The Small Business’s Guide to Secure Email

It probably comes as no surprise to most business owners that email is a primary way hackers can gain access to sensitive company data and information. But it may alarm you to know that small businesses are particularly vulnerable. Specifically, overall cyber-attacks on companies with 250 or fewer employees doubled in the first six months of last year—and the loss per attack was more than $188,000 on average. The effect of cyber-attacks on the American economy as a whole is a high cost of $100 billion annually, according to the Center for Strategic and International Studies.

That’s one reason the great Sony email hack of 2014 was such a big deal—it left every business wondering how they could avoid the same fate. It stands to reason that if such a large company, with multiple layers of security, can be hacked, small businesses with fewer resources have no hope, right?

Maybe not. There are many ways to ensure your business is protected through secure email. Since your business’s security is only as strong as your weakest link, the secret is to get employees involved and invested in the success of your security. Here are seven tips to get you started.

  1. Make it a top priority to create and implement a cybersecurity plan.

Of course, this involves more than simply considering how to ensure secure email service—it should also include strategies for keeping your website, payment information, and other information safe—but addressing email security should be a main part of your plan. The Federal Communications Commission created a handy tool, the Small Biz Cyber Planner 2.0, to assist you in creating a customized plan.

  1. Consider email encryption.

Email encryption helps to protect personal information from hackers by only permitting certain users to access and read your emails. There are several methods of email encryption depending on the level of security—and convenience—you require. For example, you could download or purchase extra software that will plug in to your Microsoft Outlook. Gpg4win is one such free privacy email guard software for Windows. Or, you could install an email certificate like PGP (Pretty Good Privacy), which allows your employees to share a public key with anyone who wants to send them an email and use a private key to decrypt any emails they receive. Another simple solution is to use a third-party encrypted email service.

  1. Ensure passwords are secure.

All employees should have their own password for their work computer and email system. These passwords should be reset every three months; also consider requiring multifactor authentication when employees change their passwords. The strongest passwords consist of at least 12 characters and a combination of numbers, symbols, lower-case letters, and capital letters. Passwords should not be something obvious (e.g., birthdays, children’s names, etc.) but should be memorable. In other words, employees should steer clear of the two most common—and worst—passwords of 2014: “password” and “123456.”

Also, employees should not use the same password for multiple accounts or websites. Consider allowing the use of a password manager or single sign on function. Some great solutions for small businesses looking for tools to store codes, bank accounts, email accounts, PIN numbers, and other account information in one place include CommonKey, LastPass, and Password Genie.

How do you know whether your password has been compromised? Sign up for watchdog services like PwnedList or Breach Alarm, which monitor leaked passwords and will report automatically to you if any of your email addresses are vulnerable.

  1. Develop an email retention policy that makes sense.

With the cost of storage today, there’s no point in keeping old emails that are no longer useful. Ask employees to purge emails that do not support business efforts and implement a policy to ensure compliance. Many companies institute a 60-90-day standard, with steps toward automatic archiving and permanent removal after a set time period. Remembering to delete emails that don’t comply with this standard can be difficult for some employees, so frequent reminders may be necessary.

  1. Train employees in email security.

Employees play a crucial role in keeping data secure through email. They should be trained on what types of behaviors to refrain from and what types of emails to avoid. Unfortunately, according to InfoSight, nearly half of all companies spend less than 1 percent of their security budget on programs that train employees on how to be aware of security threats. Yet 64 percent of organizations experienced some level of financial loss due to computer breaches and 85 percent detected computer viruses. Wouldn’t it be worth the low cost of training to mitigate the potentially large cost of a hack?

Specifically, employees should be trained to comply with the following rules:

  • Never open links or attachments from unknown persons.
  • Don’t respond to emails that request a password change and require you to divulge personal information—no matter how official the source appears.
  • Ensure antivirus and anti-spy software is updated on your computer.
  • Encrypt any emails containing sensitive data before sending.
  • Don’t use your company email address to send and receive personal emails.
  • Don’t automatically forward company emails to a third-party email system.

In addition, some companies have found success in instituting programs that test employees with phishing campaigns, spear-phishing emails, and other cybersecurity threats and then reward them when they pass these tests.

