Happy New Year 2017

187567849

2016 was an exciting year for Alt-N Technologies as it marked the 20th anniversary of the MDaemon email server for Windows and our ongoing efforts to bring affordable, secure, and reliable email and email security software to the small-to-medium business segment. And as many of you know, a lot has changed in the last 20 years. One thing that hasn’t changed over the years is the ongoing threat of people trying to use email as the primary method to attack an organization or steal personal information.

Like any form of communication, it can be used for good or bad. Unfortunately, when email was initially developed, its creators didn’t anticipate the ways bad actors would exploit the technology through methods like phishing, hacking, and launching disabling applications like ransomware, Trojans, etc.

On this front, Alt-N will continue its efforts to improve the security and privacy of email with features like the ones we added in 2016, such as two-factor authentication, client and server-side encryption, and others.

2016 also reflected changes the industry continues to see in the area of deployment options. We saw some resellers and customers turning over the management of their email to MSPs (Managed Service Provider) or other third-party providers. The driver for this behavior varied by customer and industry but can be summarized by the desire to move hardware and software costs from capital expenditures (CAPex) to operational expenditures (OPex), with pros and cons to each approach. Alt-N worked with many existing and new channel partners to see MDaemon Private Cloud hosted email services introduced into new markets like Africa, Asia Pacific, and Latin America with continued growth in existing markets like North America and Europe.

With regards to hosted email services, we also received growing requests from direct customers asking Alt-N to manage their email. In response, Alt-N launched its own service using the MDaemon Private Cloud version of the software by introducing WorldClient Private Email for Business. With this new service offer, we have been able to meet the needs of direct customers who want us to manage their email, such as a 600-user customer who chose our service and support after having a large Office365 reseller attempt to convert them away from MDaemon!

For 2017, we will look for sales growth in new and emerging markets while working hard to earn and retain the loyalty and support of our existing customers. We will continue our efforts to add valuable features to MDaemon and SecurityGateway for Email Servers as those products remain the focus of our development efforts. We will be working on improving features that support cloud-based deployments while keeping a close eye on the needs of customers who want the control of on-premise and hybrid environments. And we will continue to look for new ways to enhance and bring value through our partnerships with complimentary vendors like MailStore, as well as seek out new technologies and vendors to make integration with our software simple and easy to use.

As we begin 2017, we want to express our sincere gratitude to those customers and channel partners who have helped Alt-N Technologies grow these past 20 years. We also look forward to earning the business of new customers and partners as we work toward a successful 2017.

As always, we invite you to tell us what you think by sending us your feedback. You can reach me directly at kevin(dot)beatty(at)altn(dot)com.

Happy New Year,

Kevin

 

 

 

Kevin Beatty
VP, Marketing & Business Development

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Beware of New Amazon.com Phishing Scam

Scam AlertThe holidays are upon us, and with all of the giving and sharing come scams aimed at exploiting human nature and stealing our personal information, such as names, addresses and credit card numbers. This year, the scammers are at it again, with a phishing scam designed to look like an email from Amazon.com claiming that there is a problem processing your order. The scam asks you to click on a link to verify your personal information. A good example of this scam email is described on the AARP blog.

As a reminder, here are a few tips to avoid falling victim to phishing scams.

  • Never click on unfamiliar or suspicious links. If a link claims to refer to a familiar website, then manually enter the web address in the address bar.
  • Hover your mouse over images & links to review the URL they refer to.
  • Beware of “Unsubscribe” links in phishing emails. When clicked, these links can let the spammer know that your address is valid, which often leads to more spam.
  • Never reply to spam or unsolicited messages.

For more tips on how to avoid these & other scams, click here to review our post on protecting your email privacy, and stay safe this holiday season!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Are you doing enough to protect your email privacy?

Email PrivacyFor many of us, email has become our primary method of communication in both our business and personal lives. An email address, however, is often used for many more purposes than simply sending electronic messages. Many of us use our email address to log into social networking sites, utility and credit card sites, banking sites, and much more.

Your email account is often the gateway to your personal life, and thus, is a valuable target for hackers. John McAfee said, “Email accounts are the fundamental identifying elements of the internet. The assumption is that if a person has access to an email account then that is the real person. Yet these accounts are the easiest elements of the digital world to hack into.” According to a recent ZDNet study, with a single phishing email, about 45% of all recipients submitted their full login credentials. Another study by Intel found that 97% of all computer users could not identify all 10 out of 10 phishing emails.

Hackers have a variety of tools at their disposal, from sophisticated spear-phishing to malicious documents to social engineering tricks, so are you doing enough to protect your email privacy?

Follow these 8 best practices to help ensure that your email communications are kept private.

Use strong passwords

A strong password that is not easily guessed should contain a combination of upper and lower-case letters, numbers, and symbols. Never use a password that can be easily guessed, and never use any of the passwords listed on the “most popular and therefore worst” passwords list. MDaemon includes tools that allow administrators to enforce strong password policies. See this blog post for more information.

Spammers know that many people use the same password across multiple sites and services. Therefore, you should be using a different password for each site.

Never click on suspicious links

Spammers have gotten very creative at making spam email messages look legitimate, using HTML and images that, when clicked, lead to fake websites designed to collect your personal information or to deliver malware, including keyloggers designed to capture everything you type, and ransomware, therefore, never click on links in an email message unless you’re absolutely sure you have verified and trust the sender.

Many phishing messages contain images such as logos that look legitimate, but, when clicked, lead to malicious sites. If you hover your mouse over a link, you can often see the destination URL, which often does not match the word or image associated with it.

If you see an “unsubscribe” link, don’t click on it! This would only serve to let the spammer know your address is valid and, more importantly, these links are easily forged and could lead to malware infections.

If you are prompted to click on a link that appears to point to a legitimate site that you know and trust, it is better to manually type the URL into your browser than to click on a link that has not been verified.

Never reply to spam or unsolicited email messages

Spam can be a very annoying nuisance, so as humans, we may let our emotions get the best of us and reply to a spam message with “Please take me off your email list” or “Quit spamming me!” There are two problems with replying to spam. First, many spam messages come from forged addresses, so the spammer is unlikely to receive your message. Second, replying can let the spammer know your address is legitimate, which may lead to even more spam.

Don’t post your email address in blog posts, online comments, or social media

Scammers often scrub social media sites for email address that they can exploit, so if you must post an email address to one of these sites, mask the address by adding spaces or spelling out (at) instead of using the @ symbol.

Use Encryption

Email messages, by default, are transmitted in plain-text. This can potentially open them up to interception by a nefarious third-party. While SSL & TLS are used to encrypt the connection between mail clients and mail servers, it is good practice to encrypt the email message itself. Encryption protects sensitive data by converting plain-text to cipher text. This cipher text can only be decrypted using the proper private encryption key.

MDaemon has options for encrypting connections using SSL & TLS, as well as server-side and client-side encryption options using Virtru and OpenPGP. A couple of months ago, I wrote a blog post about these options. Click here to read about MDaemon’s encryption options.

Use Two-Factor Authentication

Passwords alone are often not enough to protect your data against increasingly sophisticated attacks. With two-factor authentication, users must provide a password and a unique verification code that is obtained via a client that supports Google Authenticator (available in the Google Play store). This blog post contains more information on how to use two-factor authentication with MDaemon and WorldClient.

Know the risks of using public Wi-Fi

Public Wi-Fi provides a convenient way to access the internet while on the go, but if you’re not careful, it may come at a great price. Unsecured Wi-Fi hotspots are prime targets for hackers, who are often able to position themselves between you and the internet connection, allowing them to intercept every bit of information you transmit. Hackers can also use unsecured Wi-Fi hotspots to distribute malware. If you have file sharing enabled, you are especially vulnerable.  To reduce risk, make sure any Wi-Fi hotspot you connect to is secured and from a reputable source that you trust. If you must connect to a public hotspot, it is good practice to use a VPN to ensure that transmitted data is encrypted.

Lock your computer when away from your desk

This may sound like a given, but an unattended computer that has not been locked allows anyone access to your information.  You might not consider this a big issue if you work for a small business, but if you work in an industry with privacy regulations, such as health care or financial institutions, or if you store sensitive company information such as revenue or other confidential information, leaving your computer unlocked could have serious consequences, including loss of job, damaged company reputation, or even legal problems.

Conclusion

Whether your primary interest is protecting company information or your own personal data, email privacy is everyone’s responsibility, and often, the weakest point of entry into a treasure trove of sensitive data is a negligent or uninformed user. Don’t let that user be you. Use these tips to stay ahead of the bad guys!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Using DKIM, SPF & DMARC to Protect your Brand and Customers from Spear Phishing

Introduction

Scammers use a variety of tactics to get users to give out personal information. One very common tactic is known as phishing. Phishing is a scam where tech-savvy con artists use spam and malicious websites to deliver malware, or to trick people into giving them personal information such as social security numbers, bank account numbers, and credit card information. A more targeted (and often more dangerous) type of phishing is known as spear phishing.

What is Spear Phishing?

Spear phishing is a targeted attack that’s usually addressed to a specific individual. With spear phishing, the perpetrator knows something personal about you. He may know your name, email address, or the name of a friend, or he may have information about a recent online purchase you made. While most phishing emails will have a generic greeting such as “Dear Sir or Madam,” a spear phishing email may address you by name, such as “Hello John.” It may also appear to come from someone you know.

According to Allen Paller, director of research at the SANS Institute, 95% of all attacks on enterprise networks are the result of spear phishing attacks. Earlier this year, Symantec issued a warning about an ongoing spear phishing attack targeting small and midsize businesses in the United States, India, and the UK that infects users with a remote access Trojan (RAT). A RAT gives an attacker remote access to a machine & can lead to disclosure of sensitive information and financial losses. Based on campaigns run by Symantec’s Phishing Readiness technology, on average, employees are susceptible to email-based attacks 18 percent of the time.

How can You Protect Yourself & Your Business?

Protecting your company from spear phishing attacks is the responsibility of employees as well as the mail server administrator. For employees, user education is key. This post contains helpful email safety tips for end users. For the administrator, implementing DKIM, SPF and DMARC can help reduce data breaches, financial losses, and other threats to your business. These three methods are described in greater detail below.

How DKIM Works

DKIM (DomainKeys Identified Mail) is a cryptographic email verification system that can be used to prevent spoofing. It can also be used to ensure message integrity, or to ensure that the message has not been altered between the time it left the sending mail server and the time it arrived at yours. Here’s how DKIM works:

  • An encrypted public key is published to the sending server’s DNS records.
  • Each outgoing message is signed by the server using the corresponding encrypted private key.
  • For incoming messages, when the receiving server sees that a message has been signed by DKIM, it will retrieve the public key from the sending server’s DNS records and then compare that key with the message’s cryptographic signature to determine its validity.
  • If the incoming message cannot be verified then the receiving server knows it contains a spoofed address or has been tampered with or changed. A failed message can then be rejected, or it can be accepted but have its spam score adjusted.

You can refer to the following knowledge base article for DKIM setup instructions in MDaemon:

How to enable DKIM signing and configure records

You can refer to this knowledge base article for DKIM setup instructions in SecurityGateway:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=496

How SPF Works

Another technique to help prevent spoofing is known as SPF. SPF (Sender Policy Framework) allows domain owners to publish DNS records (SPF records) to identify those locations authorized to send messages for their domain. By performing an SPF lookup on incoming messages, you can attempt to determine whether or not the sending server is permitted to deliver mail for the purported sending domain, and consequently determine whether or not the sender’s address may have been forged or spoofed.

MDaemon’s SPF settings are located under Security | Security Settings | Sender Authentication | SPF Verification. This screenshot displays the recommended settings.

SPF Settings in MDaemon
Recommended Sender Policy Framework Settings

Recommended SPF settings for SecurityGateway are outlined in this knowledge base article:

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=497

These are the recommended settings for verifying SPF records of other domains. To help protect against spear phishing attacks that spoof your own domain, you should set up an SPF record in DNS. You can find helpful information on SPF record syntax and deployment at www.openspf.org.

DMARC (Domain-Based Message Authentication, Reporting & Conformance)

When a message fails DKIM or SPF, it is up to the receiving mail server’s administrator as to how to handle the message. The problem with this is that if DKIM or SPF is not set up properly, it can lead to problems. DMARC (Domain-based Message Authentication, Reporting and Conformance) takes out the guesswork on how to handle messages from a domain that are not properly aligned with DKIM or SPF.

DMARC defines a scalable mechanism by which a mail sender can express, using DNS records (DMARC records), domain level policies governing how messages claiming to come from his or her domain should be handled when they do not fully align with DKIM and SPF lookup results. In other words, if you perform SPF, DKIM and DMARC record lookups on a message claiming to come from my domain (example.com), and it does not align with SPF, DKIM, or both, my DMARC record can tell you how I want you to handle messages that are unaligned with SPF & DKIM. My DMARC record can specify whether I want you to accept, quarantine, or reject unaligned messages, and I can even go a step further and specify what percentage of unaligned messages I want you to reject or quarantine based on my policy preferences. This is useful when first deploying DMARC, as it allows you to be more lenient with rejection of unaligned messages until you’re sure DKIM & SPF are configured properly.

You can view the following recorded webinar for a more in-depth overview of DMARC, including examples and syntax of DMARC records and deployment strategy.

https://youtu.be/vrMMKmxCmqs?list=PLt-aAHf-ocsYYmpXFABce39b_CgJXXubp

This knowledge base article will also be useful:

How to Enable DMARC and Configure Records

Conclusion

While we must be vigilant against spoofing and phishing attacks, we must also acknowledge that cautious, informed users and properly implemented SPF, DKIM and DMARC policies are the best defense against cybercriminals who are intent on stealing your data and damaging your brand.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SSL & TLS Best Practices

You may have heard the terms SSL and TLS, but do you know what they are and how they’re different?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are methods of securing (encrypting) the connection between a mail client and mail server (Outlook and MDaemon, for example) or between mail servers (MDaemon and another mail server, for example). They are also methods for securing communications between websites and your browser. In this post, we’ll focus on its uses for encrypting email connections.

Without SSL or TLS, data sent between mail clients and servers would be sent in plain text. This potentially opens up your business to theft of confidential information, credentials being stolen and accounts being used to send spam. SSL and TLS can be used to help protect that data. SSL and TLS allow users to securely transmit sensitive information such as social security numbers, credit card numbers, or medical information via email.

How do SSL and TLS work?

In order to use SSL or TLS, you’ll need an SSL certificate to establish an SSL/TLS connection. SSL certificates use a key pair (a public and private key) to establish a secure connection. When a mail client or server wants to connect to another server using SSL, an SSL connection is established using what’s known as an “SSL handshake.” During this process, three keys are used to establish an SSL connection – a public key, a private key, and a session key. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice-versa. Encryption via the public & private keys only takes place during the SSL handshake to create a symmetric session key. Once the secure connection is made, all transmitted data is encrypted with the session key.

This diagram provides a simplified overview of how an SSL connection is established.

How SSL & TLS workBoth SSL and TLS protect data privacy through data-in-motion encryption, provide server-side and (optionally) client-side encryption of the communication channel, and help ensure message integrity.

POP, IMAP and SMTP traffic are transmitted over designated ports. By default, IMAP uses port 143, POP uses port 110, and SMTP uses port 25. IMAP over SSL/TLS uses port 993. POP over SSL/TLS uses port 995, and SMTP over SSL/TLS uses port 465. For SSL to take place over these connection types, the mail client and mail server must both be configured to use the proper ports, and a valid SSL certificate must be installed on the server.

What are the Differences between SSL and TLS?

So what are the differences between SSL and TLS? TLS is the successor to SSL. It was introduced in 1999 as an upgrade to SSL 3.0, so TLS 1.0 is most similar to SSL 3.0 & is sometimes referred to as SSL 3.1, though TLS is not compatible with SSL 3.0. The version numbers for SSL are 1.0, 2.0 and 3.0, while TLS uses a different numbering pattern – 1.0, 1.1, 1.2.

Because TLS is incompatible with SSL 3.0, the client and server must agree on which protocol to use. This is accomplished via what’s known as a “handshake.” If TLS cannot be used, the connection may fall back to SSL 3.0.

Without getting too technical (there are plenty of online resources that explain the technical differences between SSL and TLS), here are some of the differences between SSL and TLS:

TLS has more alert descriptions – When a problem is encountered with an SSL or TLS connection, the party who encountered the problem would send an alert message.

SSL had the following 12 alert messages:

  • Close Notify
  • Unexpected Message
  • Bad Record MAC
  • Decompression Failure
  • Handshake Failure
  • No Certificate
  • Bad Certificate
  • Unsupported Certificate
  • Certificate Revoked
  • Certificate Expired
  • Certificate Unknown
  • Illegal Parameter

TLS has the following additional alert messages:

  • Decryption Failed
  • Record Overflow
  • Unknown CA (Certificate Authority)
  • Access Denied
  • Decode Error
  • Decrypt Error
  • Export Restriction
  • Protocol Version
  • Insufficient Security
  • Internal Error
  • User Canceled
  • No Renegotiation
  • Unsupported Extension
  • Certificate Unobtainable
  • Unrecognized Name
  • Bad Certificate Status Response
  • Bad Certificate Hash Value
  • Unknown PSK
  • No Application Protocol

TLS uses HMAC for message authentication – SSL verifies message integrity (to determine whether a message has been altered) using Message Authentication Codes (MACs) that use either MD5 or SHA. TLS, on the other hand, uses HMAC, allowing it to work with a wider variety of hash functions – not just MD5 and SHA.

TLS uses a different set of cipher suites.

A cipher suite is basically a combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate security settings for a network connection. More information can be found here: https://en.wikipedia.org/wiki/Cipher_suite

Why are SSL and TLS Important?

Businesses have a responsibility to protect financial data such as credit card information, and consumer records such as names, addresses, phone numbers, and medical information. Without some form of encryption, whether via an encrypted connection using SSL & TLS, or by encrypting the message itself using Virtru or OpenPGP, sensitive data may be vulnerable to hackers & other forms of unauthorized access.

Which method is recommended?

SSL 3.0 suffers from a well-known vulnerability called the POODLE vulnerability. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. Click here for a thorough overview of this vulnerability and recommended actions.  One workaround recommended in the overview is to completely disable the SSL 3.0 protocol on the mail client and server. This might not be practical, as it may affect legacy systems that are still using SSL 3.0.

We recommend using TLS whenever possible. TLS 1.2 is currently the best version for security, but it is not yet universally supported. TLS 1.1+ support was not added until Windows 7 and Server 2008 R2, in 2009.

The encryption protocol and cipher used by MDaemon and SecurityGateway depend on the operating system and can be configured via the registry. You can use the free IIS Crypto tool to set the appropriate registry keys. More information can be found here:
https://www.nartac.com/Products/IISCrypto

I hope this information helps clarify any questions about SSL and TLS, and which encryption method is recommended. As always, if you have questions or comments, let us know!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

New MDaemon Feature Helps Detect Spambots

Ever wonder why so much spam exists today? By some estimates, more than 100 billion spam messages are sent every day. This represents around 85 percent of global daily email traffic. Some of the most common types of spam messages include financial scams, phishing attempts, ransomware, and botnet malware. In this article, we focus primarily on botnets.

Spam is big business. The barriers to entry are low and the payoffs are high. If a spammer sends out 50,000 spam messages, but only a handful of users click on a link in one of these messages, the spammer’s efforts will likely have paid off.

A single spammer may not have the resources to send out a large-scale spam attack, however, a spammer’s job is made much easier by the use of botnets – networks of hundreds or even thousands of malware-infected computers (known as spambots) that can be remotely controlled over the internet.  Similar to legitimate cloud services such as Amazon’s AWS, a botnet-for-hire provides individuals with ample cloud-based resources to carry out large-scale spam campaigns with very little effort.

According to Spamhaus, the top five countries with the most spambots are India, Vietnam, China, Iran, and Brazil. As of May 23, 2016, India had close to 2 million spambots!

The botnet-for-hire industry is a growing industry that makes it easy for anyone to send out thousands of spam messages using the botnet as the attack vector.

In addition to sending out spam, botnets can be used to launch DDoS attacks by flooding a company with thousands of connections over a short period of time – in an effort to try to shut down a company’s network or to damage its reputation.

User education is likely the most important factor in preventing a computer from becoming a spambot. The following are a few guidelines that every email user should know by now.

  • Never open an email from an unknown source.
  • Never open an attachment from an unknown source.
  • Even if the sender appears to be someone you know, always verify – because spammers often forge the sender’s address.
  • Use anti-virus software on your local computer.
  • Learn how to recognize phishing
    • Messages that contain threats to shut your account down
    • Requests for personal information such as passwords or Social Security numbers
    • Words like “Urgent” – portraying a false sense of urgency
    • Forged email addresses
    • Poor writing or bad grammar
  • Don’t give your email address to sites you don’t trust.
  • Don’t post your email address to public websites or forums.
  • Understand that reputable businesses will never ask for personal information via email.

For more of these guidelines, see our blog posts – Email Safety Tips for End Users and Ransomware and Banking Trojans are Big Business.

Spambot Detection in MDaemon

The information provided above applies primarily to end users, but what actions can be taken by the mail server administrator to detect and prevent spambot activity? While MDaemon has many spam-fighting features, MDaemon 16 includes tools to detect spambot activity and block it from further communication with your server. This new feature is called Spambot Detection. Spambot Detection tracks the IP addresses that every return-path value (sender) uses over a period of time. If the same return-path is used by multiple IP addresses (more than can be expected from users switching between their computers and mobile devices) in a given timeframe, then it’s possible that this activity is being generated by a spambot. Of course, it’s also possible that this activity is completely legitimate. However, in some cases, tests have shown that this can be an effective tool at detecting a distributed spambot network as long as the same return-path is used in the spam messages. If a spambot is detected the connection is dropped and the return-path value is optionally blacklisted for a designated period of time.  You can also optionally blacklist all known spambot IPs for a designated period of time.

As with most MDaemon security features, various settings allow you to bypass Spambot Detection for mail from trusted sources. You can exempt specific IPs, senders, and recipients from Spambot Detection using the White list feature, and exempt connections from authenticated sessions or trusted IPs. Click on the Advanced buttons to view a list of return-paths or IPs that are currently blocked. If a return-path or IP is blocked by mistake, you can easily remove it from the list.

We demonstrate how to configure Spambot Detection in this tutorial video.

Spammers are always coming up with new ways to spam users. That’s why user education and a properly configured mail server are equally important in the war against spam.

Spambot Detection is one more tool in MDaemon’s arsenal of anti-spam and security features. When these features are enabled, MDaemon can help protect your users and your business from spam, phishing attempts, and malware. For more information on protecting your MDaemon server, check out our knowledge base article on recommended MDaemon security settings.

If you’re not yet an MDaemon user, and would like to take advantage of its robust security and anti-spam features, click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Thwart Hackers with Strong Password Policies

For spammers, the barriers to entry are very low and the potential payoffs are very high relative to the small amounts of effort required to send out lots of spam. Spammers typically look for the “low hanging fruit” of an email system, such as mail servers that are not configured to prevent relaying, or accounts with weak passwords. If a hacker manages to guess an account’s password, he can use that account to send out large amounts of unsolicited spam email messages. This can result in your server winding up on a blacklist. Additionally, if large amounts of spam are sent out before the issue is corrected, your business can suffer lost trust and a reduction in revenue.

MDaemon’s Account Hijack Detection feature can be used to disable the account once a specified number of messages have been sent from an authenticated session within a given period of time. But it would be better to not even let a hacker get that far. Having strong passwords that are difficult to guess would help prevent an account from being hijacked in the first place.

Today, we focus on the issue of weak passwords and how to thwart hackers by implementing strong password policies. These settings are located in MDaemon under the Accounts | Account Settings configuration screen. In today’s video tutorial, we demonstrate how to require strong passwords, how to force accounts with a weak password to change their password, and how to send a Weak Passwords report to a designated email address.

Email is one of the most valuable intellectual property assets a company can have. Protect your email by enacting strong security and password policies & keep the hackers out.

Click here to learn more about MDaemon and why many small-to-medium businesses have migrated to it from Microsoft Exchange Server, or click here to download your free trial!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

For Security & Privacy – Easy Email & Attachment Encryption with Virtru

Recently, I created a video and blog post about Virtru Email Encryption for MDaemon, to demonstrate its features, benefits, and ease of use. Following along with its ease of use, I’ve created the following animation to show you just how easy Virtru is to use. Simply enable Virtru support in WorldClient (MDaemon’s webmail client), enable the Virtru features by clicking on the small “V” button within the email compose window, and then click on “Send Encrypted.” It really is that simple!

Virtru Email and Attachment Encryption
It’s easy to encrypt email and attachments using Virtru

For a more thorough overview of Virtru’s features, please see this blog post, or click here to visit our main Virtru page.

Virtru (email and attachment encryption) is included with the MDaemon Messaging Server. Virtru Pro features include Message Revoke, Disable Forwarding, Set Message Expiration, and automatic encryption. Click here if you’d like to purchase Virtru Pro.

Want to learn more about the encryption features offered by MDaemon? Then click here to learn more!

Protect your business from unauthorized access to your important and confidential email messages. Download your free trial of MDaemon today!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

SecurityGateway 3.0.3 Has Been Released

Today, we released SecurityGateway 3.0.3. Here are some highlights on what’s new for this latest release.

  • Compressed archive files, such as .zip and .rar, can now be scanned for restricted attachments.
  • An option has been added which allows a global administrator to export all whitelists and blacklists to a CSV file.
  • Adobe Flash is no longer required to display traffic and mailbox charts.
  • Global administrators can now be automatically alerted when a new user is created.

There are many more new features and enhancements. For a complete list, click here to read the SecurityGateway release notes.

Want to learn more? Check out our recorded webinar for an overview of SecurityGateway.

Click here to download your free trial of SecurityGateway.

 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Keeping Email Private with Virtru Client-Side Encryption

Have you ever created an account on a website that you wouldn’t want others to know about, or made travel arrangements, purchased personal items, or set a doctor’s appointment online? If so, then it’s possible that sensitive information about you has been transmitted via email. If any of these situations apply to you, or if you just don’t want anyone to see the cat photos you sent as an email attachment to your neighbor, then you should be encrypting your email. If you send personal or financial information, it’s best to assume that at any given time, someone out there is trying to gain access to that information.

Many small businesses think data breaches only happen to large companies, however, no company is too small to protect itself from outside threats. In fact, many hackers know that smaller companies might be a bit more lax in their security practices, and thus target them more aggressively. This is why email security and encryption are so important.

Virtru recently wrote a blog titled “Four Enterprise Security Statistics that Might Scare You Straight.” Here are some interesting statistics cited in the article:

  • 87% of Senior Managers Upload Business Files to a Personal Email or Cloud Account
  • Email Malware Creation is up 26% Year Over Year, with 317 Million New Pieces of Malware Created in 2014
  • Hackers Targeted 5 out of 6 Large Companies Using Email Attacks Last Year — an Annual Increase of 40%
  • Cybercrime has a 1,425% ROI

So with the above statistics in mind, do we even need to ask why we need encryption? If these reasons aren’t convincing enough, consider these:

  • Firewalls, antivirus, and anti-spyware may provide good protection, but they may not be enough. If one of the above is breached, encryption helps keep data safe.
  • Encryption can help shield businesses and users from government surveillance or other unauthorized access.
  • When you need to send sensitive data, encryption helps keep this data away from unauthorized viewers.
  • Encryption helps companies stay in compliance with HIPAA, CJIS, FERPA, and other government regulations.
  • Encryption helps keep sensitive data out of the hands of criminals and competitors.
  • Encryption helps companies preserve data integrity and privacy policies.

Client-side vs. Server-Side Encryption

Now that we’ve discussed why encryption is important, let’s discuss Virtru and its benefits.

First, we need to make a distinction between client-side and server-side encryption. With client-side encryption, email messages and attachments are encrypted by the sending mail client, and remain encrypted until an authorized recipient opens the message. With server-side encryption, messages and attachments are encrypted on the mail server with no user interaction. MDaemon users can use Virtru to encrypt messages on the client, and MDaemon administrators can use PGP to encrypt messages as they pass through the mail server. In this blog post, we’re going to focus on the client-side Virtru encryption features. If you’d like to learn more about MDaemon’s server-side encryption options using OpenPGP, then check out this blog post & video.

What is Virtru?

Virtru is an easy to use email encryption service that lets you protect private information while using your existing email service.  Encryption converts plain text into gibberish (cipher text) that is unreadable to all except the intended recipient. Virtru offers end-to-end encryption, ensuring that only authorized parties can decrypt your content.

When you send messages with Virtru, your emails and files are locked using strong encryption. Only you and your recipients can decrypt your messages. Separation of content and encryption gives you an extra level of privacy.

Why use Virtru?

Virtru was designed for user privacy and ease of use. Virtru never has access to your passwords and does not store any of your email content on their servers; only the encryption keys. Virtru helps users avoid headaches by managing their encryption keys for them.

Users have two versions of Virtru to choose from. The free version provides encryption and decryption of email and attachments. The Pro version provides the same encryption and decryption features, plus the ability to set message expiration dates, revoke emails, and disable forwarding.

Want to learn more about Virtru? Then  check out the video below for a demonstration, or visit the Virtru page on our website. You can also try out Virtru’s features by downloading your free trial of MDaemon.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •