The way in which we respond to email security risks needs to change. It’s no longer a case of reinforcing the network perimeter. The risks are now far more complex and nuanced, driven by human behaviour. From every conversation we have, Security and IT leaders tell us that people: These are a combination of both inbound and outbound threats but what they have in common is that they are human-activated risks – there’s a person behind each of them.

The General Data Protection Regulation (GDPR) established rules for handling personal information in the EU. And with strict penalties for noncompliance, it puts the onus on businesses like yours to know where all their GDPR-related data is located and how it’s treated.

Back in 2008, Microsoft added a new technology to PowerShell and named it Desired State Configuration or DSC. In essence, DSC is the framework that delivers and gives the user tools to maintain configuration. Desired State Configuration allows you to define your environment’s aspired state with a simple declarative syntax that has been added into the PowerShell script. It is then assigned to each target server in your environment.

The hybrid work environment is a significant and challenging change we have embraced in the past two years due to the pandemic. And Microsoft 365 continues to be the most commonly chosen cloud-based work suite with 50.2 million users around the world. With cloud-based products, all we need is internet connectivity. The people, files and data we work with travel with us, irrespective of where we work from. Microsoft 365 comes with a wide array of features to simplify collaboration and communication.

Exchange admins now have another exploit to deal with despite still reeling from a number of high profile attacks this year including ProxyLogon and ProxyShell. A new high severity Remote Code Execution (RCE) exploit for on-premise Exchange Servers has been published and is being actively exploited in the wild.

Several malware families are distributed via Microsoft Office documents infected with malicious VBA code, such as Emotet, IceID, Dridex, and BazarLoader. We have also seen many techniques employed by attackers when it comes to infected documents, such as the usage of PowerShell and WMI to evade signature-based threat detection. In this blog post, we will show three additional techniques attackers use to craft malicious Office documents.

Your organization runs on information, and much of that information is sensitive. You need consistent governance policies to protect users and data, but just protecting files is not enough. You also need to be able to scan your documents quickly and easily to find personally identifiable information (PII). More than three-quarters of companies have files housed in email repositories, and these often contain customer PII, health records, and other sensitive information.