Combatting Holiday Cybercrime with AI: A Seasonal Guide to Stopping Spam Emails

As the festive season approaches, we’re all on high alert for the unwelcome gift of spam emails, social media scams, and romance fraud. Cybercriminals are ramping up their efforts to exploit the holiday cheer. But fear not; the AI revolution in cybersecurity products is our shining star, offering enhanced detection capabilities to shield us from these digital grinches.

This week, digital giants Amazon and Google pledged action on fraud; for the full BBC story, follow this link.

We believe this and other moves by the industry (see yesterday’s blog on the Yahoo and Google DMARC updates) are necessary steps forward; however, continually improving our defences is our focus and the approach we advocate to our customers.

Defending against spam emails and web-based fraud.

We recommend two solutions to our customers, which seem to be leveraging artificial Intelligence to enhance their solutions.

Conceal Browser-based security.

Firstly, Conceal is a lightweight browser add-on. The AI-powered capabilities seamlessly identify and neutralise emerging threats, ensuring comprehensive protection in the ever-evolving cyber landscape.

ConcealBrowse is the answer. It is a lightweight, versatile, and secure browser extension that is meticulously engineered to meet the needs of modern workers.

It serves as your frontline defence, monitoring and detecting potentially harmful URLs to ensure your safety within your organisation’s network. If a website is in doubt, ConcealBrowse uses its isolated and dynamic routing network to safeguard your identity and protect your organisation’s network from potential threats.

 Heimdal®’s Outliers Detection: The AI Guardian Against Email Scams

At the forefront of this battle is Heimdal®, recently unveiled “Outliers Detection,” an AI-driven feature that fortifies its Email Fraud Protection platform. This innovative tool employs anomaly detection and pattern recognition, distinguishing safe correspondence from malicious threats and spam emails with remarkable precision.

The Heimdal® XDR Platform: Vigilant AI-Powered Email Defenses

Outliers Detection is a robust defender against email dangers such as Business Email Compromise (BEC), CEO Fraud, and impersonation attacks. By weaving AI into the fabric of its Email Fraud Protection platform, Heimdal® arms its clients and partners with a proactive and powerful weapon against cybercrime.

spam emails detection

Why Outliers Detection is a Game-Changer

Launching at a critical time when spam emails, email fraud and financial fraud are becoming increasingly complex, outlier detection is a vital tool. The FBI’s Internet Crime Complaint Center (IC3) reports staggering losses due to business email compromise, highlighting the urgent need for AI’s predictive prowess in cybersecurity.

The Heimdal® Approach: AI at the Core of Cybersecurity

Valentin Rusu, Ph.D., Head of Artificial Intelligence at Heimdal®, asserts that AI is essential for modern cybersecurity strategies. The old reactive defence models are obsolete; proactive AI-based solutions are the future in our fight against sophisticated cyber threats.

DMARC check, monitor and report

The Email spam rules for Google and Yahoo are being updated and considerably tightened in February for most businesses; this will mean getting your IT or Webhost to do an SPF, DKIM and DMARC check and review your DNS settings or for a free check, contact us.

According to the announcement from this February, Google and Yahoo will begin enforcing new requirements for bulk email senders. The guidelines primarily focus on the authentication of outgoing emails, reported spam rates, and the ability to unsubscribe from email lists easily.

Get your business ready for the changes.

Interestingly, we have noticed that other providers and organisations have tightened their criteria over the last six months, resulting in message failures even for organisations that don’t meet the bulk sender criteria.  Even if you don’t send bulk emails, getting SPF and DMARC checks is essential to ensure your message gets to your intended recipients.

It will also be worth being on top of your Spam quarantine as more mail will potentially be marked as spam.

Google defined bulk senders in an early-October announcement as “those who send more than 5,000 messages to Gmail addresses in one day,” which caught the attention of email marketers in both B2B and B2C circles.

For further reading, Google Sender Guidelines

what to do with dmarc check

DKIM, DMARC checks and correct implementation of SPF are the email authentication requirements for bulk senders.

The two companies will require bulk email senders to use what Google calls “well-established best practices” to authenticate the sender.

Under the present recommendations, three mechanisms work together to create a cohesive approach to email authentication:

  • Sender Policy Framework (SPF) is designed to prevent domain spoofing by allowing the sender to identify the email servers permitted to send emails from or on behalf of their domain.
  • DomainKeys Identified Mail (DKIM) is potentially the most problematic as not all hosting providers support DKIM. DKIM requires a domain record to be put in place, effectively adding a digital signature to outgoing email, which verifies the message was sent by an authorised sender and wasn’t tampered with along the way.
  • Domain-based Message Authentication, Reporting and Conformance (DMARC): this DNS record allows domain owners to specify which actions to take when an email fails authentication. Such as quarantine, reject or even none; it also enables reporting on email authentication results and defines where the results will be sent.
  • DMARC’s reporting element for many businesses further complicates dealing with the resulting reports.

Google and Yahoo will require bulk senders to set up all three mechanisms by 1st February 2024. Still, as I mentioned earlier, we have already noticed a trend for messages to be treated as spam if the mechanisms aren’t present. Most suppliers will almost certainly follow Google and Yahoo, so it is probably as well to get on with it.

At Tamite Secure IT, we have been implementing the changes for all our business customers and offer monitoring of Domain records as a standard part of our service.

Booking.com – are you asking the question how strong is my password?

The latest problems at Booking.com illustrate the issues around password security and will have many people asking the question how strong is my password?

A strong password is only part of the answer; passwords can be brute forced, so where possible, adopt Multifactor Factor Authentication as well.

See the Guidance from the National Cyber Security Centre – How secure is my password

Password & Multifactor Authentication (MFA) Policy

To ensure better password hygiene, create a company password policy with the following guidelines:

  1. Use passwords that are at least eight characters long and include a combination of letters, numbers, and symbols. If you don’t use a password manager, adopt passphrases instead.
  2. Avoid using personal or company-specific words, names, or addresses in your passwords.
  3. Use a unique password for every service you use.
  4. Never write passwords on paper or in an insecure digital form. To manage your passwords, use a password manager. This will securely store and manage all your passwords in one place.

Use Multi-Factor Authentication. MFA reduces the likelihood of a breach by orders of magnitude. It uses your mobile device as a second security check for those who don’t know.

How strong is my password, and how can I better manage it in future?

We recommend our customers use Keeper Password ManagerKeeper Password Generator & Manager as it will store passwords, create strong passwords, manage multifactor authentication and check your existing passwords to ensure they aren’t reused or have been leaked in known data breaches.

Keeper Security business password manager software

So what is happening at Booking.com

More details on the problems presently being experienced at Booking.com are found in this article on the BBC. It looks as though passwords are only part of the issue; the other half of the task facing the security teams is managing accounts with admin rights, especially those used by suppliers.

Monitoring your accounts with admin rights and highlighting unused and redundant accounts is something that needs to be done across a company’s services, especially those that are cloud-based, so these days, that’s most of them.

Many of you will be looking at putting Microsoft’s Copilot in place to take advantage of the many benefits it will bring regarding productivity; who doesn’t need a virtual assistant?

One of your early priorities should be to ensure your M365 environment is secure, as the potential for inadvertently giving access to data and worse will be amplified by AI.

Much of the work towards a secure environment revolves around improving your Microsoft Secure Score, which can be done within your M365 tenant; we prefer to use our preferred management tool, Octiga 365, as it also highlights areas where security can be improved.

 

Keeper Password Generator & Manager

This article from the BBC graphically demonstrates the need for us to use a password generator to create secure credentials; left to ourselves, we (humans) are just not up to the task of creating unique, complex credentials.

23andMe data leak article
It also looks like the companies we rely on to secure our data are often not up to the task; in this case, the genetic testing firm 23andMe could have insisted. They presumably manage the services their customers log onto and so should have set up policies to stop customers from using simple passwords.

23andMe, in effect, could have insisted customers adhered to safe password practices, used an in-page password generator to choose a password and used multifactor authentication, but instead, they preferred to point the finger at irresponsible customers who re-used passwords.

We recommend our customers use the Keeper Password Manager.

Contact Us

password generator

Password & Multifactor Authentication (MFA) Policy

To ensure better password hygiene, create a company password policy with the following guidelines:
1. Use passwords that are at least eight characters long and include a combination of letters, numbers, and symbols. If you don’t use a password manager, adopt passphrases instead.
2. Avoid using personal or company-specific words, names, or addresses in your passwords.
3. Use a unique password for every service you use.
4. Never write passwords on paper or in an insecure digital form. To manage your passwords,  when creating passwords, use a password generator and adopt a password manager. This will securely store and manage all your passwords in one place.
Use Multi-Factor Authentication. MFA reduces the likelihood of a breach by orders of magnitude. It uses your mobile device as a second security check for those who don’t know.
We provide the business Password Manager. Keeper SecurityKeeper Security – business password manager manages all of your logins, suggests improvements, monitors for leaks of old passwords and alerts you to potential issues.

Getting M365 and Sharepoint security ready for Microsoft Copilot, Sharepoint security is key

Microsoft’s Copilot is an AI agent that will be on the agenda of many of you, so by now, you will have realised that getting your business ready for M365 security is central, and Sharepoint security is key.

From the 1st of November, Microsoft has made Microsoft 365 Copilot “generally” available for enterprises worldwide. But you’ll need to buy a minimum of 300 seats.

The £30 per user per month cost is in addition to the M365 E3 or E5 subscription, and so – in some cases – will nearly double the monthly outlay per user. Microsoft M365 Copilot also requires an annual commitment.

Anyone who has read my previous blog on Copilot will realise I’m a fan and am actively encouraging my customers to adopt it.

The term “General Availability” is a bit of a red herring as most of us will have to wait to get access to Microsoft Copilot. However, this should be seen as an opportunity to gain knowledge on the product, understand how it may affect Sharepoint security and ensure your organisation is ready to take advantage when Microsoft make it available to the SMEs who arguably will be the biggest beneficiaries.

So, most of us can’t get Copilot right now, but we can make preparations that will give us a head start when we get our turn.

M365 Sharepoint security and Copilot go hand in hand

Get our White Paper on the adoption of Copilot

Getting your Sharepoint security structure in place beforehand

As Copilot uses organisational content in the Microsoft 365 tenant – such as users’ calendars, emails, chats, documents, contacts, and more- organisations must duly prepare for Copilot adoption, particularly from a security and compliance perspective.

Because of the breadth of the change that adding Copilot to your IT ecosystem will bring about, I would suggest that this is a good point to review your existing controls and plan for how you will need to control information in the future.

It might be a good time to go into your M365 tenant and check your Secure Score. yes, using the Microsoft tools to improve your score is a challenge for most of us; we have found the Octiga M365 Security is an excellent way to address this as it is very visual and has great intuitive tools that make the whole experience much simpler and help you stay on top of it in the longer term.

Book an Octiga Security Demo

Of course, we are happy to use our experience to help you improve your M365 secure score and Sharepoint security as well.

One of the things to remember about AI is that presently, Natural or Human intelligence has at least one significant advantage: it can be selective about the information it may choose to share with, for instance, a customer.

Give Copilot or any other AI, especially chatbot information, and it will use it if you haven’t given it express rules for who should have access; don’t expect AI to exercise common sense or discernment.

Microsoft Copilot: Has the Potential to Be a Game-Changer for Business Productivity.

Preparing to take advantage of Micosoft Copilot

Microsoft Copilot has been released as a paid addition to the Microsoft suite of Office Apps. Copilot has many capabilities, including acting as a digital assistant, sorting and summarising emails, helping create presentations and documents, and even attending Teams meetings for you.

We are currently working to help our customers prepare for the launch of Copilot and to help them get the most out of it.

Artificial intelligence (AI) is going to revolutionise the digital world in many ways both good & bad;

According to Bill Gates, the former CEO of Microsoft, in his Gatesnotes blog, the businesses that adopt AI will be successful in the future.

(The Age of AI has begun | Bill Gates (gatesnotes.com)

While the Artificial Intelligence debate continues to occupy the press, it is a cause for anxiety to areas of the workforce and Governments around the world are wringing their hands over how or whether they should be looking to regulate AI. The tech giants, understandably, aren’t standing still.

Microsoft has demonstrated its commitment to being at the forefront of AI innovation with the release of Copilot, an AI assistant.

Microsoft Copilot promises to impact businesses by enhancing productivity and elevating output quality significantly.

As an IT professional who has had a sneak peek at what Copilot can do, I’m genuinely impressed; in the coming months & years our focus as a company will be actively facilitating our customers’ adoption of AI in their businesses.

We believe Microsoft Copilot is poised to usher in a new era of workplace efficiency.

For more information about Copilots current abilities this article on the BBC website gives a good overview.

Here are some ways in which it can benefit businesses of all sizes:

  • Streamlined Workflow: Copilot can automate mundane tasks, freeing employees to focus on more strategic and creative aspects of their work. This translates to increased efficiency and higher productivity.
  • Error Reduction: With its advanced AI algorithms, Copilot is well-equipped to assist users in avoiding common errors and pitfalls. This not only saves time but also enhances the quality of output.
  • On-the-Fly Guidance: Copilot’s ability to offer real-time assistance is a game-changer. It can suggest solutions and provide insights as employees work, making it an invaluable partner in problem-solving.
    Learning and Adaptation: Over time, Copilot can learn from user interactions, evolving to suit the specific needs of your business better.

Microsoft Copilot

This adaptability ensures a tailored experience for each user.

In preparation for the implementation of Copilot in your organisation, consider the following factors:

1. Data Integration: Ensure that Copilot can seamlessly integrate with your existing systems and processes to maximise utility.
2. Security: Microsoft has a strong track record in security, but it’s essential to assess the potential risks and safeguards involved in using an AI assistant like Copilot.
3. Training and Onboarding: Plan a smooth transition by training employees to maximise Copilot’s capabilities.
4. Customization: Tailor Copilot to your business’s unique requirements to maximise its potential.

Get our Whitepaper on Microsoft Copilot adoption and the low hanging fruit that can be addressed by AI

As promising as Copilot may be, it’s important to remember that specialised product-oriented chatbots may still have their place for specific tasks. With its broad capabilities, Copilot may not be as precise in certain areas as dedicated, task-specific chatbots.

In conclusion

Microsoft’s Copilot is poised to be a game-changer for businesses, offering many benefits to enhance productivity and output quality.

As an IT professional, I look forward to witnessing its positive impact on our workplaces. To fully leverage its potential, businesses should proactively prepare for its implementation, ensuring seamless integration and optimal utilisation.

While Copilot is a versatile assistant, there will still be room for specialised chatbots in specific scenarios, making it crucial to choose the right tool for the job.

30 years of web browser security threats and 20 years of Cyber Awareness Month

Web browser security threats probably go back at least 30 years to 1994 and the advent of Microsoft Internet Explorer.

This year 2023, marks 20 years of Cybersecurity Awareness Month, so let’s spread a little awareness.

These days, children are given lessons at school about staying safe on the web, but many of us adults probably weren’t.

When you consider that most office-based workers spend 70-80% of their time on the web, it’s clear that companies should be training their staff and giving them the basics. That’s why Cyber Awareness Month is so important.

Before we talk about any technical layers of security that should be put in place, let us be clear that a lack of awareness can undo any efforts we make with the other security layers.

In the ever-evolving landscape of cybersecurity, some things remain constant. One of those is that over 70% of security issues are related to users accessing harmful content on the web – either directly through a web browser or indirectly by clicking on a link in an email.

IT Security Training protects against web browser security threats

It’s crucial to address the three primary threats that can compromise your online safety. These threats can be broadly categorized into three main areas:

  1. Web Browsing Security: The first layer of defence is your web browser. The internet is a vast realm, and what you click on and interact with can significantly impact your cybersecurity. Defending against web browser security threats such as malicious websites, phishing attempts, and unsafe downloads all pose potential risks. It’s imperative to exercise caution when browsing the web and avoid clicking on suspicious links.
  2.  Email Vulnerabilities: The second layer of vulnerability often intersects with web browsing – it’s what comes in over your email. Phishing emails, malware-laden attachments, and social engineering attacks can all infiltrate your inbox. Email filtering solutions are crucial in identifying and quarantining such threats before they reach your inbox.
  3. Social Media Interactions: The 2.5 layer refers to what and who you interact with through social media. Cybercriminals often exploit personal information shared on social media platforms to craft convincing phishing attempts or impersonate trusted contacts. Being cautious about sharing sensitive information and scrutinising friend requests and messages is vital.

To protect against these threats, three layers of security are essential:

  • Human Firewall: The first and most critical layer is the one inside your head – your knowledge and awareness. Cybersecurity education and training are paramount. This awareness extends to understanding the potential risks and how to respond when facing a suspicious situation.
  • DNS Web Filtering: Implementing DNS web filtering solutions to tackle web browser security threats by helping prevent access to malicious or inappropriate websites. This layer of protection acts as a barrier to keep users away from dangerous online territories.
  • Email Filtering: Email filtering solutions, powered by advanced algorithms and threat intelligence, can identify and quarantine potentially harmful emails. This layer is indispensable in preventing phishing attempts and malware distribution via email.

As we celebrate the 20th anniversary of Cybersecurity Awareness Month in 2023, it’s evident that a well-rounded approach to cybersecurity is necessary. While technical security layers are vital, they are less effective without the crucial human firewall. Therefore, individuals and organisations must invest in cyber awareness training, informing themselves about the latest threats and best practices. Combining technical defences with an educated and vigilant user base can significantly reduce the risks posed by the ever-evolving threat landscape.

Will Microsoft Copilot AI be boosting your productivity

Will Microsoft Copilot AI  prove that not all additives are bad for us?

We think Artificial Intelligence (AI) is poised to play a crucial role in our daily digital and professional interactions, and we aren’t the only ones.

Recently, Amazon announced its investment in Anthropic, a move that will enhance the capabilities of Alexa and provide AI support for the Amazon online store and AWS Cloud platform (Amazon Web Services).

Earlier this year Bill Gates said that the businesses that grasp the opportunities presented by AI are the ones that will succeed in the next few years.

Microsoft is certainly doing their bit to fulfil the old bosses’ predictions as this “fall” that’s Autumn to us Brits Copilot will be made available as part of upgrades to Windows 11, their browser Edge and of course, M365.

We will be blogging regularly on the new AI capabilities and as a security focused organisation Tamite will of course be looking at the privacy  implications.

Microsoft poised to launch its AI assistant, Copilot, into its M365 suite (formerly known as Office 365). As a helpful and reliable AI-powered assistant, we will assist our clients in understanding the potential of AI in their organizations and guide them towards easily achievable benefits by showing them how to snatch some low-hanging fruit

Read the BBCs article on this subject

https://www.bbc.co.uk/news/technology-66914338 Artificial

Grasping AI, the opportunity to supercharge your business efficiency and Office Microsoft 365 plans business security.

Microsoft 365 plans business security
Clippy’s back, and this time he’s got muscles

Grasping AI, the opportunity to supercharge your business efficiency, Microsoft 365 plans business security.

Microsoft 365 plans business security and efficiency with AI.

Presuming Artificial Intelligence (AI) doesn’t go rogue and decide to put an end to humanity or enslave us, it is likely that we will see AI becoming increasingly involved with our work and home lives.

Over the next few years, many of us will see AI within the products we know and love assisting us and doing stuff on our behalf.

Goldman Sachs predicts an increase in Global GDP of 7% over the next decade due to improvements in productivity due to Artificial Intelligence.

At some point in the future, we will all have personalised assistants (Alexa on steroids). Still, before that comes to pass, we can expect AI to be bolted onto all sorts of things we are already familiar with. So what will these integrations look like? And what will it mean for me?

Predictably technology companies such as Microsoft are early adopters; AI is poised to revolutionise information technology (IT), offering innovative solutions that enhance productivity, streamline processes, and optimise operations. Microsoft’s integrations with Microsoft 365 (formerly known as Office 365) exemplify how AI is harnessed to improve and assist us in various IT aspects.

Microsoft 365 plans business security and efficiency with future AI updates.

  1. Virtual IT Assistants and Chatbots: Integrating AI-powered chatbots into M365 environments allows employees to receive instant IT support and assistance. These virtual assistants can guide users through troubleshooting steps, provide solutions to common IT problems, and even automate routine tasks such as password resets, reducing the burden on IT helpdesks.
  2. Natural Language Processing for Documentation and Collaboration: AI-driven natural language processing can be used to improve collaboration and knowledge management within M365. For example, AI can automatically extract essential information from documents and emails, categorise content, and recommend relevant files to users, making finding and sharing information easier.
  3. Intelligent Data Analysis and Insights: AI-driven analytics tools within M365 can analyse large datasets to extract valuable insights. For instance, AI algorithms can identify trends in user behaviour, helping organisations understand how employees interact with their tools and applications. This information can be used to optimise workflows and improve user experience.
  4. Automated Threat Detection and Response: AI-powered security solutions integrated with M365 can monitor network traffic, identify unusual patterns, and detect potential security breaches in real-time. These systems can automatically respond to threats by isolating compromised devices or quarantining suspicious files, thus enhancing the overall security posture of an organisation.
  5. Predictive Maintenance for Infrastructure: AI can be employed to monitor the health and performance of IT infrastructure, such as servers and network components. By analysing data from these systems, AI algorithms can predict when hardware failures are likely to occur, enabling proactive maintenance and minimising downtime.

 

Chatbot example for business rollout

Chatbots have been around for decades, the classic chatbot example being Microsoft’s own Clippy.

chatbot examples include Microsoft's Clippy

Yes, Microsoft’s Clippy was a chatbot.

Specifically, Clippy was an animated character employed as an interactive assistant in Microsoft Office 97-2003.

Clippy was designed to provide users with helpful hints and suggestions as they worked in Office applications such as Word, Excel, and PowerPoint. For example, Clippy would appear as an animated paperclip and pop up with messages such as “It looks like you’re writing a letter. Would you like help?”

Everybody hated Clippy, so they were eventually quietly sacked, but Clippy and his brethren are if we believe the press about to take over the world and put us all out of a job.

Although Clippy was not a fully functional chatbot as we might think of today, it did engage in some limited conversation with users and responded to specific user inputs.

Compared to modern chatbot example, ChatGPT or Google Bard, Clippy was primitive.

However, Clippy is more representative of how we are deploying chatbots to support website sales functions, answering FAQs for customer service, and increasingly moving into the HR space.

In fact, Microsoft will be introducing chatbot features into upcoming editions of MS 365, so Clippy may ride again.

However, Clippy’s conversational abilities were quite basic, and many users found its presence and pop-ups annoying, which eventually led to its removal from Microsoft Office in later versions.

The new breed of chatbots is clever and are going to become cleverer.

Chatbots will undoubtedly be increasingly crucial for business, Clippy was a notorious fail, but get it right, and your business will reap dividends.

This article from Forbes is a great read.

The Good, the bad, and the ugly

Chatbots are used in business in a variety of ways, including:

  1. Customer service: Chatbots can provide 24/7 support to customers, answering frequently asked questions and providing help with basic tasks such as account inquiries or product recommendations. This can help reduce customer wait times, improve response times, and provide a more personalised experience for customers.
  2. Sales and marketing: Chatbots can engage with customers, answer questions about products or services, and provide recommendations based on customer preferences. This can help drive sales, increase customer engagement, and provide a more personalised shopping experience.
  3. Lead generation: Chatbots can qualify leads, gather information from potential customers, and schedule appointments or consultations. This can help businesses identify high-quality leads and improve their sales funnel.
  4. Internal communication: Chatbots can automate routine tasks such as scheduling, time tracking, and expense reporting. This can help reduce administrative workload and improve overall productivity.

Chatbots can help businesses save time and resources, improve customer engagement and satisfaction, and increase revenue and efficiency.

They can even help you write blogs.

Verified by MonsterInsights