  1. Maintain strict standards for company-related mobile device usage.

When using a company-issued mobile device, or a personal mobile device where you send and receive company emails, employees should encrypt data, keep the device password-protected, and install approved security apps so hackers cannot access devices via shared WiFi networks.

  1. Avoid common pitfalls when securing email.

Besides all of the things we’ve already discussed, email can remain unsecured in other ways as well. Be sure to consider the following:

  • All computers—not just a few—should use email encryption. There’s no point in encrypting emails unless the same standard is applied across the board.
  • Unlocked computers should never be left unattended. Make it company policy for employees to lock their computers (which should be password-protected at login) before getting up from their desks.
  • Store emails in a secure location behind a firewall. Do not allow employees to store copies of emails in their personal cloud or any other such location.

By being purposeful when creating policies involving your small business’s emails, you will head off a lot of issues before they even come to pass. Get employees on board and reward them for assisting in developing an environment where information is secure. Together, it’s possible to keep employee, customer, and business data safe—one email at a time.

Reference: Microsoft Office Blog: http://blogs.office.com/2015/05/12/the-small-businesss-guide-to-secure-email/

New “Groups” Launching in Office 365 for Improved Enterprise Collaboration

This past week, I was presenting the ‘Modern Office’ and the collection of Office 365 applications from Microsoft to a CIO and his senior team commented on the challenge of introducing so many applications, especially Yammer, Lync, and SharePoint on top of email, OneDrive, and new Office 2013. Too many disconnected tools!

It is great news that the new ‘Groups’ solution is launching to all Office 365 users starting today for early release subscribers and will continue with general availability by the end of 2014. It is a place for ad hoc teams to collaborate through email, calendars, files and conversations in one place. For everyone who has hesitated to roll out Yammer, this is a great way to get started on enterprise social collaboration.

Public and private groups are possible and you may include participants outside of your organization. Conversations come back to your inbox so everything can be done in Outlook or through the Group site on Office 365 Web Access.  A Group calendar can be created and synced automatically to your personal calendar. All files are stored in the OneDrive for Business workplace. Search is again a powerful productivity tool for group members to find information fast.

Unfortunately, this initial release is via the Outlook or Office 365 WEB APP only. Exciting news is that Lync and Yammer will be added to the equation soon, and many more features are coming in 2015.

  • Note for IT Teams: you can impose access request controls for external sharing and you can manage Group membership in the Office 365 Admin center
  • Some sample screen shots enclosed below where we started a small conversation about event we are holding on Tuesday- sharing links, photos, presentations, etc. with automatic emails to the team.
  • Enclosing links to additional support and instructions about Groups that you can post on your SharePoint Intranet
  • Great comparison chart describing the differences between Groups, Distribution Lists, Site Mailboxes, Shared Mailbox and Public Folders
  • As always, please let us know if we can assist you with Office 365 administration, training or support!

Office 365 Groups Page 1 Office 365 Groups Page 3 Office 365 Groups Page 2

—————————————————————————————————————————————————————-

Find help about groups in Office 365

A group is a shared workspace for email, conversations, files, and calendar events where group members can conveniently collaborate and quickly get stuff done. To learn how to use and manage groups to be even more productive, check out the topics below.

Getting started

Using groups day-to-day

Managing groups

—————————————————————————————————————————————————————–

Collaboration in Office 365

Office 365 encourages collaboration through Groups, distribution lists (also called distribution groups), site mailboxes, shared mailboxes, and public folders. Each of these options has a different purpose, user experience, and feature set. What to use depends on what the user needs to do and which tools your organization provides.

Summary of collaboration options

This table explains the various collaboration options available to you with Office 365.

Collaboration tool Description
Group A shared workspace that works across all applications in Office 365. Includes a shared inbox, calendar, and OneDrive for Business site for storing files. Users can create, find, and join Groups right from their email or calendar. Users need both a OneDrive for Business license and an Exchange Online license to participate in Groups.
Distribution list (also called distribution group) Used to distribute email messages to two or more people at the same time. Distribution groups are also known as mail-enabled distribution groups. A variant of the distribution group, called the dynamic distribution group, is a mail-enabled Active Directory group object used to send email to a large and evolving group of recipients. The exact recipients are determined by filters and conditions that you specify, such as all members of a particular locale or all full-time employees.
Site mailbox Includes SharePoint Online site membership (owners and members), shared storage through an Exchange mailbox for email messages, and a SharePoint Online site to store and share documents. A site mailbox brings Exchange email and SharePoint documents together. A site mailbox serves as a central filing cabinet for the project, providing a place to file project email and documents that can be accessed and edited only by site members. In addition, site mailboxes have a specified lifecycle and are optimized to be used for projects that have set start and end dates.
Shared mailbox A mailbox for select users to read and send email messages and share a common calendar. Shared mailboxes also can serve as a generic email address (such as info@contoso.com or sales@contoso.com) that customers can use to inquire about your company. When the Send As permission is enabled on the shared mailbox, email sent from the mailbox will use the generic address (e.g., sales@contoso.com).
Public folder Designed for shared access, pubic folders provide an easy and effective way to collect, organize, and share information with other people in your organization. Public folders organize content in a deep hierarchy that’s easy to browse and always visible in the Outlook folder view. A public folder can be mail-enabled and added as a member of the distribution group. Email sent to the distribution group is automatically added to the public folder for archiving or later reference. Public folders also provide simple document sharing when you don’t have a SharePoint Online subscription.

Which collaboration tool to use?

The following table gives you a quick glance at the various types of groups and explains when and how to use them with the various collaboration features of Office 365.

Groups Distribution lists Site mailboxes Shared mailboxes Public folders
Who uses? Users who want a collaboration workspace for their group messages, files, and calendar that is integrated with the Office 365 services they already use (Outlook Web App, OneDrive for Business) Users who need to send email to a group of recipients with a common interest or characteristic. Users who work together on a specific project with definitive start and end dates. Project documents are stored on a SharePoint Online site and team members send and receive project-related email via the site mailbox. Delegates working on behalf of a virtual identity, such as support@contoso.com. Delgates can respond to email as that shared mailbox identity. With the proper permissions, everyone in your organization can access and search public folders. They are ideal for email archiving or for sharing documents.
Ideal group size Any Large Small Small Large
Access Exchange Online and Office 365 users For distribution groups, members, must be manually added. For dynamic distribution groups, members are added based on filtering criteria. Site mailbox owners and members Users can be granted Full Access and/or Send As permissions. If granted Full Access permissions, users must also add the shared mailbox to their Outlook profile to access the shared mailbox. Accessible by anyone in your organization
Shared calendar? Yes No No Yes Yes
Email arrives in user’s personal Inbox? No. Users can subscribe to a group and then forward all Group messages to their inbox Yes. Email arrives in the inbox of all distribution group members. No. Email arrives in the site mailbox. No. Email arrives in the Inbox of the shared mailbox. No. Email arrives in the public folder.
Supported clients
  • Outlook 2013 (forward after subscribing)
  • Outlook Web App
  • Outlook 2010 (forward after subscribing)
  • Outlook 2007 (forward after subscribing)
  • Outlook 2013
  • Outlook Web App
  • Outlook 2010
  • Outlook 2007
  • Outlook 2013
  • SharePoint Online
  • Outlook 2013
  • Outlook Web App
  • Outlook 2010
  • Outlook 2007
  • Outlook 2013
  • Outlook Web App
  • Outlook 2010
  • Outlook 2007

Build real world solutions on the SharePoint platform with OnePlaceMail R6.6

Build real world solutions on the SharePoint platform with OnePlaceMail R6.6

Build real world solutions on the SharePoint platform with OnePlaceMail R6.6

Building on the well-received capabilities of Release 6.5, further enhancements have been made to the new Outlook Style experience for SharePoint. Significant enhancements such as;

  • filtering locations on the navigation tree
  • search for locations when saving
  • create document sets/folders without leaving Outlook

are some of the new capabilities enabling the creation of engaging business solution on the SharePoint platform.

