Why using the Zero Trust security model will make you a better MSP

Why using the Zero Trust security model will make you a better MSP

Cyber security has undergone constant changes, but I believe the greatest changes have come in the last few years. The rapid, widespread adoption of new cloud and IoT technologies have created many new attack surfaces. Security practices are only now catching up to these threats.

At the front of a new wave of security thinking is the Zero Trust Security (ZTS) model. I think that applying the principles of this model to secure networks is the best way for MSPs to serve their customers going forward.

Worried you missed a spot in your clients’ security? Take our security assessment and build your offering on the right foundation

Attacks are on the rise

IBM’s 2019 Cost of a Data Breach report clearly shows that attackers have the edge right now. In 2019 for the first time, a majority of all data breaches—51 percent—resulted from malicious or criminal attacks. This is a 3 percent increase from 2018 and an overall 21 percent increase since IBM first tracked this statistic in 2014. They note that nearly three-quarters of attacks succeeded by exploiting privileged credentials or identities.

Not only are more breaches than ever caused by directed attacks, but the attacks are going undetected for longer. Breach lifecycles—the time between when a breach occurs and when it is contained—jumped noticeably between 2018 and 2019. Average breach identification time in 2019 was 206 days, and the average time to contain a breach was 73 days. That is 279 days in total.

The 2018 average was 266 days, which means we saw a 4.9 percent increase in the average breach lifecycle in just one year. Clearly, traditional network security practices aren’t working, and attackers know it.

Why is this happening?

Network security has stuck to some principles from the early days of the Internet for too long. From the beginning, openness was encouraged in network design. This was a good way to enable collaboration and sharing, but it also enabled bad actors.

In the past, security has been strongest at network perimeters. Once users or processes were on a network, the default was trust. In the world of 2020, when remote users, overlapping multi-cloud environments, and the Internet of Things deepen the reach of networks, there are now functionally no more network perimeters—only assets that we need to protect individually. We need a new approach.

What is Zero Trust security?

ZTS shifts the focus away from where you are (on the network or at the perimeter) to who you are (your identity or individual device). This makes network-based interactions much easier to monitor and manage. As the name “Zero Trust” implies, every interaction with those resources must be challenged and authenticated.

A combination of technology and policy is needed to deploy a ZTS model effectively. Multi-factor authentication is one of the primary tools used to ensure legitimate access. Access management tools, encryption, network monitoring, file system permissions, and network micro-segmentation are also key tools.

As for policy, under ZTS user provisioning, access requests should be governed by the principle of least privilege. This can help prevent compromises from occurring and minimize the amount of damage done when they occur.

What are the challenges of deploying ZTS?

Because a very particular set of modern security tools are used, applying ZTS to legacy infrastructure can be challenging. Trying to retrofit existing systems and practices can sometimes be overly disruptive to customers for limited security gains.

In those cases, I believe the best approach is to make ZTS part of a security strategy looking forward. For example, businesses can incorporate ZTS principles as legacy systems are retired in favor of cloud resources. This is an area where partners familiar with ZTS can step in to deliver real value for customers.

How to implement Zero Trust security

The exact process will be different depending on each customer’s network resources, but there is a general strategy to follow.

1.    Audit their network to evaluate attack targets

You can’t protect it if you don’t know it is there. Start by performing a top-to-bottom assessment of every application, device, and endpoint that might be a target for attack. This will help you understand what is most valuable to the business and help you drive a more strategic conversation around security.

2.    Use Multi-Factor Authentication on the most sensitive assets

Any resources that control roles and identities need the highest level of security under a ZTS model. Directory services, domain controllers on local networks, and related management systems all should be secured with multi-step authentication.

3.    Authenticate Privileged Accounts and Associated Applications

If an attacker can compromise a privileged account, then they become indistinguishable from a trusted user. That means in addition to improving account authentication on privileged accounts, you also need to restrict the applications of accounts that can access your customers’ networks.

4.    Monitor Privileged Activity

You shouldn’t treat account authentication as “the new perimeter,” though. Work from the assumption that privileged accounts will be compromised eventually, which means all activity still needs to be monitored. Monitor the health of all endpoint devices that privileged accounts can access to ensure that applications are updated.

Changes in account or application behavior can be a sign of a compromise. This means having good network visibility helps prevent both attackers and internal bad actors from expanding the scope of their attack.

on top of all this, make sure you do constant reviews of all profiles, policies and permissions.

Are you looking for easy security management for Microsoft 365? Learn how Office Protect makes security management simple 

You can move customers toward better network security

After an assessment, you’ll realize that no network is 100% secure. This is why deploying a Zero Trust Security model is now the best way to ensure that your customers’ multi and hybrid cloud networks stay secure. Since this model ensures that every individual asset is secured through authentication and authorization controls, we can rest assured that we are doing a better job of securing what modern cybercriminals are targeting, rather than the main targets of yesteryear.

Take a look at our security solutions to see what you can use to apply Zero Trust Security for your customers.

Bring your data together with Microsoft PowerApps

Bring your data together with Microsoft PowerApps

Business in the 21st century has become more complex than ever. Data is at center stage, business operations and data storage are moving to the cloud, there is an app for everything under the sun and employees are working from multiple locations and on multiple devices. What businesses need more than ever is technology that will tie all these disparate pieces of the larger puzzle together into a cohesive unit that functions as a whole. This is precisely what Microsoft PowerApps offers.

Microsoft is at the leading edge of creating technology that makes business easier and more intuitive. PowerApps is part of Microsoft’s Power Platform, and it is one of the most innovative and versatile products Microsoft has come up with. This Platform-as-a-Service (PaaS) is designed to be used on traditional web browsers or on mobile devices, and it provides business owners and employees alike the opportunity to create the apps they need to get the job done.

We don’t just help you navigate Microsoft apps, check out all our value added services with the Media Hosting Services guide

What is Microsoft PowerApps?

Microsoft PowerApps provides a single, intuitive platform from which custom apps can be built by anyone at a moment’s notice. This is because it is a low-code option, something Gartner predicts will comprise 65% of app development by 2024. And this technology couldn’t have come at a better time.

Traditionally, app development is a lengthy and expensive process, with the average hourly rate to create a cross-platform app in the U.S. at $125. At the same time, apps are in high demand, and developers are in short supply. This has resulted in 65% of organizations experiencing an app development backlog, something that can be eliminated with Microsoft PowerApps because it is so easy to use.

In addition to its ease of use, PowerApps also comes with the ability to:

  • Build artificial intelligence (AI) into apps
  • Store and manage all your data in one place
  • Facilitate more collaboration and promote innovation and creative thinking throughout your organization

Microsoft PowerApps is for everyone

Microsoft PowerApps allows you to create apps at every level, no matter what your organizational needs are. You can:

  • Tailor an out-of-the-box solution, including dashboards and forms, in order to maximize the use of business data and increase productivity
  • Create customized task-oriented and role-based apps

This can all be accomplished with the two options PowerApps offers to design and build apps. The first of these is called Canvas Apps. This is a method of design that allows you to drag and drop design elements onto a canvas and create your app without the need for code. With this method, you have complete control over the app layout.

The other design option is called Model-driven Apps. This method bases app development on a combination of the app components you select and your unique business processes and data models to determine the optimal layout. Thus, you have less control over the layout of the app, but it is customized to your specific business needs.

Benefits of PowerApps

The benefits of being able to create mobile apps via Microsoft PowerApps are significant. One of the most notable is the fact that PowerApps saves you the cost required to develop a single app for multiple mobile operating systems. Instead, you will develop and run all your apps through the PowerApp application, which automatically accommodates multiple mobile operating systems. Other benefits of PowerApps include the ability to:

  • Create custom apps in just a few hours without the need to write code
  • Access a variety of easy-to-use templates
  • Seamless connectivity to all Microsoft cloud services
  • Create apps to suit any need whenever they are needed
  • Connect with over 200 sources of business data (including on-premise data) and services to empower businesses to make the most of that data
  • Integrate with Microsoft 365, Dynamics 365 and Azure
  • Access full administrative control with enterprise-grade security and governance
  • Scale as needed

Plus, the single platform makes it easy to bring together everything a business user needs to work effectively. This includes combining PowerApps with workflow and business intelligence to empower users.

PowerApps Licensing

Microsoft PowerApps is available with certain Microsoft products and plans. This provides you with flexibility when choosing the plan that will work best for your situation. Licensing can happen in one of four ways:

It’s included in Microsoft 365 – There is no additional charge when it is included with certain plans (only for Microsoft 365 data as part of the plan), including:

  • Business Premium
  • Business Essentials
  • The F1 Plan
  • The E1–E5 Enterprise Plans

It’s included in Dynamics 365 Enterprise applications – There is no additional charge for the PowerApps service, and it comes with full support (only applicable for Dynamics 365 data as part of the plan).

Want help with Dynamics licensing? Take a look at our simple guide

You pay $10 per user per app – This is suitable for a small business with a minimal need for PowerApps. It comes as a two-app package, and you can purchase more than one if you have multiple apps.

You pay for unlimited users – This is suitable for a business that requires a larger number of PowerApps (i.e. eight or more).

Cross-industry and cross-organization optimization

Microsoft PowerApps can empower organizations across multiple industries, such as healthcare, education, technology, retail, manufacturing, and transportation. At the same time, small and large businesses and non-profit and government organizations can also benefit. This is a Microsoft product that truly opens up avenues of creativity and empowerment for everyone.

Contact Media Hosting Services today to learn more about Microsoft PowerApps and Power Platform.

QuickHelp as a powerful change management tool

QuickHelp as a powerful change management tool

The success of any cloud deployment depends on much more than just the technology itself. If your client’s users aren’t engaged in the process and trained on how to use the new system, it will be met with indifference at best, and flat out opposition at worst.

This is why change management is so important. Following a change management process ensures that your client’s entire organization is able to make smooth transitions to new technologies. For new cloud platforms to be properly adopted, users need to know both how to use their new applications and why switching to them matters.

Sherweb’s QuickHelp learning platform is an excellent tool to make sure both of those things happen.

See how QuickHelp can help your clients’ change management strategy, request a demo today!

Change management for cloud tech can be difficult

One of the biggest strengths of cloud platforms like Microsoft 365 is that they can constantly receive new features and functionality. But these newly developed tools only generate value for your clients if they’re actually used. And the regular updates that IT people like us see as a strength are often seen as a negative by business users.

Users don’t like change. In fact, the Harvard Business Review noted that more than 70% of all new business initiatives fail because project leaders don’t properly get users to buy into the process. Over time, change management methodologies, like Prosci, have become an integral part of IT projects to combat this problem.

But you don’t necessarily need a full-fledged methodology like Prosci to get Microsoft cloud services deployed for small business clients. Applying a few basic change management principles with the support of tools like QuickHelp can help you ensure new systems take hold.

Basic change management

1.    Teach them why

Sometimes users will flatly resist change, but often it’s merely indifference to new tools that prevents them from being adopted. It’s not enough to jump straight into teaching users how to use a new service. They are more likely to use a new, unfamiliar cloud platform if they first understand why it’s valuable to them and the business. In other words, you should teach them why they should use a new service before you teach them how to use it.

Leadership is important here. Business leaders and supervisors need to buy into the new initiative and demonstrate their support. Be proactive and get easily digestible videos and tutorials in front of users that help them understand how everyone will benefit from the new technology.

2.   Show them how

Once you’ve established buy-in across the organization, you can begin actually instructing users on how to use the new cloud technologies. Different people learn in different ways, so don’t try to force a one-size-fits-all training program onto an entire business. Consider different users’ needs, their experience levels with cloud technology, and their roles within the organization.

Getting everyone into a classroom for presentation-style training is increasingly difficult and expensive in modern workplaces. Schedules frequently don’t line up, and it can be downright impossible if you’re working with a distributed workforce. It’s much easier to move training online and break it up into small, easily digestible learning modules. You need modules that can be presented on a schedule or called up by users on demand when they want self-service help on a particular topic.

3.   Turn knowledge into action

The ability to provide on-demand training right when it is needed is key to supporting ever-changing technologies like Office 365. Change management for cloud tech is an ongoing process, not a one-off event.

As users get more familiar with the system, make sure to get feedback on training to help keep it relevant. This feedback can take the form of basic surveys or direct polling, but it can also be generated through more interactive methods, like gamification rewards programs. Have users test their familiarity with new platforms in a fun competition with coworkers—they have an opportunity to build team unity, and you get data on user familiarity with different systems.

You can then update their learning platform to be as relevant as possible to their particular level of technology adoption.

QuickHelp is an ideal tool to support this kind of personalized three-step change management process.

So what is QuickHelp?

QuickHelp is a highly customizable learning platform designed to give users the exact information they need in short videos or interactive training modules. It is easy to adapt to individual clients and even each of their individual users. QuickHelp can deliver a personalized learning portal custom-tailored to each user’s specific needs on new cloud platforms.

There’s also a QuickHelp ribbon add-in for Office 365 that makes it easy for users to access the tool on demand whenever a question arises. And yes, it includes a gamification system where users can compete for badges and completion records with their coworkers.

QuickHelp helps your clients drive active use of their new Microsoft cloud products. It slots neatly into change management processes to guide user behavior in organizations of any size. For example, you can use it to steer users towards a single new platform to reduce redundant applications. Or you can encourage the adoption of mobile app usage that will make users more productive during travel time or other downtime in the workday. You can also target making specific behavioral changes, like encouraging users to switch from inefficient email use to more comprehensive communication tools like Microsoft Teams.

More than just a training tool

QuickHelp is more than just a simple support tool. It’s a powerful change management tool that organizations can use to improve performance and drive faster adoption of new cloud technology platforms. And when cloud technology becomes a valuable part of your clients’ businesses, it becomes a reliable revenue stream for you.

QuickHelp can turn skeptical users into full-throated advocates of new technology and help their organizations get the most out of those platforms. If you’re gearing up for a new Microsoft cloud migration, consider deploying QuickHelp to help ensure the new service sticks.

Contact Media Hosting today to get your clients working more effectively with QuickHelp.

look on the bright side of Outlook scheduling

look on the bright side of Outlook scheduling

We all know what a great email application Microsoft Outlook is. But have you ever explored its scheduling and calendar functions? That is what we will do in this article. So, let’s get started. We will be using MS Outlook 365 for all tasks.

Learn how to transform your MSP and your clients’ businesses with Microsoft 365

In Outlook’s Home tab, select the arrow beside the New Email menu (if you select New Email, you will get the new email dialog). Select a new Appointment or Meeting from the drop-down list.

Appointments and meetings are very similar, so we will use an appointment as an example.

1. Select Appointment from the menu.

2. You can enter a lot of detail here, such as a title, time and date, location, whether it is an all-day appointment, and whether you want the appointment to recur in the future.

And that’s just for starters! Take a look at the Appointment ribbon:

3. Here you can invite other individuals to join by email, set reminders to yourself, mark your calendar as busy during the appointment, and categorize the appointment as you wish.

Here is an example of inviting others to join. Outlook checked your availability and also inserted the appointment details into the email. When you invite others, you can designate them as required attendees, or they can attend if they wish (optional).

4. Once you have filled out the necessary information for the appointment, select Send.

Your Calendar Page

So now that we have an appointment scheduled, let’s talk more about the Calendar feature. Select the Calendar icon on the bottom left of Outlook:

Here is a typical calendar page. It looks a bit complex, but we will go into further detail.

Let’s start from the left pane.

Outlook provides an interactive display of the current month and the next month. You can select the next and previous arrows to change the month. If you choose a specific day, the calendar view in the main window opens up to that date.

This is a quick and easy way to check appointments or meetings for a specific day.

Further down on the left pane are all the available calendars that you may view.

You can view your calendars, those shared with others in your organization, calendars from outside the organization, and calendars created for groups you are in. When you select the checkbox for calendars, they display side-by-side for ease of viewing.

If you do not wish to see the left pane, select the right arrow to hide it or the left arrow to show it.

You can also pin the left pane to display all the time if you choose.

Calendar Ribbon

Next, let’s look at the Calendar ribbon:

The ribbon allows you to:

  • Create new appointments, meetings, or Microsoft Teams meetings
  • You can view your calendar in many ways:
    • Today – highlights today no matter what other views may be displaying
    • Next 7 days – shows the next seven days
    • Day – shows today by the hour
    • Work Week – shows the days of the current workweek (no weekends)
    • Week – shows the days of the current seven-day week
    • Month – shows the days in a monthly view
  • Select the Schedule View to see your appointments day-by-day. Schedule View is an alternate method of viewing calendars that lets you easily see when events overlap and where there is free time between those calendars. Schedule view is especially helpful when planning meetings between multiple people.
  • Create a blank calendar or share calendars from other sources like your list of contacts or the internet using the Add
  • Share your calendars with others using the Share

Below the Calendar ribbon is another row of options.

You can select the left or right arrows to have the previous or next month displayed in the main window.

You can change the location by selecting the down arrow. In addition to changing the location and time zone, the weather displays for that location. That is helpful if your appointment or meeting is outdoors!

Adding Events

So we have seen the many different ways you can view your calendar events. Outlook also makes it easy to create events “on the fly.”

Right-click on a day and the following drop-down list displays to let you enter a new event.


Beside this section is the Calendar Search text box.

A calendar search looks in the following fields in the Events Details form:

  • Subject
  • Location
  • Body (where you type notes)
  • Attachments
  • Organizer (who sent the invitation to a meeting)
  • Attendees (people invited to a meeting)

To search, enter your desired text. The results display:

As you can see, you can filter search text even further by selecting KeywordOrganizer, or Subject filters.

In addition to showing the results, Calendar also displays a Search Tools ribbon.

The first drop-down list lets you choose which folders to review, such as the All Calendar ItemsCurrent FolderSubfolder, or All Outlook Items.

Other ways to filter include:

  • By Organizer
  • By Subject
  • Has Attachments
  • By Category

Status of Requests, for example, Accepted AppointmentsTentative Appointments, or Requests Not Responded To.

You can view recent searches by selecting the Recent Searches drop-down list. You can further refine your searches using other parameters.

So as you can see, the Calendar feature has a lot going for it. Check it out next time you are in Outlook. And contact us today if you need help with your Microsoft environment.

Microsoft 365 with Office Protect’s forwarding block

Microsoft 365 with Office Protect’s forwarding block

We’ve talked before about how to flag any outbound spam leaving your organization, which is essential to prevent someone who’s just starting from sending spam or one-off emails that might go out.

But what happens if, as often happens with spam, someone decides to send out spam emails automatically, en masse? Obviously, it would be helpful to know that it happened after the fact, but if they’ve already emailed everyone on your client list, the damage is done.

Fortunately, Office Protect still has you covered. With the setting “Enable Client Rules Forwarding Block,” you can stop spammers before they start.

Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book

How outbound spam works

Phishing scams occur when hackers get someone to open a malicious email by pretending to be a trustworthy source. They often use tactics such as fake domain names or enticing subject lines to get people to take the “bait.” v

Outbound spam is essentially phishing on the receiving end – people are more likely to open emails from someone they know and trust. Except this time, in their eyes, the email is from someone they know and trust, so it’s even more undetectable.

This works especially well in businesses. After all, we swap emails with important attachments back and forth every day. Hackers take advantage of this, particularly with the use of invoices. In fact, 26% of all phishing scams include fake invoices.

Once the recipient opens the attachment, malware is downloaded into their system. Hackers have successfully taken your good name and exploited it for their own gain.

So what is malware, and what damage does it really cause? Malware is a catch-all term for any software spread specifically to be malicious. It can come in many forms, but the most common are listed below.

What is malware?

Ransomware – While ransomware is declining due to advanced security measures, it can still wreak havoc on your organization. Ransomware is designed to lock you out of your systems or take your data hostage until your company pays the hackers a set amount for them to give back access. Ransomware often targets small businesses, and the amount is usually small enough to warrant just paying it rather than risking weeks or days of a lockout by involving the police.

Spyware – The sneakiest type of malware, spyware is installed without the user’s knowledge. It can run in the background of your system, slowly collecting and transferring your data out of the organization for weeks or even months until it is discovered.

Keyloggers – Like spyware, keyloggers can run undetected in the background, but they are specifically designed to log every keystroke the user enters. This is a great way for hackers to gain usernames and passwords to allow deeper access to your most important data.

Virus – The most common type of malware, viruses spread by “infecting” files on your computer, often one after the other until the machine overloads and shuts down completely.

The danger of mass spam emailing

If hackers gain access to your network, they can send out an email from your inbox to all your contacts almost instantaneously, and the consequences of that quick action for them can be far-reaching and long term for you.

So what’s the worst that could happen? Well, if you are a managed service provider or reseller, malware in your system could give hackers access to all your clients. Malware on one client’s system could infect all your other clients sharing the same server or cloud space.

Once your clients realize that you allowed malware into their systems, that could cause a major breach in trust, which is vital in your line of work. If clients lose confidence in you, they will be very unlikely to continue to use you for their data and IT services. They could even discuss what happened with colleagues from other companies, costing you future business and your professional reputation.

Even in a best-case scenario where outbound spam reaches all recipients but they do not open it, your reputation will take a hit. If nothing else, you’ll be marked as someone who sends out annoying spam emails. And it’s very likely that at least one of the spam emails will be opened. Research shows that about a third of email attachments in phishing emails are opened.

Office Protect’s Enable Client Rules Forwarding Block setting

Fortunately, Office Protect is here to ensure that mass spam emails never come from inside your organization. With the setting ‘Enable Client Rules Forwarding Block’ turned on, you can rest easy knowing your company is safe from this particular attack.

When turned on, this setting allows security control to create a transport rule to stop external, auto-forward type messages from leaving your tenant. The following criteria must be met for this rule to engage:

  • Sender is located ‘inside the organization’
  • Recipient is located ‘outside the organization’
  • Message type is ‘auto-forward’

If all these criteria are true, the system will reject the message and let the user know that it was rejected due to ‘external mail forwarding via client rules not permitted.’ This will allow any user that legitimately needs to use this feature to understand what happened and request the permissions necessary to complete their task.

How to use it

So how do you turn this setting on? Just go into the settings on your dashboard and flip the toggle menu to “on,” and you will be all set! You will also see the security impact (high) and user impact (low), which is the best combination. Why would you not want to apply a setting with little to no effect on end-users that has maximum effect on your security? It’s a win/win!

Contact your Sherweb representative today to learn how this setting and more can help protect your IT environment with Office Protect.

Office Protect: flag phishing emails in Microsoft 365

Office Protect: flag phishing emails in Microsoft 365

Phishing may sound like a leisurely activity by the lakeside, but that picturesque scene is far from reality. Hackers and scammers employ phishing to steal your data.

All it takes is a single click to grant someone access to your organization’s confidential information. So, do you know how to combat phishing? If not, read on to learn how Office Protect can give you the security you need.

Learn how Office Protect helps keep your Microsoft 365 tenants safe with our e-book

What Is Phishing?

Like the outdoor activity, phishing involves dangling bait in the hopes of securing a bite—except in this case, the bait is an email, and the bite is a seemingly harmless click on a link or attachment.

Hackers send fraudulent emails ranging from a “message from the CEO” to “pictures of the kids today” from your significant other, or even an urgent meeting request from your boss. Would you think twice about clicking on those after reading the subject lines?

The Dangers of Attachments

You may think that merely opening an email couldn’t possibly cause that much damage or even allow hackers to profit. And in some ways, you’re right—just clicking on the dangerous email usually does not cause harm. Rather, the danger is in the form of attachments. Verizon found that 66% of malware installed on systems came from malicious email attachments.

Generally, the bait in phishing emails involves some sort of enticement to open an attachment, like the aforementioned meeting request, a letter from the CEO, or pictures from home. Once the attachment is downloaded, any form of malware could infiltrate your company’s network.

This malware could be ransomware, a Trojan horse, a keylogger, or any sort of virus designed to either gain valuable information from your company or do you harm. Hackers can either exploit that information themselves or sell it to the highest bidder. In the case of ransomware, they can even lock you out of your own systems until you pay up.

How Big of a Problem Is Phishing?

If you haven’t been a victim of phishing or haven’t fallen for those emails, you may be inclined to dismiss this type of attack as trivial or a rare occurrence.

However, neither one is the case. Around 25% of emails sent in Office 365 contain phishing or malware messages, and that number is expected to keep rising. In fact, a recent report by Microsoft shows that phishing has grown by over 250% with no sign of slowing down.

The Art of Successful Phishing Emails

You may even think that your employees are invulnerable to phishing attempts. After all, why would any reasonable person ever open such an attachment? It would have to be obvious that it’s fake, right?

This is actually not the case at all. Phishing emails are generally disguised very well—41% of phishing domains include just one character swap, and senders can easily set the “name” of the from line to basically be anything they want.

When you look at it through this lens, it’s easier to see how an otherwise distracted recipient, or even a careful one, could overlook those details and introduce malware into your network. Statistics suggest that this is true—at least 30% of phishing emails are opened.

Problems for Resellers and MSPs

If you are a reseller or managed service provider (MSP), you may be well aware of the dangers of phishing. Even so, you may still struggle to educate your clients about it. You obviously want to do more because your clients’ risk is your risk, too. If a client on one of your shared servers introduces malware into that network, it’s not just their information on the line—it’s yours and every other client’s as well.

This risk also applies to your employees. An employee who introduces malware into your system could be compromising not only your own information but also your clients’, so you must be especially vigilant. One wrong move could destroy your reputation.

So what can you do besides offering training that the client may or may not even take, or whose information they may end up disregarding in the end? Fortunately for everyone—small businesses, resellers, and managed service providers alike—Office Protect has a solution to help.

Flagging Phishing Emails Using Tenant Domain or Staff Name

Office Protect has a setting that will flag phishing emails that use a tenant domain or staff name. What does that mean? Basically, Office Protect will detect any emails sent from outside the organization that are using a staff member name or your own domain name in the sender field of the email.

When Office Protect detects these emails, it will not stop them from being delivered, but it will flag them with a message to alert the user of potentially suspicious activity:

“This email was sent from outside your organization, yet is displaying the name of someone from your organization. This often happens in phishing attempts. Please only interact with this email if you know its source and that the content is safe.”

When a user sees this, they’ll approach the email with more caution or even immediately flag it as spam.

It’s still possible that some internal systems, like ticket trackers, may trigger this message. But if that is not the case, the recipient should delete the email immediately without interacting with it.

How to Enable: Flag Phishing Emails

So how do you enable this setting? Simply go into your Office Protect dashboard and access the settings. You will then see a toggle menu to turn on the setting, as well as its security impact (medium) and user impact (low).

Want to use Office Protect or offer it to your clients? Contact us today to learn more about our available options.