27Dec
25Oct
12 Steps you can take to up your Office 365 Security & Compliance game
I don't mean to oversimplify things here. This is not a comprehensive guide or anything like that. Every organization has different goals and business objectives, and depending on your industry, etc., you could have very different compliance regulations or whatever, that you need to consider. My goal is just to...
04Oct
How to configure journaling, and the undeliverable reports mailbox, in Exchange Online
In Office 365 Exchange Online, it is possible to setup journal rules. When you turn on journaling, a copy of email messages that you specify will be written to another (third-party) location. It is not supported to write the journal into another mailbox hosted at Office 365, however, there are...
27Sep
Security Reports and Identity Protection features available in Azure AD, Azure AD Premium P1 and P2
Azure AD Premium P1 is included with Enterprise Mobility and Security (EMS) E3. I have been experimenting with numerous aspects of this subscription, since security is such a high priority these days, especially for the SMB (small businesses are statistically far more more likely to be targeted than large enterprises). As...
13Sep
Configuring Data Loss Prevention (DLP): An example automatically encrypting GLBA content via Email
If you have a subscription such as Microsoft 365 Business or Office 365 E3, then you can configure Data Loss Prevention (DLP) policies, which are great tools for helping your organization meet compliance standards. I especially recommend it for businesses in the financial or medical industries, due to laws and...
08Mar
Reading the fine print for Data Loss Prevention (DLP) in Office 365
After implementing DLP policies in your organization, you might consider testing it out. Let's say you implemented Microsoft's DLP policy for identifying U.S. Social Security Numbers, which are a nine-digit string of numbers, often formatted XXX-XX-XXXX (sometimes with dashes, sometimes without). You decide to draft an email containing such a...
24Aug
What is the difference between an Archive, a Journal and Litigation Hold?
As I've been helping organizations navigate the complexities of Exchange Online and compliance, this question has come up a few times. "What is the difference between an archive and a journal?" I also hear, "What is the difference between a journal and litigation hold?" And finally "What is the difference...
17Aug
5 Steps to Better Credit Card Handling on Your Network
The requirements for PCI compliance are... high. Performing a risk assessment alone is a time-consuming process, to say nothing of an actual audit. Which is unfortunate for small and mid-sized businesses, since most of them don't even need to store credit card numbers locally (and in fact it is much better...
10Aug
Vulnerability Assessments vs. Pen Testing: Walk before you run
Sales people are some of my favorite people in the world. They make me laugh out loud almost every day. The company I work for offers a few different flavors of network & security assessments for small to mid-sized businesses, but we do not offer penetration testing. Still, I occasionally...
20Jul