SIDEBAR
»
S
I
D
E
B
A
R
«
Next Gen Information Protection Comes to Office 365
Jun 17th, 2015 by aperio

As many of us are now used to working from anywhere from our preferred device, information protection controls need to evolve to protect data at the individual, file and service levels. The shift to mobility and personally-owned devices also means that the threat landscape is shifting with more individually targeted attacks that work across platforms. On this show, we take an early look at new controls for compliance, security and organizational search with next-generation information protection tools.

This week, Rudra Mitra, engineering lead for the Office 365 information protection team, takes a look at the core themes driving information protection investments and to give us an early look at what’s coming. Rudra describes the approach his teams are taking as they build new controls to be pervasive, transparent and people-centric.

Rudra highlight the new tools for Data Loss Prevention (DLP) coming to OneDrive for Business and SharePoint Online, as well as Advanced Threat Protection (ATP) in Exchange Online to show how they’ve evolved to provide pervasive, platform-agnostic protection. These tools also provide new audit capabilities to show things like URL traces when people follow embedded hyperlinks in email and actions taken against centrally-stored files, plus new APIs available to query activity—all in the name of transparency. Transparency extends to organizational search with new eDiscovery analysis capabilities coming in Equivio Zoom.

The controls cannot just exist in isolation from users and core to Office 365 is the inclusion of people in the compliance solution. DLP policy tips are presented to users within email, file sharing experiences and even coming to Office desktop apps. User education of policy along with options to help people securely work on their device and apps of choice are all part of being people-centric.

On the show, Rudra demonstrates all of this and more to give an early look at what’s coming in information protection and as we think about integration with other cloud services.  He also provides insights into things to come. Watch the show to learn more and see you next week!

No Comments »
Phishing, Scamming and Learning when not to open Infected Emails in your inbox
Feb 16th, 2015 by aperio

Your email is a nexus point for user interaction and for potential vulnerability from scammers. It is the door to your data home and the place where many users are most likely to compromise their information.

As you know the internet is rife with scammers who are always looking for the next way to take advantage of the public. They use ever improving techniques and changing tool-sets to come up with the next way to get your information and create vulnerabilities in your network.

In most cases this is as easy as convince users to click on links and attachments that they should not.

Recently we have seen a growing malware/phishing/virus threat being spread through legitimate looking voicemail attachments in user emails.

In almost all cases email scammers convince users to click on or open attachments by including just enough information that could be perceived as correct and accurate that it may be appropriate to be receiving the attached information. In the case of the Voicemail attachment – Users may see an “Email ID” that appears to be coming from an internal email address at the recipient’s organization, as well as a “Download Message” link that appears to host the fake audio file on the recipient’s organization’s domain. All these work together to throw off recipients better judgment and convince them to trust the email enough to click on the download link.

This phishing attempt fools users by appearing to be a legitimate, automated email from Outlook. The scam targets Outlook users, who are sent official looking emails with the subject line “You have received a voice mail.” The body of the email contains the Microsoft Office Outlook logo, fake data about the voicemail and caller, and a link to download the voice message. Although the download link appears to be a .wav audio file, it’s actually an HTML link to a website that tries to install a Trojan virus. If you are current with your Antivirus Protection and Ant-malware Protection the software should stop the Trojan from installing, however we have had users who have manually overridden these protections and allowed the blocked content to install.

Another version users are seeing with more frequency is the appearance of a “voice message” which appears to come from the “admin” of your organization. This email includes a zipped attachment which when downloaded will install malware on your computer.

Deleting the email should be enough to avoid downloading any malware. but accessing, or downloading, or even opening and allowing the email to load any embedded images may be enough to confirm the validity of your email address and open your system up to potential vulnerability.

If you do click on the download link or believe that your system has been compromised as a result, You should take steps to quickly mitigate the damage.

The best strategy is to exercise additional diligence when opening email. If you cannot confirm the authenticity of an email or sender, it is always best to avoid opening it.

Photo Source: Viktor Hanacek
No Comments »
SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa