational features previously available only to enterprises, Microsoft 365 also includes cloud-based services that can be used from anywhere. Making the suite a perfect choice for work-from-home teams. 

Compliance remains a core concern for work-from-home protection

Remote work comes with a new set of risks, especially for cybersecurity. Compliance acts and regulations don’t differentiate between in-office and remote work. 

They require that you have secure working-from-home policies for sensitive information and data, and that you secure staff when working from home. 

The most common regulations to comply with include: 

  • Health Insurance Portability and Accountability Act (HIPAA) for businesses offering health services 
  • EU’s General Data Protection Regulation (GDPR) for all businesses processing and handling personal data from EU citizens
  • California Consumer Privacy Act (CCPA) for all California-based businesses and those doing business in California
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) for everyone handling personal data from Canadian citizens

These acts require you to comply with Information Security Management Systems (ISMS) standards, most notably the ISO/IEC 27000 series, as well as the Payment Card Industry (PCI) Data Security Standard (DSS) for those who take card payments online. 

SMBs often struggle with acquiring the right security solutions because the budgets are low. 

Remote work and software spending

The graph below shows how expectations on software spending have changed from March to May 2020. 

As the impact of the pandemic stopped being an unknown variable, respondents have revised their expectations on spending, which is indicated by less spending than initially expected. 

Statistic: COVID-19 impact on software spending worldwide 2020 (Survey results comparison: March, April & May) | Statista
Find more statistics at Statista

While the highest percentage of respondents (40%) initially stated they will increase their spending on software, in May, 44% reported there were no changes compared to spending during the previous year. 

And while the overall spending seems to stay the same, there are big shifts on what type of software the funds are allocated to. 

Statistic: Where are businesses increasing software spending? | Statista
Find more statistics at Statista

With working from home being the new norm, conferencing takes the lead, followed by collaboration, remote desktop tools, and security software. 

Work-from-home protection is an important concern for SMBs, and as the newest data from Microsoft shows, everyone is trying to speed up their cybersecurity digital transformation. 

So how can you protect all the Microsoft 365 documents and communication that you work with daily when everyone is using different networks and devices to access it?

How to protect Microsoft 365 when working from home

In our experience, the most efficient option to cover both of these is to use Advanced Microsoft Information Protection (MIP), as it has the best cost-benefit ratio. 

Microsoft Information Protection uses built-in capabilities from Microsoft Office 365 and Windows 10, as well as additional solutions provided by Microsoft, to secure Microsoft 365 and all the digital information and data you work with in your business across the whole playing field: in the cloud by using Cloud App Security, as well as on devices and on premises. 

It allows you to detect sensitive information and locate where it’s currently stored, secure documents as soon as they are created, and even ensure that you dispose of them in a secure manner. 

What Microsoft Information Protection can do for SMBs: 

  • It will secure Microsoft 365 apps and services you use and all your business information from leakage.
  • It blocks malicious actors from access, and doesn’t allow access to untrusted actors.
  • The automatic classification protects all documents based on the criteria, trigger words, and phrases you set up. 
  • It actively tracks data through its lifecycle and gives you insight into who has access to data and a log of who accesses it and what they are doing with it.
  • It helps your employees stay productive and learn about working from home best practices. The system will suggest labels and teach them how to use and apply them correctly. 
  • It gives you overview over information flow, with valuable insight on patterns of data usage inside of your organisation. 
  • This allows to spot anomalies in data usage and access, enabling quick detection of potentially harmful actions by actors or malicious software.
  • It keeps all data secure even when sharing with vendors and third parties by not allowing forwarding, downloading, or copying information shared with them.

Such capabilities extend beyond securing your data – it also keeps your staff secure from making errors while handling data, and all the vendors you work with by not allowing them to forward any information you share with them further. 

Once set up, you’ll have a system that performs well in the cloud, covering the need to secure remote working, but on premises too, once you decide to go back into the office. 

See MIP in action with our email demo video here:

Why you need to secure Microsoft 365 for remote working

When you secure Office 365, you and your team can do remote work securely and are saving time and money. But that’s only one benefit of using such an extensive system: 

  • No changes in workload: The automatic classification and encryption of all documents you work on and share with remote staff, contractors, and other third parties means there is no need to increase workload for your staff and spending time on complex manual security checks that they need to learn to apply. 
  • You will secure Microsoft Office through compliance: Classification and encryption executes on the cloud level too and protects against human error, one of the most common reasons behind data leaks. Securing Microsoft 365 for remote working also helps you be compliant with all regulations. 
  • Security travels: The cloud-based protection extends beyond business devices – the protection remains with documents and data and travels with them, ensuring they are secure even if they end up in the wrong hands. 

Secure external consultant documents for Microsoft 365

Working with external consultants increases risk of data leakage and breach, since you are relying on them to practice good cybersecurity. 

Instead of hoping they are doing a good job, you can secure Microsoft 365 documents sent to and used by external consultants through MIP. With auto classification, the options for downloads and further sharing will be disabled, ensuring the data can never be accessed by anyone but your external consultants. 

Secure internal sensitive and confidential information when working from home

Secure Microsoft 365 data with MIP’s extensive labeling and trigger system based on labels. You can classify all information into specific categories, and set up sensitivity labels for each of those categories. 

The trigger system activates based on the rules you set up. For each rule, there is a condition that must be met in order to trigger the second part, the action, something that will happen automatically when the condition is matched. 

For example, when a user without permission tries to access a sensitive document, the rule sends an email to the user and administrator of your system about the incident. 

Whenever someone creates a new document, no matter where within your organisation, it will automatically be protected based on the category and labels applied to that type of document. 

These labels are document-based, meaning they persist with it and are transferred anywhere the document ends up. If the document ends up being in an insecure environment, your security policies will continue being enforced, and won’t allow usage by anyone who isn’t a trusted source. 

The system allows you to track all data and documents as it moves through and outside of your organisation. In case you ever suspect foul play, you will be able to revoke access to the document, rendering it useless to anyone who is trying to get it. 

In such cases, the MIP can, based on your setup, respond with a real-time email alert, or a report on the dashboard.

Microsoft Information Protection includes Data Loss Prevention (DLP) capabilities, with policies against accidental sharing. With it, you can also label documents for information retention, set an expiry time and apply deletion policies that will execute automatically when requirements are met. 

Secure email communication when working remotely

The labeling system goes beyond Office apps, and you can secure Microsoft Outlook in the form of Office 365 Message Encryption. 

It allows you to classify and secure email messages as well. When labeled, the policies for that specific label will be applied to the email. This includes policies such as: 

  • Encryption
  • Watermarks
  • Access restriction
  • Disabling forwarding

The label that is applied will persist with the email and keep security policies on the email even when it leaves your organisation. It helps employees work from home securely by preventing phishing attacks and disclosing information accidentally. 

Secure BYOD for remote working

By having online-only work, your employees will use a number of devices to access business data, like Windows and Mac OS machines and mobile devices. A comprehensive security suite such as Microsoft Information Protection has encrypting standards that will work on all of them. 

If you’re unsure on the right way to secure BYOD for remote working and set up policies, we can discuss other ways of working with BYOD. For example, we offer Windows Information Protection setup services that secure employee-owned devices from data leakage and other security incidents. 

The MIP setup takes time and IT knowledge

Microsoft Information Protection is definitely an all-encompassing solution that addresses the risks of remote work well. It secures access to sensitive data and documents, grants permissions to the right stakeholders, and ensures all your business data is safe even if it’s somehow accessed without authorisation. 

But there is a downside to it: It takes a lot of time to set up such an extensive system for someone who never had to deal with it. Even if you have an IT professional on your team, chances are, they will need to ask for help. Only those with knowledge in Active Directory, a good comprehension of Microsoft licensing, and previous experience with Microsoft or Azure Information Protection itself can set it up. 

One error in permissions and labeling, and you can lock yourself out from your own documents, even if you are the admin. Or if you miss it during setup, the system might not flag important documents correctly, making them easily accessible by someone without permission.

Learn more about how we can help here:

Advanced Office 365 Security for Remote Working

Professional setup saves time and money

Towerwatch has many years of real-world experience with encryption. We have been working with Microsoft Information Protection and setting up automatic encryption protocols for global brands even back when MIP was still known as Azure Information Protection. 

Now you can rest easy knowing it’s set up properly and that all documents and communications are secure. You will efficiently eliminate the risk of costly mistakes that could result in regulation breach fines or loss of customers. 

To find out more about how we can secure your business operations with a future-proof cloud-based solution that will continue working even if you decide to go back into office, book a consultation with Microsoft Global Professionals for MIP, and our initial session HERE

Our initial session is priced at £250, and for this investment, you will not just cover the session cost, but also get a comprehensive overview of the current state of your cybersecurity solution and work-from-home compliance status. When you decide to move forward to the next stage, this investment will also be deducted from the project fee. 

Book your initial session HERE.

Posted on by

Microsoft Azure Information Protection (AIP) Scanner Tool Course

Microsoft Azure Information Protection (AIP) Scanner Tool Course

Our new course on data discovery and encryption with the Microsoft Azure Information Protection (AIP) Scanner Tool is out. Those who enroll in the course will learn all about setting up the AIP scanner and the requirements. They will also learn how to discover and protect your on-prem data.

The Azure Information Protection (AIP) scanner tool provides businesses with a complete data encryption solution. Not only will it help businesses encrypt their on-premise data, but also help them discover, control, and organise their data. 

Why You Need to Learn How to Install and Set up The Azure Information Protection (AIP) Scanner Tool 

With more cyber threats looming about than ever before, cybersecurity has become a pressing issue for any business dealing with sensitive data. Last year’s adoption of the General Data Protection Regulation (GDPR) by the EU also places heavy emphasis on data safety and export of personal data outside of EU and EEA borders. 

Most business owners have security solutions in place to protect the data from unauthorized access by external attackers. However, they seem to forget that many cybersecurity issues start on the inside. The most pressing issues that lead to a data breach are the following: 

  • No clear data organization – Unstructured data is hard to track and even harder to keep safe. 
  • Unrestricted access to every file and document – Not all of your employees need to have access to all your documentation. Data should always be shared on a “need to know” basis. 
  • No tracking on data access and usage – Without a system that tracks how data is being used and accessed, it’s very hard to avoid or detect malicious intent and possible data breaches. 

Why You Should Invest in Data Encryption

Cybersecurity has become a strategy that covers more than just having a firewall and spam protection in place. 

Today, cybersecurity covers everything from encryption to employee education and access control. The AIP scanner tool helps you achieve just that – you will know exactly where your data is, and you’ll be able to label it accordingly. You will also control who has access to it (both inside and outside of your organisation).  

Protect Your On-Premise Data Yourself

Our AIP Scanner Tool course will teach you everything you need to know about the AIP scanner. With 38 lectures divided into eight lessons, you’ll learn how to discover all data locations you keep on-prem (even archived data!). You will also learn how to classify and encrypt it. You’ll learn all about prerequisites to install the AIP scanner and how to set up the virtual environment needed to run it. 

You will become familiar with all AIP scanner modes so you can choose which is the best for your business. You will also learn how to install the scanner and test its settings. This way, you can ensure it’s working correctly before running it on your server, and how to deal with false positives. 

Enroll Today for Lifetime Access

Are you a business in dire need of a good data security solution? Do you wish to broaden your knowledge and install the AIP scanner for others? Enroll today and gain lifetime access to lessons, videos, articles, and downloadable resources that will teach you to successfully protect your data.

Sign Up Here >>> https://www.udemy.com/course/data-discovery-encryption-with-microsofts-aip-scanner/?couponCode=ARTICLE50OFF

Posted on by

How To Create A Secure Password in 2019

You’d be amazed at how easy it is to create a secure password in 2019 and yet so many people don’t! 

Despite the increasing efforts that many websites put into security precautions, it’s a two-way street and users need to catch up and take responsibility too. Weak passwords are still a common way to hack someone, even in 2019.

The National Cyber Security Centre released a list of the most common weak passwords found by analyzing data from 100 million passwords leaked in data breaches. 

The top ten weakest passwords are the following: 

  • 123456
  • 123456789
  • qwerty
  • password
  • 1111111
  • 12345678
  • abc123
  • 1234567
  • password1
  • 12345

Other noteworthy entries near the very top include things like “000000” and “Iloveyou.” The primary spot has been held by “123456” for years now, however. 

A Secure Password in 2019 Should Be Complex, Unique, and Random

The above-mentioned passwords don’t even meet the minimum requirements of what’s considered a safe password nowadays. Today, truly secure passwords will have: 

  • A mix of upper and lowercase letters
  • Numbers
  • Special characters

Don’t think for a second that such passwords are bulletproof. They can also be cracked if you aren’t careful with how you create them. 

Creating a Secure Password in 2019

The following ten tips will help you create a truly secure password in 2019 and avoid the most common mistakes that lead to breaches. 

Avoid simple passwords like the ones on the list above

The fastest way your account will be compromised is by setting a weak password. While it’s bothersome to use all these safety measures like mixing cases and special characters, it’s more irritating to try to cancel credit card payments you never made. 

Don’t use simple to guess data

Avoid putting your name, the names of family members, or even the names of your pets because this is a sure fire way to become compromised in record time. Also, never use your username as a password too. That’s another easy guess. 

Use patterns 

An easy way to recycle a password safely is to switch for a designated number of spaces on the keyboard. For example, if your password was “ThiSisS3cuRe” (This is secure), you can instead use the keys that are one space to the left. Instead of “T” you would use “R” and so on. This will get you what seems like a completely random sequence: “RguSuaA2xzEw.” And yet, you will know how you got it. 

Change passwords regularly

Many people experience a breach because they never change their passwords. Passwords get outdated quickly, and as time goes by, what was once considered complex can now easily be cracked and guessed. 

Some services prompt you to change your password regularly, which is not a bad idea, but many users then choose a simple password to get it over with. That’s a bad practice, and however annoying you might find it, every password change should have a complex password. 

Top Tip: Change your passwords every 6 months and set a reminder on your phone to do it so you don’t forget! 

Use a different password for each account

Never use a master password for all your accounts. That increases risk in case of a breach. Imagine your business email or banking information is suddenly jeopardised because you used the same password as on some random and less secure site. Each account should have its own password. 

Use randomly generated passwords

Google Lock has a password suggestion mode that offers you to create a randomly generated password instead of thinking of one yourself. This is a convenient service, but it can be hard to remember all such passwords without a system behind them.

Don’t write down passwords 

You might find it convenient to write all your passwords on a piece of paper, or in a notepad. Be aware that any type of data that’s not encrypted is not safe. Usually, it’s considered okay for home users to write down passwords on a piece of paper so long as they are kept out of sight (and not taped to the computer!), but never do that at work, or you risk someone using your workstation for malicious intent. 

Find a password manager that suits your needs

If you find it hard to remember all passwords, use a password manager. These are pieces of software that remembers all your passwords so you don’t have to. There are free and paid options available, and some are online, others are offline. Go through reviews to find the best deal for you. 

The point to note here is that you’re storing all of your passwords in one place, so make sure you pick an encrypted system that is extra secure! if you don’t have enough passwords to use a system like this, it’s best to avoid!. 

Use cryptography 

Develop your very own system to encrypt your passwords. One good way to do this is to have a sentence that will remind you of a password. For example, you have a pet cat and wish to base your password off of it. Instead of using your cat’s name mixed with a few numbers, use a sentence such as: 

  • “My cat Garfield loves lasagna.” and then encrypt each part: 
    • My cat Garfield = McG
    • Loves = <3
    • Lasagna = LsgnA
  • So your password will be “McG<3LsgnA”

Use two-factor authentication

Reduce the risk even more and use two-factor authentication in addition to having a strong password. On the off chance that somebody manages to crack your super complex password, two-factor authentication will keep them from doing anything else. 

Such authentication is bound to a token or a phone app that generates a random string of (usually) six numbers that rotate every 60 seconds, which are unique to your account. Without this second step to prove it’s really you, hackers won’t be able to access your account at all. 

Cybersecurity Rests on You Choosing a Secure Password in 2019 

Hackers are finding new ways to get to your data every day. Don’t let your password be the weak link that will give them access to everything else. Want to learn other ways to protect your computer? Check out our latest course here >>> PROTECT YOUR COMPUTER FROM GETTING HACKED COURSE <<<

Posted on by

Data Discovery as an Important First Step in Cyber Security Implementations

feature image for data discovery in cyber security implementations post

Data security is the staple of a successful business in this era, and most businesses invest into at least basic cyber security. After all, it’s much more affordable when compared to the aftermath of a data breach. Before you implement security measures that will keep your business and reputation safe, you should know what type of data you deal with, and you can do that with data discovery tools.  

What’s Data Discovery and How Does It Help My Business?

The importance of data discovery in cyber security is experiencing rapid growth because of stricter regulations like the General Data Protection Regulation(GDPR) that mandate all businesses should be well aware of what kind of data they collect and how they use it. But what is data discovery anyway?

Data discovery is a business process of collecting and analysing data to gain insight into trends and patterns. This insight helps businesses shape their critical business decisions.

And while most businesses today will happily collect data to make data-driven decisions, they will often fail to store and protect that data in a systematic and logical manner.

This causes two critical issues:

  1. When data is disorganised, it will impact data analysis and affect the end result, which can lead to bad business decisions.
  2. Disorganisation also increases the risk of data being accessed by unauthorised entities, either through a data breach or because it was accidentally disclosed by an employee.

Data discovery helps businesses not only collect and analyse data, but it also shows them where and how data is stored and who has access to it, which gives them a good idea of how safe that data really is.

Data Discovery in Cyber Security

Because data discovery provides quite a number of benefits to a business, it’s safe to assume it can help with cyber security too. So what’s the best way to use data discovery in cyber security, and what benefits will this bring?

It is the first step to becoming GDPR compliant. Businesses gather all kinds of data to gain insight into the latest trends and preferences, and for this purpose, they often store sensitive data from their users and customers.

  • GDPR requires that ALL businesses that deal with personally identifiable information (PII) from EU citizens to disclose they are using and storing this data.
  • In addition, they must have consent from the user/customer to store all that data, and keep records of consent too. If they don’t, they are not allowed to store it.
  • Any type of data that can lead to the identification of an individual falls into this category: name, address, online identifiers, ID numbers, IP addresses, even cookie identifiers.  

It helps you implement the right cybersecurity measures. It can be hard to choose which cybersecurity measures are the best option for your business.

  • Firewalls and secure networks are a good start, but without implementing data discovery in cybersecurity, you won’t have a structured overview of your data, or who has access to it.
  • Considering that human error is the most prevalent reason for a data breach, limiting access to data and keeping it on a “need to know” basis is a sound defense against such errors.
  • This also helps you implement data encryption that limits further data sharing and disclosing it to somebody without the right authentication.

It helps you identify security threats quickly. When you have a unified and structured overview of your data and can see who accesses it and in what way in real time, you can quickly respond to any type of threats.

  • Machine learning and AI solutions can help you automate this process and monitor users’ access and detect any anomalies.
  • For example, if there is a sudden surge in data access from a specific access point, you will get a warning to investigate. In case you determine there was indeed a breach, the scope of the breach will be very limited.

Data Discovery Brings Your Cyber Security to a Whole New Level

With increasing volumes of data flowing through your on-prem or cloud data centres, you need solutions that will not only give you insights into trends but what type of data you have, where it’s stored, and how many of your employees have access to it. By structuring your data according to sensitivity levels and implementing solutions that limit access and keep a watchful eye on how it’s used, you will be able to thwart cyber security threats before they become a problem.

Learn more about data discovery by using Microsoft’s AIP scanner in our Udemy course now available at a discounted price.

Check out the TowerWatch Academy for more courses!

Posted on by

11+ Ways to Improve Your Email Security Today

finger pointing to a padlock - improve your email security tips

Email accounts are used as the most common point of entry by hackers to get access to networks and either disrupt services, steal information, or spread malevolent software to more accounts. But, if you improve your email security, you can prevent this!

So, What Is Email Security?

Put simply, email security is a term that encompasses all the measures taken to secure access to an email account and contents of all emails of that account.

15 Ways to Improve Your Email Security

Email accounts are fairly easy to hack, simply because of the sheer number of email accounts there are. With everybody having at least one account, a simple error like clicking an infected link is often enough for them to gain access.

Coupled with a lack of knowledge, some people are easy targets, and can be the weak link for businesses or home offices to get a malware infection or lead to a security breach.

This is why it’s important to be up to date with email security measures and be able to spot hacking attempts.

Here are some of the ways you can improve your email security and help keep your personal and business data safe.

1. Use Strong Passwords

Weak passwords are one of the simplest ways to get access to an email account.

Often, people use simple passwords out of convenience, but this makes them more vulnerable. Most services won’t even let you have generic or weak passwords anymore and demand that passwords have at least eight characters, must include upper- and lowercase letters, at least one number, and one special character.

Our tips for strong passwords include:

  • Avoid using meaningful passwords – like the name of your spouse, children, or pets, birthdates, and similar. It’s best to use everyday items that don’t have much meaning. For example, look around your room or office and pick an item or two, then use them to make a password.
  • Change your password every 3-6 months. Set a reminder on your phone or work calendar to do so.
  • Avoid leaving all of your accounts logged in on multiple devices ALL of the time.
  • Don’t write your password down and stick it to your desktop screen! (it happens more often than you think!)

Think it’s hard to steal your password? Read this:

How Easy It Is To Steal Your Outlook & 365 Password

2. Use Two-Factor Authentication (2FA)

This puts an extra layer of security in addition to a username and password. It makes it harder for attackers to gain access. With 2FA, the user, after putting in their username and password, also has to input additional information, such as an additional PIN or password, or a security token.

3. Avoid Logging In to Free Wi-Fi and then Signing into an Email

While free Wi-Fi sounds great in theory, in practice, it’s chock-full of hazards. Using public Wi-Fi puts you at risk of being hacked, as hackers might be using the same network to gain access to other devices – if you log in to your email account, they can easily get access immediately.

If you truly need internet access out in the public, it’s best to use your phone and tether a connection instead (just make sure you use encryption while doing so).

4. Use Professional/Paid Services and Avoid the Free Ones

While free email services are convenient (for example, Gmail), they don’t have all the features you might if you’re a business. Always opt for professional and paid services (for example, G-Suite email services) as they have priority support and better security features.

5. Educate Yourself

One of the best ways to stay secure is to be aware of all the risks and ways hackers might try to get access to your email. It’s extremely important for businesses to train their staff as well, to minimise the risk of someone accidentally clicking an infected link.

6. Use Anti-Virus That Includes an Email Scanner

Anti-virus software will scan your device for malevolent activity, but it’s not a bad idea to get AV software that also includes an email scanner. Such scanners will actively scan all links and email attachments and alert you about infected items.

7. Don’t Click Links from Emails and Don’t Log In on Email Pop-Ups

If you are unsure about a link from an email, never click on it. The link might lead to a site that downloads and installs malevolent software to your device. Any pop-up window that requires you to log in to your email is likely a scam too. Always log in through the actual service.

8. Check the Original Sender

If you receive an email that seems to be a bit off, always check the sender. Often, the sender name will be spoofed to make you believe they are someone else. You can do so by hovering over the “From” to see the actual email address and not the name of the sender.

9. Help Your Provider

Every time you mark an email as spam or junk and report them, you help your provider filter the emails better in the future. This way, harmful emails will never even manage to reach the inbox.

10. Be Careful Signing Up for Things.

Using the same email for all the services – from those you use regularly to some obscure mailing lists, is always a bad idea. Always have a “throwaway” or temporary email address for services or websites where you only need one-time access.

11. Check Who Has Your Email

Never share your email on just any websites or public places. Also, avoid posting to public forums with your main email address to make sure it’s not collected and ends up on spam lists.

12. Protect Sent Emails

Use encryption services to protect all sent email. Some services even make it possible to see the email only if the recipient has an authentication code, and you can redact access at any time you see fit. We use Microsoft’s Azure Information Protection and recommend it to our clients for automatic email and file encryption.  

13. Be Careful What You Share Online

Avoid sharing personal information that could give hackers an idea on what you are using as a password! And I’ll say it again, don’t use obvious personal information as your password!

14. Run Regular Backups

With so many ransomware attacks happening lately, make sure your data is backed up regularly, just in case!

15. Be Careful About Apps

Avoid installing apps from third-party sites on your computer, browser, or phone. They are often infected with malware. Instead, only download from trusted sources, and always regularly update them.

These are all ways to improve your email security, whether you’re a personal user, have a business account, or are looking for organisational email security! Just remember, the more measures implemented, the higher the security of an email account.  

Posted on by

How Much Does Azure Information Protection Cost?

How much does Azure Information Protection Cost Feature Image

UPDATE: 22/10/2020 – Azure Information Protection is now referred to as Microsoft Information Protection as they’ve updated the product. There are also ways you can save on licensing and pricing when it comes to implementing MIP, which is something we’ve learned in our years of experience. So if you want to have a free chat or consultation, please get in touch.

With increasing cyber security threats, as well as GDPR (General Data Protection Regulation), having taken effect from 25 May 2018, businesses need to protect their sensitive data.

One of the ways we recommend to our clients is by using Microsoft’s Azure Information Protection (AIP) as a way of protecting and automatically encrypting sensitive information. But, a common question we get asked from unsure businesses, is the bottom line:

‘How much does Azure Information Protection cost?’

This article explains the breakdowns of pricing, as well as the effect your business will have on the price, to hopefully make it easy to understand!

How Your Requirements Affect Azure Information Protection Price

The pricing of Azure Information Protection is different for every business, and will depend on::

  • The Office 365 Suite you have – If you don’t have an Office 365 subscription, you will have to choose one that includes Azure Information Protection or get AIP as a stand-alone subscription.
  • Your business size – Because the price is calculated on a ‘per user’ basis, the higher the number of users, the higher the price.
  • Your business requirements – This is mainly on the AIP modules you will use. The more modules you use, the higher the price.

Azure Information Protection Cost Breakdown

Azure Information Protection consists of two parts:

  1. The classification and labelling of data
  2. The encryption and rights management (RMS)

To be fully protected, you will need both.

There are several Office 365 subscriptions that include the Azure RMS option. AIP is part of the:

  • Office 365 Enterprise E3
  • Office 365 Enterprise E5
  • Microsoft Enterprise Mobility + Security E3 and E5 plans.

If you have a plan that is not included above, you can still get Azure Information Protection without switching. AIP RMS is available as a stand-alone add-on that can be purchased separately.

There are three pricing groups for Azure Information Protection:

  • AIP for Office 365 – £1.50 user/month
  • AIP Premium P1 – £1.60 user/month
  • AIP Premium P2 – £4 user/month

Azure Information Protection Business Costs

The pricing for Azure Information Protection is calculated as follows:

(Office 365 plan cost/month per user + AIP cost/month per user) x Number of Users = Total Monthly Cost.

Here’s an example:

You have an Office 365 Enterprise E3 Subscription – the price is £17.60 per user/month.

You also need the Azure Information Protection Premium P2 – the price is £4 per user/month.

The total price per user per month is £21.60.

You have 50 users, so the price will be £21.60 x 50 = £1,080 per month for all your users.

How to Buy Azure Information Protection?

There are two options when buying Azure Information Protection:

  1. You can get it as a stand-alone option
  2. You can buy it as an integral part of the Microsoft licensing suite, such as the Microsoft 365 Enterprise or the Enterprise Mobility + Security Suite.

The license for AIP can be bought in the form of a user subscription directly on the Microsoft website, through the Microsoft Enterprise Agreement Volume Licensing program or through the Microsoft Cloud Solution Provider program.

Are you unsure on which Azure Information Protection package you need? Contact us and we can help determine which AIP deal is the right fit for your business needs to secure your data. Then, implement it with you.

Posted on by

The Different Tactics Hackers Use to Gain Access to Your Computer

We’d all like to think that hackers are spending weeks on end planning their every move to attack a business but the truth of it is nowhere near as exciting. Although this could happen to a big target, for most people it’s a lot more boring and they get ‘accidentally’ caught in the net as hackers looking to make a quick buck send out malware or ransomware hoping someone will fall into the trap.

That doesn’t mean the effects aren’t any less devastating!

So, to make sure you can protect yourself, let’s look at the various different tactics hackers use to try and steal your business’ data.

1. Relying on Human Error

We’re sorry to say that lack of education in businesses and human error by employees account for a large portion of breaches in our experience. For example, employees attempting to access internal systems from unsafe locations, using personal (infected) devices on the network, or clicking malicious links in an email. Hackers cast their net far and wide, and the likelihood is someone will click something and open the door. And that’s all they need. 

Hackers also pray on the lack of oversight from business owners on their employees. According to Keeper Securities’ State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report from 2017, 59% of small businesses do not have insight into the types of passwords employees use. This means that although the company is liable for a breach, they aren’t enforcing or even aware of the security standards of the passwords in use. 

2. Phishing

Phishing is one of the most common tactics hackers use. This is usually in form of an email that is spoofed to look like it’s coming from another sender, like your bank, or ISP. It will urge you to act immediately or you might lose your account, money, or face infractions. 48% of hacks on companies last year found that phishing or social engineering were the result.

Here are the warning signs you need to look out for in a phishing email

12 Warning Signs Of A Phishing Email

3. Public/Free Wi-Fi

Public computers and Wi-Fi networks are notorious for being plagued with malicious software that “sniffs” for data packets while you are using them. You risk losing your account data as soon as you type in your password. 

4. Phone Calls

Surprisingly these still work and is still one of the tactics hackers use! Hackers have been known to ring you claiming to be your bank or an organisation you’re affiliated with and ask you to confirm details over the phone. For example, banking pins or passwords as well as talking to you about family data or information, like your mother’s maiden name to get the ‘security question’ answers or take a stab at your password. If you feel a phone call is suspicious, never hand over your data, simply tell them now isn’t a good time and hang up.

5. Weak Passwords

Lazy, generic and consequently weak passwords are the easiest way for hackers to get access to your accounts. Many small business owners admitted that, while they still have password strength policies, 68% do not enforce them. A generic or commonly used password like 12345, makes it easy for hackers to gain access to your email or computer.

Check out our article below on protecting your password from hackers:

How To Protect Your Email Password From Hackers

6. An Out-of-Date OS

While nobody likes how long OS updates take, they exist for a reason: to address flaws within the code that can potentially be exploited. Without regular updates, you enable easy access to hackers who are aware of the weak points.

7. Infected Attachments

It’s not just the links you should be wary of in an email. Masked to look like images or documents, they often carry viruses, malware, or spyware, like a keylogger that will install to your device and record your every keystroke to get your passwords that way.

8. Dodgy Devices

Be wary of those free devices being handed out to you as “freebies” in many cases, hackers can load malware or keystroke loggers on them so that when they are entered onto the computer they immediately infect it.

9. Pineapples – Spoofed Wi-Fi Points

A Wi-Fi pineapple is a fake Wi-Fi access point that has been purely set up to steal your data but it masks as public Wi-Fi. From the hacker’s point of view, they have multiple programs and software running to gain access but to the unsuspecting user, they just jump on as usual and voila, instant access to your data.

10. Unsuspecting Accessories

Your new smart lock, phone controlled thermostat, camera that is enabled to a network, card reader or any other online accessory all have access to your network. Hackers can use these as easy points of entry if they aren’t protected correctly to access your network and get to your data that way!

Unfortunately, we’ve only just scratched the surface of tactics hackers use to access your data and your files, and this is why we are firm advocators for using file protection as part of your cyber security strategy. That way, hackers can’t access the data from your files once you’ve been breached, therefore protecting the data stored within them.

To get automatic file and email encryption for small businesses using Microsoft’s Azure Information Protection, click the image below to get half off our course on udemy:

file and email encryption course image. click to take you to the course
Posted on by

How “At Risk” Small Businesses REALLY Are to Cyber Attacks

busy coffee shop as a small business

Running a small business comes with a very specific set of challenges, like having limited resources, and often cyber security falls to the bottom of the list. But, the cost of a data breach, no matter the size of your organisation can be huge and the bad PR or image alone could be crippling as small businesses have to rely on reputation! 

Why Would Anyone Target Small Businesses?

Many small business owners don’t understand why their company would be an appealing target for hackers. They are small, don’t have vast funds or sensitive secrets that anyone would care about. They believe they are not big enough to be a target, so they don’t invest as heavily in cyber security as larger businesses do.

Some hackers do not target small businesses specifically but try to infect as many devices as possible, and without protective measures, backups in place, or the education, small businesses can very quickly become victims too.

The most common type of tactic that casts a wide net are ransomware attacks and more recently, cyber-attacks are becoming more targeted and specific.

The top 3 reasons why small businesses are targeted specifically by hackers are:

  1. The lack of investment into security makes it too easy for those looking to make quick money by selling details. 
  2. Small businesses often work with larger enterprises and if they’re not careful can serve as a point of entry for a large data breach.
  3. A small business is more likely to meet the hacker’s demands, such as a ransom, to get their data back because without it, their business is at a standstill. 

Cyber-attacks against Small Businesses are on the Rise

According to Keeper Securities’ State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report from 2017, attacks against small and medium business owners are on the rise. A staggering 61% of small businesses that were interviewed reported they were affected by a cyber-attack. The most common type of attack included phishing or social engineering, with web-based attacks and general malware following closely behind.

What Small Businesses Should do to be Safe from Cyber Crime

Change of stance is the most crucial thing.

If small business owners continue to believe they are not a good target to hackers and believe they don’t matter, they will continue to be vulnerable to cyber attacks. Small businesses should focus on the following areas:

  • New Technology and Software – Investing in the newest software solutions can give small businesses the edge that they need to catch breach attempts early. Machine learning can detect anomalies in network traffic or credit card fraud attempts so that small businesses don’t have to pay as much attention. 
  • Employee Education – Teaching employees about cyber security lowers the risk considerably. Get them on board about it and teach them about password policies, what makes a strong password, why password sharing is risky, and signs that indicate a possible breach. Check out the TowerWatch Academy for regular courses that you might need for educating staff and using protection software. 
  • Regular Updates and Patching – Ensure all your systems are up to date and patched regularly. New patches are applied to parts of code that could have been used as points of entry before the patch which is why you should always keep up to date. 
  • Use Encryption – Encryption is a precaution in case a data breach happens. If hackers get to your data, having it encrypted will render it useless to them. 
  • Physical Security – Have surveillance in place in areas where you keep your sensitive data to avoid malicious actions from the real world.
  • Two Factor Authentication – In case a cyber attack is successful in getting credentials to log in to your system(s), a two-factor authentication will stop them from getting further than trying to log in and will immediately alert you so you can lock it down and change your passwords. 

If you need any help or support protecting yourself as a small business from cyber security attacks, join our free Facebook community for IT support for your small business.

Posted on by

Top 10 Software and Tech Solutions for Small Businesses

Don’t shy away from technology in your business! It’s time to get acquainted with some of the best software and tech solutions for small businesses at the moment.

1. Encrypt emails for free with My Protected Mail

Of course we’re going to start with one of our own products! The introduction of GDPR has placed a renewed emphasis on email security. All small businesses have a duty to protect the data of their customers, clients, and employees. A reliable, straightforward way to protect data sent electronically is to use encryption.

Encrypted emails can only be viewed by the sender and specified receivers; they are protected from interception, even when an email is forwarded.

My Protected Mail is a tech solutions for small businesses that does this for free. There’s no software to install; simply send your email to a dedicated mailbox, and the platform will issue a Microsoft Protected Email that can be accessed only by the intended recipient. There’s also scope to add enhanced features for a reasonable monthly fee for developers to encrypt web portal or app communication. Try My Protected Mail here.

2. Defend your business from online attacks with Acronis Ransomware Protection

Ransomware attacks, in which malicious software blocks access to devices with the aim of extorting money from the owner, can completely devastate a small business. Not to mention the risk of a data breach. It’s critically important to proactively prepare; you can find out more by clicking here.

Ransomware protection software mitigates this risk, and it doesn’t have to cost the earth! Acronis Ransomware Protection monitors suspicious behaviour, blocks malicious applications, encrypts files, and recovers damaged data; all for free.

3. Organise every aspect of your business with Asana

Asana is a project management platform that helps your entire team to stay organised and efficient. It allows you to create projects and tasks, assign team members, set deadlines, allocate documents, run reports, and myriad other jobs. It’s suitable for use on computers and mobile devices; even when travelling, you can keep on top of your business!

Asana also interacts seamlessly with 100 other platforms, helping to manage emails, files, calendars, workflows, and dozens of other tasks from one place, simplifying your business processes.

4. Take storage to the cloud! 

Cloud-based storage has proven itself to be a reliable and economical alternative to traditional hard drives and servers. The key benefits to small businesses include cost-effectiveness, automatic backup and recovery, remote accessibility from all devices, and no ongoing server maintenance.

There are countless services to choose from, but our favourites are Dropbox, OneDrive, and Google Drive. All have common features, such as free storage (although the amount varies; 2GB for Dropbox, 5GB for OneDrive, and a whopping 15GB for Google Drive), document collaboration, link sharing, and file privacy. You can also upgrade to a monthly plan for expanded storage.

5. Automatically guard sensitive information with Azure Information Protection

Azure Information Protection (AIP) from Microsoft is a cloud-based tech solutions for small businesses that automatically encrypts emails and files. The system is managed across all Office applications using labels, which are configured to detect sensitive data and protect it. For example, if a credit card number is entered into an Excel spreadsheet, a rule can be set up to prompt the user to protect the information automatically.

Traditionally this can be quite difficult to set up for small businesses, but we created an Azure Information Protection for Small businesses online course to make it easy for you, regardless of whether or not you’re a techie!

6. Bring the team together with Zoom video conferencing

No matter how scattered your team is, video conferencing fosters the collaborative spirit that can otherwise be absent when working remotely. You needn’t be together to succeed together.

Zoom is a complete video conferencing service that includes high-definition online meetings, webinars, instant messaging, document sharing, whiteboards, virtual breakout rooms, calendar integration, and analytic data for meeting organisers. It can be accessed from computers and smart devices; so travelling team members can still participate!

There’s a free version of this tech solutions for small businesses with essential functionality that may be suitable for some small businesses, or there are monthly packages that include expanded features.

7. Protect your business with ESET antivirus

Malware attacks can be extremely disruptive to small businesses; leading to potential loss of files, equipment, and revenue. A high-quality antivirus is therefore essential.

ESET has a strong reputation for keeping computer equipment safe from malware, including viruses, ransomware, rootkits, worms and spyware. It’s easy to use, low in power-consumption, and backed by 30 years of experience and 110 million global users. A free trial is available, with the full version priced from £29.99 per year for one user.

8. Clean up your computer with MyDefrag

When we create files on a computer, they are broken up by a process called fragmentation; this is completely normal, and helps files to fit on a hard disk. However, repeated fragmentation makes reading and writing files a chore for your computer. Defragmentation is essentially a spring clean; a process that puts files back together, boosting your computer’s onward performance.

Windows comes with a built-in defragmentation program, but there are more efficient alternatives. MyDefrag is the best of the bunch; it works quickly and can accommodate external storage. Ultimately, this nifty little program helps your business to avoid slow equipment, repairs, and replacements. For more ways to speed up your computer’s performance, check out our free course here.

9. Cut your phone costs with VoIP

Voice over Internet Protocol, or VoIP, is the technology that facilitates phone calls via the internet. It’s cheaper to make calls by VoIP than a standard landline, and you’ll notice a huge improvement in sound clarity.

The best VoIP service for small businesses in the UK is VoipFone; it’s easy to set up, with excellent customer support, reasonable prices, and a free trial. Global businesses looking for similar features are recommended to try Ring Central or Vonage.

10. Keep on top of your finances with online invoicing

Invoicing is a critical aspect of small business management; online solutions make the process efficient by collating due payments, generating invoices, sending them, and overseeing the collection process.

Invoices contain sensitive information, so it’s important to work only with a trusted platform. Check out this post to find out how small businesses should protect their financial security when using online invoicing.

The most reputable platforms are Freshbooks, Due, Invoicera, And Co. and Harvest. All have at least one free option, whether a trial or essential version, and each has paid subscriptions, which vary in price according to the features you need.

Need help with your IT or tech solutions for small businesses or have a question on software to suit your small business? Join our free support community here.

Posted on by

How To Protect Your Email Password From Hackers

*This article originally appeared here on LinkedIn* How To Protect Your Email Password From Hackers

In my previous article I have showed how easy it is for hackers to get your outlook & 365 password.

The method I showed requires the hacker to be on the same network as you (WI-FI or Local) but usually hackers will use much easier way to obtain your password:

Spearhead phishing & Social Engineering is very effective and works from my experience in many cases – they are waiting for you to be a off your guard for a second and then they will get your email password (you will give them the password … )

There are several very easy steps that from my professional experience reduce the risk significantly:

The basics:

  1. Don’t be cheap and use a business grade email solutions like Microsoft 365 or Google Apps – you are paying for added security / traceability and support. the worst Hacks i have seen are always with “Free” email accounts such as Yahoo, Gmail and such where you don’t have a real “point of contact” when you need help
  2. Use complex passwords (Example@78!) – don’t use the same password you use for other service !

Use the Advanced feature that the business grade solutions offer you – use 2 Form Authentication (for more information, visit our 2-Form Authentication post for an in depth look at this.)

Use 2 Form Authentication – it will require you provide another authentication via SMS / APP and will make it MUCH more harder for the hacker to hack your email account

Both Microsoft and Google offer 2 Form Authentication solutions,

Microsoft 2FA

Google 2FA

both of them will require you to provide a one time password via SMS / APP when you login.

Both of them also support “APP Password” that will provide you a one time password for your APP ( such as outlook ), This is very useful to avoid the type of “Men in The Middle” attack I have shown in the previous article

Generally speaking Hackers usually search for the ” weak link ” in the chain – dont let it be you – do what ever you can to make it complex for them so they will move on to another person / company.

Never say it wont happen to you… when it does it hurts more and you will regret not taking the basics steps to protect yourself and protect your email password.

Written by Eli Migdal, CEO of TowerWatch Solutions Ltd (UK) and founder of Migdal Computing Solutions Ltd (Israel)