Have you ever gotten an email that says something like – “Verify your account” or “Update your password” or even a funny invoice that you’re not expecting, that asks you to log in to your email when you click it? I’m willing to bet the answer is yes. We know from experience, that many times these emails are so convincing, even the most experienced folks out there get misled into giving up their credentials.
Do you store all your company’s passwords in a paper notebook, or an excel file? Well – at least someone must gain physical access to the notebook. That password on the excel file can be cracked in under 30 seconds. Go all the way to the bottom if you want to skip to how to solve this issue!
I really didn’t write this to tell you something that you likely already know. My goal here is two-fold. 1. To share some experiences that we’ve helped folks recover from, and how you can avoid these. 2. How Simply Technology can and is putting in place additional layers of protection to stop these attacks and risks.
Example 1: Big Money
In the Mortgage industry, it is common that sensitive details are sent over email, and large dollar amounts exchange hands electronically. The client in this example, an employee had clicked on a Phishing email, entered their credentials, and didn’t think much of it. The employee in this case was a loan processor who was frequently sending out wiring instructions, etc. You can probably see where this is going. The attacked simply forwarded all the emails to an outside account for a few weeks, both sent and received. One day, they took the opportunity and acted. A PDF containing wiring instructions to a home buyer was altered, with the account number changed, and re-sent to the buyer. Unfortunately, the buyer ended up wiring many tens of thousands of dollars to the malicious party here. Fortunately, in this case law enforcement and the banks were involved and the folks eventually got their money back – but not after everyone involved going through a lot of headache.
Example 2: The Worst kind of Spam
I promise – this one is short but not so sweet. In a similar phishing situation, the owner of a business clicked a phishing email, and not long after, thousands of sexually explicit emails were sent out to everyone in the address book, and many more. This of course served no gain for the malicious actor, and only hurt the reputation of the business owner.
The Good Part: If you’re still with me – I take it you are serious about securing your information, reputation, and digital assets. There are several products that I will list below, with clear pricing, that we can put in place to mitigate these risks. But the biggest and most important one, which solved the problem (but by no means was the only thing put in place) for the two examples above.
This is called MFA or Multi Factor Authentication – adding an additional step to logging into your email system that is independent of your password. This involves entering a code from your mobile phone anytime you login to a new device. So – even IF someone has your password – they still cannot gain access. Best Part? It’s completely free if you have Office 365 or Google Business Email. We will enable it for your accounts and send you setup instructions completely free. We would only charge you for any further support outside of this (Unless you are in one of our all-inclusive support plans – If you aren’t – shoot me an email so we can talk about switching, you may find that option to be a better deal all around). All you need to do it send an email to firstname.lastname@example.org and ask us to enable this for your organization. (Kudos to the many of you that already have this in place)
Other Security Services:
Webshield – Web security in the cloud. This service filters al web traffic transparently in the background, to stop malicious websites from ever getting loaded. This also has the capability of doing web content filtering to block specific sites or categories. $3/User/Month
Spamshield – Email security and Spam filtering. 80% of all email received is Spam or Junk. This filters out most of it before it hits your inbox. Also scans emails for Viruses, Phishing, Malware, etc. $3/User/Month
Web+Spam Bundle – We offer a bundle that includes both products for $5/User/Month
Activity Monitoring/Data Loss Prevention – Industry leading software which can both monitor activity for loss of productivity, and monitor what data comes in and out of your environment. (Pricing varies based on several factors – contact email@example.com to get an accurate quote)
Office 365 Backup – Have a backup copy of your email system stored off-site in case something ever happens. $2/User/Month for Email Only, $4/User/Month to include OneDrive, SharePoint, and Teams
SITE Password Management – The Same secure vault technology that Simply technology uses to secure our customer passwords, is now available for our clients to use internally. You can store all your company and personal passwords in this environment, and securely share with employees that need access. All access is recorded to see who last viewed or changed a password. We have no access to see your passwords either. $5/User/Month
If any of these sound like something you’re interested in (Or even if you just want to catch up) – give us a call at 248-885-5515 or shoot us an email at firstname.lastname@example.org