TowerWatch Academy Archives

Posted on September 27, 2019July 31, 2020 by Eli Migdal

Microsoft Azure Information Protection (AIP) Scanner Tool Course

Our new course on data discovery and encryption with the Microsoft Azure Information Protection (AIP) Scanner Tool is out. Those who enroll in the course will learn all about setting up the AIP scanner and the requirements. They will also learn how to discover and protect your on-prem data.

The Azure Information Protection (AIP) scanner tool provides businesses with a complete data encryption solution. Not only will it help businesses encrypt their on-premise data, but also help them discover, control, and organise their data.

Why You Need to Learn How to Install and Set up The Azure Information Protection (AIP) Scanner Tool

With more cyber threats looming about than ever before, cybersecurity has become a pressing issue for any business dealing with sensitive data. Last year’s adoption of the General Data Protection Regulation (GDPR) by the EU also places heavy emphasis on data safety and export of personal data outside of EU and EEA borders.

Most business owners have security solutions in place to protect the data from unauthorized access by external attackers. However, they seem to forget that many cybersecurity issues start on the inside. The most pressing issues that lead to a data breach are the following:

No clear data organization – Unstructured data is hard to track and even harder to keep safe.
Unrestricted access to every file and document – Not all of your employees need to have access to all your documentation. Data should always be shared on a “need to know” basis.
No tracking on data access and usage – Without a system that tracks how data is being used and accessed, it’s very hard to avoid or detect malicious intent and possible data breaches.

Why You Should Invest in Data Encryption

Cybersecurity has become a strategy that covers more than just having a firewall and spam protection in place.

Today, cybersecurity covers everything from encryption to employee education and access control. The AIP scanner tool helps you achieve just that – you will know exactly where your data is, and you’ll be able to label it accordingly. You will also control who has access to it (both inside and outside of your organisation).

Protect Your On-Premise Data Yourself

Our AIP Scanner Tool course will teach you everything you need to know about the AIP scanner. With 38 lectures divided into eight lessons, you’ll learn how to discover all data locations you keep on-prem (even archived data!). You will also learn how to classify and encrypt it. You’ll learn all about prerequisites to install the AIP scanner and how to set up the virtual environment needed to run it.

You will become familiar with all AIP scanner modes so you can choose which is the best for your business. You will also learn how to install the scanner and test its settings. This way, you can ensure it’s working correctly before running it on your server, and how to deal with false positives.

Enroll Today for Lifetime Access

Are you a business in dire need of a good data security solution? Do you wish to broaden your knowledge and install the AIP scanner for others? Enroll today and gain lifetime access to lessons, videos, articles, and downloadable resources that will teach you to successfully protect your data.

Sign Up Here >>> https://www.udemy.com/course/data-discovery-encryption-with-microsofts-aip-scanner/?couponCode=ARTICLE50OFF

Posted on April 1, 2019August 3, 2020 by admin

11+ Ways to Improve Your Email Security Today

finger pointing to a padlock - improve your email security tips

Email accounts are used as the most common point of entry by hackers to get access to networks and either disrupt services, steal information, or spread malevolent software to more accounts. But, if you improve your email security, you can prevent this!

So, What Is Email Security?

Put simply, email security is a term that encompasses all the measures taken to secure access to an email account and contents of all emails of that account.

15 Ways to Improve Your Email Security

Email accounts are fairly easy to hack, simply because of the sheer number of email accounts there are. With everybody having at least one account, a simple error like clicking an infected link is often enough for them to gain access.

Coupled with a lack of knowledge, some people are easy targets, and can be the weak link for businesses or home offices to get a malware infection or lead to a security breach.

This is why it’s important to be up to date with email security measures and be able to spot hacking attempts.

Here are some of the ways you can improve your email security and help keep your personal and business data safe.

1. Use Strong Passwords

Weak passwords are one of the simplest ways to get access to an email account.

Often, people use simple passwords out of convenience, but this makes them more vulnerable. Most services won’t even let you have generic or weak passwords anymore and demand that passwords have at least eight characters, must include upper- and lowercase letters, at least one number, and one special character.

Our tips for strong passwords include:

Avoid using meaningful passwords – like the name of your spouse, children, or pets, birthdates, and similar. It’s best to use everyday items that don’t have much meaning. For example, look around your room or office and pick an item or two, then use them to make a password.
Change your password every 3-6 months. Set a reminder on your phone or work calendar to do so.
Avoid leaving all of your accounts logged in on multiple devices ALL of the time.
Don’t write your password down and stick it to your desktop screen! (it happens more often than you think!)

Think it’s hard to steal your password? Read this:

How Easy It Is To Steal Your Outlook & 365 Password

2. Use Two-Factor Authentication (2FA)

This puts an extra layer of security in addition to a username and password. It makes it harder for attackers to gain access. With 2FA, the user, after putting in their username and password, also has to input additional information, such as an additional PIN or password, or a security token.

3. Avoid Logging In to Free Wi-Fi and then Signing into an Email

While free Wi-Fi sounds great in theory, in practice, it’s chock-full of hazards. Using public Wi-Fi puts you at risk of being hacked, as hackers might be using the same network to gain access to other devices – if you log in to your email account, they can easily get access immediately.

If you truly need internet access out in the public, it’s best to use your phone and tether a connection instead (just make sure you use encryption while doing so).

4. Use Professional/Paid Services and Avoid the Free Ones

While free email services are convenient (for example, Gmail), they don’t have all the features you might if you’re a business. Always opt for professional and paid services (for example, G-Suite email services) as they have priority support and better security features.

5. Educate Yourself

One of the best ways to stay secure is to be aware of all the risks and ways hackers might try to get access to your email. It’s extremely important for businesses to train their staff as well, to minimise the risk of someone accidentally clicking an infected link.

6. Use Anti-Virus That Includes an Email Scanner

Anti-virus software will scan your device for malevolent activity, but it’s not a bad idea to get AV software that also includes an email scanner. Such scanners will actively scan all links and email attachments and alert you about infected items.

7. Don’t Click Links from Emails and Don’t Log In on Email Pop-Ups

If you are unsure about a link from an email, never click on it. The link might lead to a site that downloads and installs malevolent software to your device. Any pop-up window that requires you to log in to your email is likely a scam too. Always log in through the actual service.

8. Check the Original Sender

If you receive an email that seems to be a bit off, always check the sender. Often, the sender name will be spoofed to make you believe they are someone else. You can do so by hovering over the “From” to see the actual email address and not the name of the sender.

9. Help Your Provider

Every time you mark an email as spam or junk and report them, you help your provider filter the emails better in the future. This way, harmful emails will never even manage to reach the inbox.

10. Be Careful Signing Up for Things.

Using the same email for all the services – from those you use regularly to some obscure mailing lists, is always a bad idea. Always have a “throwaway” or temporary email address for services or websites where you only need one-time access.

11. Check Who Has Your Email

Never share your email on just any websites or public places. Also, avoid posting to public forums with your main email address to make sure it’s not collected and ends up on spam lists.

12. Protect Sent Emails

Use encryption services to protect all sent email. Some services even make it possible to see the email only if the recipient has an authentication code, and you can redact access at any time you see fit. We use Microsoft’s Azure Information Protection and recommend it to our clients for automatic email and file encryption.

13. Be Careful What You Share Online

Avoid sharing personal information that could give hackers an idea on what you are using as a password! And I’ll say it again, don’t use obvious personal information as your password!

14. Run Regular Backups

With so many ransomware attacks happening lately, make sure your data is backed up regularly, just in case!

15. Be Careful About Apps

Avoid installing apps from third-party sites on your computer, browser, or phone. They are often infected with malware. Instead, only download from trusted sources, and always regularly update them.

These are all ways to improve your email security, whether you’re a personal user, have a business account, or are looking for organisational email security! Just remember, the more measures implemented, the higher the security of an email account.

Posted on January 2, 2019October 30, 2019 by Silhouette Creatives

How to Make Technical Staff Training More Engaging

Technical staff training is crucial to keeping personnel up-to-date on the latest technological solutions you plan to implement in your business.

But.

When staff training is technical in nature, it can turn into a nightmare for both managers who organise it and staff members who attend it.

It’s hard to hold training on technical topics because they are often very dry and complex.

One of the common issues of holding technical staff training is that attendees often can’t grasp the topic so they don’t follow the lessons or they get bored and trail off easily. To efficiently battle these issues, you need to keep staff actively engaged.

Here’s some of the ways you can do this:

Include Multimedia

Your staff members have various learning styles, so, have an even mix of lessons that will accommodate each.

Visual learners will benefit from visual additions such as Powerpoint presentations, images, or videos.
Auditory learners will enjoy your presentations and engaging in conversation or sound clips.
Kinesthetic learners will benefit most from activities, testing or writing formats.

Gamification

Use game design elements to engage staff by applying game elements such as challenges (learning objectives), feedback (helps with progress), collaboration to achieve goals (a sense of community), competition (to keep staff motivated), and rewards for achieving them (gratification and sense of accomplishment).

Demonstrations

Using props or demonstrations are an easy way to make technical subjects more ‘real’. Often users can’t relate to new technical solutions and therefore don’t connect. If you can’t offer a tangible demonstration, show off benefits and changes in operations that they can relate to.

Have Breaks

The more technical the training, the more breaks you need. The brain can’t process too much at once and it will actually hinder learning to try and cram everything in at the same time. Keep your lessons to 20 minutes max and then offer a breather by having a quick Q&A, telling a story, having an activity or giving free time.

Real-Life Examples

Stories stick with people. If you use a compelling story to explain any concept of the new tech it makes it more memorable. Use real people, real examples and specific situations to engage with your staff.

Role Play

When explaining concepts during your technical staff training, assign roles to your staff and help them explain the lesson through simple role play. They will interact with each other and remember new operations easier. Questions are also more likely to pop up and be dealt with on the spot when you’re acting things out.

Blended Learning

A combination of digital and in-person learning can help all members. Not all staff members will be able to attend all lessons every time – the workload often doesn’t allow it. Allow members to learn remotely too, and make sure to keep tabs on their progress. Then, compliment their learning with meetings or in-person support.

Customise For Your Business Specifically

Whatever your company culture is, include elements so that your technical staff training feels part of the organisation itself. This way it can show employees that the business has adapted to this tech already, making it more likely they will engage.

Offer Choices

While you might have planned every detail of how training will go, give attendees some breathing room as well. Give them the freedom to rearrange the lessons to an extent. By having a say in how technical staff training is conducted, they will be more interested in actually attending.

Hopefully this has given you more insight into how to make technical staff training engaging. Check out our IT Staff training courses at The TowerWatch Academy Here for easy training courses that can relate to your employees.

Posted on November 20, 2018August 3, 2020 by Eli Migdal

How Azure Information Protection Can Be Used in GDPR Email Compliance

Today, businesses make data-driven decisions in order to have a competitive edge. If your business deals with personal data from customers, it is required to be compliant with EU’s General Data Protection Regulation (GDPR) requirements – this means disclosing how it handles data and ensuring that data remains safe.

Everything You Need To Know About GDPR & How It Will Affect Your Business

Why You Should Use Azure Information Protection for GDPR Emails

Sending sensitive data internally or to recipients outside your company carries a certain risk. Every email you send could lead to a disclosure of sensitive data, which constitutes a breach of GDPR. Therefore, investing in the protection of emails and files that are sent is crucial.

Azure Information Protection help keep your emails safe through advanced encryption and protects data at a file level with any attachments you might share too.

It’s a great solution that we recommend to our clients and one we can deploy seamlessly.

How to Install Microsoft’s Azure Information Protection for Small Businesses

While GDPR email compliance may seem like just another regulatory hassle, it is actually an opportunity to invest into your company’s digital security. The most recent data from the Ponemon Institute shows that the global cost of a data breach is increasing steadily, and in 2018, it has reached $3.86 million.

If that’s not enough to convince you, why not use IBM’s data breach cost calculator and see what yours could actually cost.

The Latest Data Breach Report Shows a Troubling Trend

A data breach carries serious consequences, and every business operation will suffer – financial, sales, marketing, safety, you name it. The 2018 Cost of a Data Breach Study states there are three main causes of a data breach, with percentages of attack globally being:

Malicious or criminal attack – the main reason for 48% of all breaches
System malfunction– the cause of 25% of all breaches
Human error – the cause of 27% of all breaches

The report shows that human error was the reason behind a data breach more often than a system malfunction was, while malicious and criminal attack took first place.

Note: It’s important to state that human error only includes insiders who were careless, while malicious attacks also include insiders, third parties, and contractors who caused a data breach intentionally.

In the UK specifically, malicious and criminal attacks were the reason of 50% of all breaches, human error was behind 26%, with system glitch causing only 24% of all data breaches.

This means as high as:

76% of all GDPR breaches in the UK can be caused by either negligence or malicious intent.

Which can be vastly reduced when using a file or email encryption like Azure’s Information Protection

The True Cost of a Data Breach to Your Business

How AIP for GDPR Emails Keeps You Compliant

Azure Information Protection (AIP) is a cloud-based service that allows you to protect any sensitive and confidential data through encryption. You can protect local data you keep on your devices or data that you store in the cloud. When you send that data outside of your company, the encryption remains in place because it’s active at a file-level.

This means that even if you’re compromised, documents that are recovered cannot be read or unencrypted. Plus, intercepted emails cannot be read unless the intended user verifies themselves.

Ultimately, AIP can’t stop your users from making a mistake, but it can support them and arm them with the tools to protect company data properly.

Azure Information Protection Protects Against Malicious Intent

For example, if one of your employees or third-party recipients wants to email a file to an unauthorised person, they won’t be able to do so. Plus, AIP has a great feature called Do Not Forward for GDPR compliant emails. When this option is used, the recipient must first be authenticated to even view the email, and this is all they can do. They can’t forward the email or print, or screenshot. This ensures the email is for their eyes only and that they cannot execute a data breach by forwarding onto non-approved users that would lead to GDPR violation.

Documents attached to these emails are also counted as DO NOT FORWARD and will have the same restrictions.

Azure Information Protection Activity

Not only does AIP limit who can view the data, but it also tracks how that data is being used. By doing so, it ensures that data is safe at all times and that GDPR compliance standards are met. Plus, if you suspect there’s a risk that the data could be used in a way that violates GDPR regulations, you can even revoke access to it.

There are a range of other uses for Azure Information Protection to help keep your company emails and files protected. If you need help learning the reigns or want to deploy Azure Information Protection Yourselves, get started today by clicking here.

Posted on August 29, 2018September 23, 2020 by admin

How to Install Microsoft’s Azure Information Protection for Small Businesses

Until now, Microsoft’s Azure Information Protection (AIP) has been an enterprise level IT solution for the big brands and businesses. So, you may not have even heard of it! But, its tools are perfect for small businesses and allows you to get AUTOMATIC file and email encryption that is easy to use, and affordable.

Let’s look at why you should be looking at this solution for your small business, how you can use it and what it can do for you:

Why do I Need File Protection?

We could advocate for file protection but it’s easier just to show you, here’s how easy it is to gain access to your sensitive data if you don’t have file protection:

The solution to this? We recommend, Microsoft’s Azure Information Protection (AIP)

Update: 23/09/20 – Microsoft’s AIP has actually been upgraded to MIP, with a few extra features. This article is still relevant and if you scroll to the bottom you can see a demo of a recent project we just completed on how it looks in action.

What is Microsoft’s Azure Information Protection?

It’s an excellent cloud-based file and email encryption solution that allows you to create certain ‘rules’ to protect your files and emails automatically.

What Does This Entail?

Although it’s also an excellent option for smaller businesses because it offers unique cyber security features which make GDPR compliance easy and seamless, you can’t really “figure it out” as you go.

It’s not as simple as downloading a piece of software. There’s a little more to it than that. But, once you know how, it’s our recommendation for keeping your company, files and emails protected. The installation looks a little like this:

Different Stages of AIP Implementation

Once you’ve set up your active directory and assigned your licenses, there are 3 steps to implementing Microsoft’s Azure Information Protection:

Assessing Your Data

Although only roughly 5% of your data is sensitive, you still need to protect it and in order to do so, you need to understand what it is, where it is and how you handle it.

Installation

This is the easy part (if you know what you’re doing) and is a simple installation of the AIP client onto all of the machines/servers that you want to have automatic encryption capabilities.

Monitoring/Testing

This is all about tweaking your settings to match your usage based on what you’re using your protection for in your business.

So, How Can I Do It Myself?

We originally created an AIP course (you can still take the legacy course HERE.) However since the update to MIP (Microsoft Information Protection) there’s a lot more backend setup, licensing crossovers, and implementation that just make this a project that is really tricky.

If you get it wrong you can accidentally encrypt and lock yourself out of all of your data, and to be honest, we don’t recommend doing this.

We still want to make MIP accessible for SMEs so we offer a half hour consulting option to give you the best tailored advice on what forms of protection are best for you, and then we can help you set up MIP if it’s suitable.

Book in for your consultation CLICK HERE.

Check out the MIP Demo below to see it in action:

Posted on July 30, 2018August 3, 2020 by Eli Migdal

Get Free IT Support for Small Businesses

We’re constantly looking for ways to use our knowledge and expertise to help others get to grips with their IT. We are offering free IT support for small businesses, particularly with the increased emphasis being placed on cyber security for businesses big and small in the wake of GDPR.

With this in mind, we are offering free IT help and support for small businesses in our Facebook support community. If you’ve purchased a course from the TowerWatch Academy, you’ll already know about the support group, but we’ve decided to open it up to help others too.

As IT consultants and experts with over 10 years’ experience in:

Cyber security
Online data protection solutions
Cloud-based data storage
Cyber Security Training
Penetration Testing
Complete IT Support
Large Scale Projects
IT Health Checks
Local & Global Hosting: Microsoft Azure/Amazon AWS
Remote Backup Solutions
365 Implementation
Hospitality IT support and project installation

We have an idea of the issues that plague the IT of small businesses. Budget (or lack of) being one of them!

So, if you can’t afford an IT team and need some help or advice for your business. Join our support community below and let us help you by answering any questions you may have.