Get started in less than 3 minutes

OnePlaceMail Release 6.6 is now available for download in the feature rich Enterprise edition and the free Express edition (limited features).  Contact us oneplacemail@atidan.com for FREE EDITION or FREE ENTERPRISE TRIAL

Navigation tree filter and search

Access SharePoint locations, favorites and document sets from many places within the OnePlaceMail solution.  This and the navigation tree is consistent across Outlook, Windows Explorer, and Office applications.

scr-nav-tree-search-filter-sml

Filter locations with type-ahead inside the navigation tree

Search for a location within the navigation tree

 

Document sets and folders

Allow end users to efficiently work with SharePoint from within their familiar business applications.

scr-doc-set-sml

New document sets

Document set enhancements

 

SharePoint list items

When saving emails, email attachments, files and documents from office applications, OnePlaceMail allows the completion of SharePoint columns. The columns presented are based on the configuration of your SharePoint content Types and/or destination library/list.

scr-sp-list-new-item-sml

 

 

 

 

 

 

 

Other highlights include

  • Support for custom (tokenized) file naming formats when saving email to SharePoint
  • Support for automatic capture of SMTP addresses from email

  Contact us at oneplacemail@atidan.com for FREE EDITION or FREE ENTERPRISE TRIAL

Turn Yammer On and Collaborate Confidently – Webinar Wednesday February 19, 2014 at 1:30PM Eastern – Archiving and compliance with Smarsh and Atidan

Join Atidan and Smarsh on Februrary 19th at 1:30PM Eastern where we will demonstrate archiving and compliance for Microsoft’s Yammer social networking platform.  Register here: http://goo.gl/Ojstvh

Many organizations would like to take advantage of the increased cross-department collaboration and employee engagement that Yammer brings, but risk management considerations have loomed as too large of an adoption barrier.Image

Smarsh Archiving & Compliance for Yammer enables organizations to capture, preserve, search, supervise and produce Yammer files and communications in support of e-discovery, compliance and record keeping initiatives. Now organizations can have compliance peace of mind while their employees use Yammer to collaborate, be more productive and update the people, projects and files that they’re working with every day.

Within the Web-based Smarsh Management Console, administrators can search, supervise and produce their organization’s Yammer content alongside other message types, including email, instant messaging and social media. Organizations can also extend the power of the Smarsh proprietary classification and review engine, the Virtual Compliance Officer, to their Yammer archive. Whether it’s streamlining and customizing review processes, focusing search results on the messages that matter most, or automating the classification of communication with custom tags, the VCO offers unmatched efficiency in message review.

At the conclusion of our demonstration, we will describe how Smarsh’s platform can archive and search all electronic message types, including email, instant messaging and social media, in one consolidated destination.

All registrations will be entered to win free copies of Windows 8 and Office 2013!

Contact us at smarsh@atidan.com for additional information about our archiving and compliance solutions!

Image

 

Capture 

Yammer communications, including updates, comments, files, and private messages are captured.

  • Comprehensive capture | Smarsh also captures associated metadata, providing greater context around message activity.
  • Support for attachments and versioning | Smarsh archives Yammer attachments and files, including all versions.

Preserve 

Yammer communication is preserved on non-erasable, non-rewriteable media in its native, unaltered format to meet recordkeeping and compliance obligations.

  • Global access | Messages and attachments are always readily accessible via the Web-based Smarsh Management Console.
  • Redundant data centers | Messages are preserved in the redundant, geographically-dispersed Smarsh data centers and saved to WORM (write once, read many) optical storage.
  • Retention policies | Messages are retained in accordance with client retention policies (and active legal holds).

Search

Administrators can search across their Yammer archive based on virtually any criteria, either ad-hoc or on a consistent, systematic basis.

  • Robust field search | Search across all Yammer communications and review entire threads of messages for the context of posts, comments and files.
  • Saved searches | Save search criteria and repeat searches for convenience, consistency and evidence of policy enforcement.
  • E-discovery searches | Run robust ad-hoc discovery searches for one-time instances.
  • Support for multiple lexicon lists | Clients can customize company-approved lexicons of keywords/phrases for search and/or start with a default list provided by Smarsh.

Supervise 

Customize your organization’s supervision experience for optimal efficiency in message review and effectiveness in identifying and mitigating risk. 

  • Hierarchy structure | Permission-based review hierarchy can be configured to model the review structure of your organization. Administrators can assign message supervision roles/authorities to specific users and groups, and grant the appropriate level of access/functionality to them. Smarsh can grant temporary permissions or access to compliance consultants, outside legal counsel or other individuals.
  • Run saved searches | Execute review procedures with regularly scheduled saved searches.
  • Flexible search options |Match search type (random percent, risk score, keywords or phrases) to risk profile.
  • Contextual review | Track the entire thread of each message with comments from multiple individuals, giving a conversation context during review.
  • Full audit review | Every administrator session and action taken throughout the entire lifecycle of a message is documented within the Smarsh Management Console.
  • Take action on messages | Reviewers have the ability to annotate, flag, open/close or escalate messages. All actions are logged and the subsequent metadata is indexed and searchable.
  • Reporting Center | Produce analytics reports on Yammer usage, system audit history and message archive data. Demonstrate policy enforcement and ensure accountability among multiple managers responsible for message review. Reports can be customized.

Produce 

Administrators can retrieve and produce as many messages as necessary, in original form, on demand. Apply policies and export only the necessary data in multiple formats securely and directly to outside counsel, regulatory examiners or third-party e-discovery systems during litigation or e-discovery events.

  • Production options | Yammer data can be securely downloaded to a PC or encrypted and saved to a portable media device. This can be utilized for real-time access to data during an investigation or examination, or to restore data for disaster recovery purposes.
  • Flexible e-discovery export | Export message data in popular e-discovery vendor “load file” formats (and the Electronic Discovery Reference Model (EDRM) XML Interchange Format Schema) and transfer it directly to document review and processing systems.
  • Monthly DVD service | As part of its service package, Smarsh delivers monthly copies of client data via encrypted DVD.

We Archive Everything

Archive and search all electronic message types, including email, instant messaging and social media, in one consolidated destination.

Microsoft Exchange Hosted Encryption for Office 365

  • Atidan is pleased to offer Exchange Hosted Encryption for Office 365 as an add-on service
  • Deliver confidential business communications safely, letting users send and receive encrypted email directly from their desktops as easily as regular email. Email can be encrypted without complex hardware and software to purchase, configure, or maintain, which helps to minimize capital investment, free up IT resources, and mitigate messaging risks.

    Secure and reliable

    Exchange Hosted Encryption provides advanced security and reliability to help protect your information.
    • Send encrypted email messages to anyone, regardless of the recipient’s system configuration.
    • Provide strong, automated encryption with a cost-effective infrastructure.
    • Eliminate the need for certificates and use a recipient’s email address as the public key.
    • Communication through a TLS-enabled network further enhances message security.

    Stay in control

    With Exchange Hosted Encryption, you can keep your data safe, while maintaining control over your environment.
    • Protect sensitive information and data leaving your gateway consistently and automatically.
    • Policy-based encryption encrypts messages at the gateway based on policy rules.
    • Help manage compliance with security and privacy requirements such as HIPAA and GLBA.
    • Integrate with existing email infrastructure for minimal up-front capital investment.

    Easy to use and maintain

    It’s easier than ever to protect your organization’s email.
    Diagram of how encryption works
    Diagram of how encryption works Hover to enlarge image
    • Encrypted email delivered directly to recipients’ inbox and not to a Web service.
    • Email decrypted and read with confidence, without installing client software.
    • A managed key server eliminates the need for certificate maintenance.
    • Encryption process is transparent to the sender, who does not need to do anything other than write and send the message as usual.

    How to Buy Exchange Hosted Encryption

    Please contact us for a customized quote at office365@atidan.com

OnePlaceMail R6.5 delivers SharePoint access within a familiar Microsoft Outlook style interface

OnePlaceMail is an amazing productivity tool for SharePoint – please contact Atidan for a free trial and special offers!  oneplacemail@atidan.com

Written by James Fox, Posted in OnePlaceMail

Intuitive, efficient access to SharePoint

OnePlaceMail Release 6.5 combines the familiarity of the Microsoft Outlook experience (such as email and document preview) with the strength of SharePoint views; including columns, grouping, sorting and filtering of content.

End user productivity is significantly increased through efficient access to SharePoint content and minimal change in the Microsoft Outlook user experience which improves the adoption of your SharePoint solutions.

scr-outlook-style-interface-sml

SharePoint views within Outlook

SharePoint views within Outlook

OnePlaceMail’s ‘Outlook style interface’ provides access to both SharePoint public and private views for the selected location

Document and email previews

Document and email previews

Microsoft Office Web Apps Server email and document previews (where available) and performace controls for local previews.

 

Search, preview and access SharePoint

Search within the ‘Outlook style interface’ and view previews of select results.

Access items in SharePoint:

User actions for greater productivity

User Actions for greater productivity

Increase productivity with actions to copy and email links or attach content from SharePoint: