How to set up a rule to send phishing attack alerts in Microsoft Exchange

Empower your employees to easily notify IT security personnel of a phishing attack with a simple Exchange rule. Learn how to set one up below.

When it comes to enterprise phishing emails, the most effective defence is a well-trained and educated workforce. While technologies like artificial intelligence and machine learning may stop many phishing emails from getting through to user inboxes, those tech solutions cannot overcome the careless click of a malicious link when the technology fails.

2018 report from Comodo Security shows that about 50% of an enterprise’s computer using employees will click on a link sent via email from an unknown user without first thinking of the potential consequences. To overcome this lack of urgency, IT professionals should task the entire workforce with the responsibility of immediately reporting phishing emails when they are uncovered.

The Office 365 add-in, Report Message, allows Outlook users to report a phishing or other suspicious email with the click of a single icon on the standard Office Ribbon interface. However, by adding a new rule to Microsoft Exchange, your organisation’s IT security team can also receive a copy of the report and be notified – with no additional effort on the employee’s part.

Set up the Rule

Creating or modifying rules using the following technique requires Exchange Online Administrator authentication status. This tutorial also assumes you have installed and enabled the Report Message add-in for Outlook.

Open the online portal to Office 365 and logon with administrator credentials. Navigate to the Admin Center and then open the Exchange Admin Center submenu. Click the Mail Flow link in the left navigation bar. You should see a screen similar to the screenshot below. (Please note this example has no rules yet)

Click on the Plus button to create a new rule. Name your new rule (Phishing Submission) and then open the Apply this rule if dropdown box. Choose the entry: The recipient address includes. Add these two email addresses to the list as shown in the below screenshot.

  • junk@office365.microsoft.com
  • phish@office365.microsoft.com

In the Do the following box, choose the Bcc the message to entry and add the appropriate security administrator or team as designated by your intrusion detection policy. Set the Audit this rule with severity level to medium, as shown in the below screenshot, and click Save.

Once this rule is established, whenever an employee reports an email using the Report Message add-in, the appropriate security personnel will receive a copy of the message automatically. This will allow your security teams to act swiftly and decisively to mitigate and counteract phishing attacks in accordance with your organisation’s policies.

7 IT Security Tools from Microsoft

When it comes to IT Security, 2017 was not a good year for many people. With data breaches, ransomware attacks, and security vulnerabilities making headlines around the globe, it appears as if both organisations and individuals were under attack.

So, how can you protect your organisation and its data?

Below is a list of 7 IT security tools that are recommended for organisations to increase their security posture. Although this isn’t an exhaustive list, these are relatively easy-to-use and fairly intuitive tools.

1. Windows 10

Windows 10 is Microsoft’s most secure operating system yet. With built-in features like Windows Hello, Microsoft Edge, and SmartScreen, Windows 10 protects your users’ identities, information, and devices from threats with several threat protection and security management tools.

2. Enterprise Mobility + Security

As a comprehensive Cloud solution, Microsoft Enterprise Mobility + Security (EMS) helps your organisation to address the constantly-changing cyber security landscape. By safeguarding your organisation’s resources, EMS helps you track suspicious login activity within your organisation, allowing you to gain a deeper understanding of user, device, or data activities, and also gives you the power to change permissions when necessary.

By including such things as single sign-in access to your corporate resources from any device, EMS is the answer for improved security across cloud, on-premises and mobile devices.

3. Azure Active Directory Identity Protection

Hackers and cyber criminals are becoming increasingly effective in using sophisticated phishing attacks to steal a user’s identity and gain access to your environment. Once that hacker gains access – no matter who it is within your organisation – it’s relatively easy for them to gain access to more important content.

Azure Active Directory Identity Protection helps protect your organisation by allowing you to configure risk-based policies that will automatically respond to detected issues if the risk level you specified has been reached. Azure Active Directory Identity Protection can use adaptive machine learning algorithms and heuristics that will detect suspicious incidents or anomalies to generate both reports and alerts for you to review. These will let you evaluate what issues have been detected, then allow you to take the necessary steps to either mitigate or remove the threat.

4. Windows Information Protection

As a part of the Windows 10 Anniversary Update, Windows Information Protection (WIP) was introduced to integrate with other Microsoft products like Office 365 and Azure Rights Management in order to increase your security posture. Designed to prohibit corporate data from leaking into personal or public domains, Windows Information Protection helps maintain control of your data. With Windows Information Protection, you can identify personal and business data, determine the apps that can access it, and provide basic controls to help determine what your users can do with business data (for example, you can limit your employees’ ability to copy and paste data to an unsecured location).

5. Office 365 Advanced Threat Protection (ATP)

Office 365 ATP is a multipurpose add-on to many of the Exchange and Office 365 subscription plans. With features like Safe Attachments (protecting you from unknown malware and viruses), Safe Links (proactively protecting your users from malicious hyperlinks in email messages), Spoof Intelligence (detecting senders who are spoofing your domain by pretending to be someone else in your organisation), Quarantine, and advanced anti-phishing capabilities, Office 365 ATP helps protect your organisation’s email, files, and Office 365 applications from any unknown malware or viruses.

Helping you gain critical knowledge of who in your organisation is being targeted, Office 365 ATP can give you insight into which users are clicking on malicious links, and investigate which messages have been blocked because of unknown viruses or malware.

6. Office 365 Data Loss Prevention

No organisation wants to find out that their users are passing along sensitive information. So, with Office 365 Data Loss Prevention, you can empower your user to be more conscious about your company policies surrounding the sharing of sensitive information.

Through the Exchange Administration Centre in the Office 365 admin portal, your email administrators can set up policies that will tell your Office 365 Data Loss Prevention tool to scan through your user emails (in the background). If the tool determines that a policy is about to be breached, a Policy Tip will pop up in the email window that alerts your users that they are about to pass on sensitive information.

7. Office 365 Advanced Security Management

Included in the Office 365 E5 (and available to the other Office 365 enterprise plans for a small fee), Advanced Security Management for Office 365 gives you greater control and visibility over your Office 365 environment in these three areas: threat detection, enhanced control, and discovery and insights.

Enhanced control lets you set up policies that track specific activities, like flagging when someone downloads more than they usually do, when someone has multiple failed sign-in attempts, or when someone signs in from an unknown or risky IP address. With threat detection, you can set up anomaly detection policies that will alert you of potential breaches in your network. And with the app discovery dashboard, your IT professionals can see your organisation’s Office 365 and other Cloud services usage, which in turn allows you to maximise your investments in IT-approved solutions. Plus, Advanced Security Management for Office 365 will help you determine if there’s any activities from shadow IT occurring within your organisation.

Unsure which product is best for your business?

To find out more about which solutions are the most suitable for your organisation, contact us today.

 

What Shadow IT means for your organisation

Shadow IT represents any technology spend that occurs outside of and without input from the IT department. An estimated one-third of all technology spending falls under this category.

The rise of Shadow IT is as harmful as it is inevitable. Tech savviness is no longer concentrated within the IT department. As more and more digital natives enter the workforce, the demands on the IT department, and business as a whole, are changing. These new users want technology to enable their work, and in many cases they don’t understand why they have a much richer and more robust computing experience at home than at work. They demand to, for example, bring their own devices (such as mobile phones) to work…so why not bring their own IT solutions too?

The cloud has also made it easier than ever to identify and consume IT resources. Implementations that used to take an army of consultants and a matter of years can now be done in a fraction of the time with nothing more than a credit card. Today’s business leaders are armed with the ability to bypass IT.

Causes of Shadow IT

At its core, Shadow IT results from a disconnect between IT and the business. The business believes that IT is being unreasonable in not adapting to its needs, and IT thinks the business is sacrificing long-term environmental stability at the altar of short-term needs.

Often, Shadow IT grows in an organisation from certain potential factors:

  1. IT does not respect its users. We have all seen IT departments that treat users as an inconvenience, and if IT does not show a willingness to engage and cooperate with the user base, the users will find solutions on their own.
  2. IT isn’t innovative. As mentioned earlier, users are more technically savvy than ever before. They have rich computing experiences at home, and they are able to encounter new and powerful IT paradigms through social media. If IT doesn’t deliver innovation, it’s not surprising to see users discover and seek the innovation on their own.
  3. IT is expensive. If your IT department is bloated with bureaucracy, or projects constantly find themselves over time and over budget, users will run out of patience, especially when external providers can deliver powerful Shadow IT with just a few clicks and a credit card.
  4. IT isn’t flexible. Some IT departments can develop a siege mentality, in which any suggestions for improvement are dismissed simply because they differ from “how things were always done.” Users are only human; they will tire of a can’t-do attitude and seek alternative solutions.
  5. IT is too slow. Before the digital age took over all aspects of business and life, it was more defensible for IT departments to deliver solutions more slowly. These days, if the time to deal with requests can be measured with a calendar, users will look to a company that can provide them solutions quickly.

Risks of Shadow IT

Shadow IT has many logical explanations with reasonable causes, but it also presents risks for the average organisation.

The biggest and most obvious risk is data security. Each cloud service has its own data protection and retention practices, and these might not match with your organisation’s requirements, even if the service itself meets your needs. For example, the cloud service might not encrypt data, either at rest or in transit. The cloud service might even have rigid terms of service that entitle it, at least in theory, to your company’s intellectual property.

If an employee who used a Shadow IT service ends up leaving the company, he or she could still have access to the cloud service, which might have important data both for your organisation and its clients. This is a major risk to the company’s long-term client retention and its reputation in the industry.

Tribal knowledge is another key risk of Shadow IT. Even if the credentials don’t leave with a certain employee, the knowledge of how to utilise the service might leave when a certain employee decides to move on. This could render the shadow service completely useless.

Fixing Shadow IT

Fortunately Shadow IT is not the end of the world (or your business). While it is unavoidable, embracing and managing it is certainly helpful in reducing the risk of negative impact and ensuring that all uses of technology create value for your organisation – whether it was approved or not.

If you are looking for a quick guide on addressing issues caused by Shadow IT, check out our 5 Step Plan of Attack on Shadow IT.

The most important way to combat Shadow IT is to engage with your users as active partners, rather than an annoyance or a hindrance. Opening lines of dialogue, such as what DevOps encourages, can strengthen the bond between IT and the business and bolster each side’s sense of common purpose. This could in time eliminate the need for Shadow IT solutions.

The IT department has many core competencies, including standards, process, and best practices. For the long term, it would be easier for an IT department or a Managed IT Services Provider to sit down and develop objective standards for any external cloud service, against which the business can gauge a proposed solution, rather than treating each request as an ad hoc. As a result, IT can still become the overall arbiter of technology, as well as the keeper of standards and best practices. It’s a departure from the historical “we build everything” idea, and a great way for IT to fit into the paradigms of modern day business.

Conclusion

Shadow IT was the result of numerous factors and developments over the past decades, including increased technical knowledge among end-users and increased gatekeeping and inertia from IT. A new sense of partnership, and a promulgation of key standards and best practices, can allow the IT department to embrace the new reality and bring business tech out of the shadows.


Do you have concerns about Shadow IT in your organisation? Chat to us today on 1300 302 207 or send us a message here.

Track, secure and control corporate devices under one single system

The Interlinked Mobile Device Management (MDM) service allows you to manage and secure the increasing volume and diversity of both ‘bring your own device’ (BYOD) and corporate-owned devices.

Here’s a quick overview of our MDM solutions powered by Microsoft’s Enterprise Mobility + Security products, and how Interlinked can help your business stay in control:

To learn more about protecting and controlling your business devices, contact us today.

Notifiable Data Breaches Scheme – Quick Facts & Answers

Australia’s Notifiable Data Breaches (NDB) Scheme went into effect recently in February 2018.

Cyber security is now more important to Australian businesses than ever, and IT leaders can expect questions and concerns from key stakeholders about what the new laws mean for their organisation.

Here are some easy-to-understand answers to the most common questions, or simply download our NDB Fact Sheet.

Who does the new Notifiable Data Breaches Scheme affect?

Australia’s Data Notification Law came into effect on February 22, 2018. It applies to businesses governed under the Privacy Act 1988 – including any with annual turnovers of $3 million, or businesses that collect and store sensitive user information like payment or personal data. If a data breach will likely result in “serious harm” to individuals, whether reputation, finances, or safety, you are required to notify the relevant parties. Failure to do so can incur fines of up to $1.8 million.

How big is the impact?

According to the 2017 Cost of Data Breach Global Study by Ponemon Institute, 1 in 4 organisations with top cyber security defences still experience data breaches. 90% of a cyber attack’s bottom-line impact is felt up to two years after an attack. It is important to recognise that data breaches are not an “if” scenario, but “when”. The new data breach laws add hefty fines and heightened public scrutiny on top of many other consequences of a breach, including: loss of sales and contracts, compromised IP, and legal action. Customers and shareholders will hold business leaders responsible for non-compliance with these laws.

What do we do when a breach is detected?

Verified breaches must be reported to the Australian Information Commissioner and all affected individuals, along with descriptions of
the breach, the nature of any compromised information, and recommendations to individuals on what they should do next. The law gives organisations only 30 days to investigate any suspected breach, or plug any possible data loss, before notification is required.

How can you protect your business against breaches?

Monitor your networks. According to the Cost of Data Breach Global Study, it takes an average of six months to discover a data breach. It’s critical to have a robust monitoring system not only to help you and your team identify and stop threats more consistently, but also to make compliance with data breach notification laws much simpler. The more visibility you have into your data and networks, the easier it is to give details to regulators and the public if a breach occurs.

Download our NDB Fact Sheet for quick sharing with your business leaders and colleagues.

Have concerns or want to learn more about the NDB Scheme? Contact Interlinked today.

Is your data backup solution up to date?

Data backup technology has drastically evolved throughout the past decade to meet the rapidly increasing amount of business data.

Here’s a look at the latest in our backup solutions and how Interlinked can help your business get back up & running in a matter of seconds:

At Interlinked, we specialise in no hassle automated backup plans that offer cost effective data protection to ensure business continuity.

To learn more about protecting your business data, contact us today.

Police issue warning about fake delivery emails

The ACCC’s Scamwatch has received over 4,300 complaints about a fake parcel delivery scam in 2016, more than triple the number received in 2015 which is targeting online shoppers.

“Scammers will use it to steal your personal information and lighten your wallet,” ACCC Deputy Chair Delia Rickard said.

“Scammers typically send emails pretending to be from Australia Post or FedEx, to try and trick you into believing you have an ‘undeliverable package’. In some cases, these emails may include your name and address and include legitimate-looking company information, complete with fake logos.”

“The email may threaten to charge you a fee for holding your ‘undelivered item’, and will ask you to open an attachment, click a link or download a file to retrieve your parcel. If you follow these instructions, you will likely download a ransomware virus that locks your computer.”

“To unlock your computer, scammers demand payment in the form of bitcoins (a form of online currency) or wire transfer. Even if you pay the fee, there is no guarantee that you will be able to access your computer again.

“Australia Post will never call you out of the blue to request payment or send you an email asking you to click on an attachment. If you receive an email about an undeliverable package, don’t open any attachments or download files – delete it straight away,” Ms Rickard said.

If you think your network has been compromised, please contact us immediately on 1300 302 207.

ISM 6.2.92 Data Wipe Method

ISM 6.2.92 is a software based data destruction program to overwrite existing information on a hard drive or other storage device.

The ISM 6.2.92 method will prevent most recovery methods from extracting information whether it be using hardware or software method of recovery.

ISM 6.2.92 is similar to other data wipe methods except that it’s the Australian government’s data sanitization standard.

What Does the ISM 6.2.92 Method Do?

The ISM 6.2.92 data sanitization method is implemented in the following way:

If a drive is under 15 GB in size, the ISM 6.2.92 specifies that the drive being sanitized must be overwritten three times with a random character.

If it didn’t complete properly, the software will prompt you to rerun the pass, or it might do so automatically.

More About ISM 6.2.92

The ISM 6.2.92 sanitization method was originally defined in the Information Security Manual (ISM) issued by the Australian Government.

The latest version of the ISM can be downloaded from the Australian Government Department of Defence website.

If you need help, do not hesitate to contact us today.

Security in the Cloud

When updating IT solutions, security is an immediate problem that comes to mind alongside cost and time.

In a previous post , we mentioned the outstanding security measures and procedures built into Azure. This week, we’re going to take a closer look at the security risks associated with public, private, and on-premises solutions. When building your IT solution, you’ll be choosing between them.

With good security measures in place, the location of your data matters less than how you access it. This is where securing networks, restricting access, and monitoring access come into play.

Below we explore some of the risks and benefits associated with each of your cloud options!

PUBLIC CLOUD SOLUTIONS

Risks Benefits
  • Data is stored on a shared server and maintained by provider
  • Users agree to terms of use and providers have access to data on servers
  • Network outages: Relies on access to internet in order for access to your data
  • Difficult to see where the data resides
  • Providers notify users of security breaches
  • For non-sensitive data, it’s cheap and easy to set-up
  • Can scale up or down as needed and pay accordingly
  • No cost of ownership, maintenance or upgrades – just operating cost

 PRIVATE CLOUD SOLUTION

Risks Benefits
  • Data can be stored off prem, in a partitioned server owned by a host
  • Existing security tools can be affected when data volume increases
  • Meeting compliance requirements changes with two different regulatory environments
  • Replicate servers and data in even of disaster recovery
  • Configure on-prem and cloud servers can communicate on a private network.
  • Securely scale up or down as needed, including during maintenance

 HYBRID/ ON-PREM SOLUTIONS

Risks Benefits
  • Siloed data can’t be recovered in the event of hardware damage or corruption
  • Employees can threaten security with malicious intent or misunderstanding
  • ·May take time to notice security breaches, leaving you vulnerable
  • Security is under your discretion, as are your employees
  • Complete ownership of data and server
  • Easier compliance with industry regulations

Take the time to examine your IT and understand if it meets the security standards that concern you right now. This step is the most important way to decide what you need from a cloud solution. If you need help, assessments are a great step towards identifying vulnerabilities, the best solutions, and migration-ready workloads.

Contact us for an assessment to build a more secure IT future!

Interlinked Blog | Ransomware Scam Results in Small Business Complaints to the ACCC

Ransomware Scam Results in Small Business Complaints to the ACCC

It has been revealed in the Small Business in Focus Report #12 that during the first half of 2016, the Australian Competition and Consumer Commission (ACCC) has received more than 7,600 enquiries and complaints from small businesses. Their main problem was ransomware by way of Cryptolocker that have been disguised in emails from reputable companies such as AGL Energy Bills, the Office of State Revenue (OSR), Australia Post, the Australia Taxation Office (ATO), Woolworths and more. The emails mislead small businesses by claiming false bills and fake vouchers.

Interlinked Blog | Ransomware Scam Results in Small Business Complaints to the ACCC

Interlinked Blog | Ransomware Scam Results in Small Business Complaints to the ACCC

“An emerging scam posing a threat to businesses is the business email compromise scam (fake CEO scam). It usually involves a fake instruction from someone pretending to be the CEO or other senior staff member, advising changes to payment arrangements for a supplier and redirecting invoice payments to the scammer,” stated the report.

“The number of small businesses contacting the ACCC with concerns has risen steadily over the past few years. The current review of the Australian Consumer Law (ACL) provides a valuable opportunity for small business to speak up and ensure that their concerns are taken into account during that process. Concerns about changes to new credit card surcharging laws in September, and new changes to the ACL that will extend protections from unfair contract terms in business-to-business dealings in November are expected to generate significant interest from the Small Business community,” said Dr Michael Schaper, The ACCC deputy chairman.

A few tips to help you stay protected:

  • When attempting to open it on your phone or MAC devices, it will give an error to use a Windows computer
  • The .zip file will be suspicious
  • Ensure that your backups are working and you have a rotating set of drives or tapes
  • Ensure your Antivirus is up-to-date
  • Be aware of any emails that ask you to reply quickly or act fast
  • Alert users to new malware campaigns immediately.
  • If the email is from someone you do not know, do not open it
  • Implement effective email security tools and policies, such as blocking executable or zipped attachments from unknown senders, or setting email filtering rules.
  • Prevent downloading executable or zipped attachments via HTTP/HTTPS connections.
  • Microsoft Essentials, AVG, and other free AV products should not be used
  • Isolate infected endpoints from the network as soon as possible
  • Subscribe to alert services such as Australian Government’s Stay Smart Online, which updates on the latest trends in our region.

If you have received this email and have any urgent concerns regarding this issue, please contact Interlinked on 1300 302 207.

Related posts: