Veeam Cybersecurity Poll

I use Veeam back up software for Microsoft 365 backups. It is an excellent, efficient, and effective backup program. It is used specifically for team SharePoint sites, user mailboxes, and user OneDrives (‘My-SharePoint’). I installed the needed Veeam modules on a standalone Azure virtual machine which communicates to our related cloud services. Although this article is very useful, the headline is a bit misleading. 76% of organizations have not admitted to paying ransomware to criminals so they could recoup locked data. But 76% of organizations affected by ransomware did pay ransomware to hackers. Per Veeam’s survey: (we) “surveyed 1,000 IT leaders whose organizations had been successfully attacked by ransomware at least once during the past 12 months”. So, of those hacked, 76% had made some payouts. This is all very good information.

A very important additional piece of information is that 19% of those affected by ransomware (in this survey) did not need to pay any ransomware because … they had proper and secured backups. This, of course, is the objective. Ransomware breaches are failures in the penetration sense. But at least a proper organizational backup strategy can remedy any data loss. Once backup data is retrieved and restored, security breaches can be investigated, analyzed, and fixed.

Cybersecurity Research: 76% of Organizations Admit to Paying Ransomware Criminals, with One-Third Still Unable to Recover Data (veeam.com)

Office 365 soon to be Microsoft 365

On Tuesday, April 21, 2020 Microsoft’s premier Software as a Service (SaaS) offering officially becomes Microsoft 365. It is a very interesting change, considering how incredibly popular Office 365 is. There must be some high-level branding change going on in Redmond, Washington. Regardless, it will be … Microsoft 365. I am sure people will be calling it “Office” or “Office 365” for years to come!

Outlook Sweep For a Tidy Inbox

The Outlook “Sweep” function is your friend. Do you get bundles of emails from the same business, organization, vendor etc.? Do they add up over time to mountains of mostly meaningless information? Me too! Although one can argue that Outlook can be a receptacle for endless amounts of email, I prefer a neater, tidy Inbox. Some of this is simply a reflection of my personality. But I have noticed times when searching for an actual IMPORTANT email can get challenging due to the high volume of needless emails blurring the search results.

Again, the Outlook Sweep tool is NOT intended for important emails. But when I get endless coupons from CVS, Walmart or never ending political or fundraising email solicitations, it is time to train my Outlook to dispose of these emails after a certain amount of time. In this example, I decided to move Wells Fargo bank emails of a certain sort [wellsfargo@connect.wellsfargoemail.com] – they tend to be Marketing oriented with a sprinkling of services or feature enhancements etc. The emails may be useful occasionally, but not mission critical in my life. So, I do not quite want to unsubscribe completely [again, there MAY be a useful tidbit every now and then] but I certainly do not need these emails hanging around for years!

This is for the personal, free Microsoft Outlook. In the Inbox, I just select the email in question, choose Sweep, then send to Deleted, but only after 10 days. There are several options, but this is the one I like. If I have not checked the email within 10 days, then I do not need it. Use carefully, be sure NOT to use this with important emails.

Microsoft 365 Zero Standing Access with Customer Lockbox

I am studying for one of the Microsoft 365 Certifications. I am using the free “Microsoft Learn”* offerings or paths. They are excellent. I already went through the “Azure Fundamentals” and passed that exam. But now I want to work on some Microsoft 365 or “M365” certification [Office 365, but with EMS – “Enterprise Mobility and Security”].

In Unit 5 of the Compliance Module, Microsoft points out that the most dangerous attack vector is compromised credentials. One way to fight this is with “Zero Standing Access”: it is a “users don’t get permissions by default” approach to data access within their Office 365 space. If they need access, there is a request process available. This needs to be set up accordingly. I absolutely love this.

M365 Zero Standing Access
Zero Standing Access

They also apply this concept to their Data Centers, by way of “Lockbox Workflow”. The point is that not everyone and anyone can simply open a file, or (in the case of a Microsoft Data Center) walk on into a tenant space and ‘look around’. They have safeguards to stop that and help customers get more organized around the matter of access and data security. IT and Auditors especially love this.

M365 Customer Lockbox
Lockbox

* Microsoft Docs, Microsoft Learn

New Thinking On Password Changes

I really like this way of thinking outside the box! Some of the old, and current, concepts on password complexity, length, history etc. are being revised. There is some new thinking on the matter, based mainly on trends and analytics Microsoft has done via millions of hack attempts on Azure based resources.

New Microsoft recommendations:

  • “Maintain an 8-character minimum length requirement (and longer is not necessarily better).
  • Eliminate character-composition requirements.
  • Eliminate mandatory periodic password resets for user accounts.
  • Ban common passwords, to keep the most vulnerable passwords out of your system.
  • Educate your users not to re-use their password for non-work-related purposes.
  • Enforce registration for multi-factor authentication.
  • Enable risk based multi-factor authentication challenges.”

Read it here 

LinkedIn Integration with Office Applications

Now that the Microsoft ‘LinkedIn’ purchase is completed, Microsoft is aggressively pursuing more relevant and very forward-thinking usage of all its applications in the SaaS [Office 365] world.

Nutshell: lots of resume / job searching /social profile types of integration between ‘LinkedIn’ and Office applications.

“With its $26 billion acquisition of LinkedIn getting the thumbs up from EU regulators, Microsoft is wasting no time in integrating the social platform with its productivity software.

The goal — as described by the tech giant’s CEO Satya Nadella — is to utilize LinkedIn’s networking and learning resources to help people “develop new skills online, find new jobs, and easily connect and collaborate.” “

Read it here

Samsung Galaxy S6 and Microsoft Office Apps

When worlds collide, and even … coexist.

“This might sound surprising but Samsung Galaxy S6 will be packed with Microsoft Office (free Office 365 subscription), OneDrive, OneNote and Skype. These probably aren’t the only ones to be included, but are mentioned in the report.”

It’s not a report, it is a fact by now, but it shows that this report was accurate. Microsoft Office is indeed included. Microsoft has been very aggressive with getting Office installed on various non Microsoft tablets and OS’s.

Read up on it