by Felicien | Feb 15, 2019 | Education
Companies today operate under strict regulatory conditions. Complying with those regulations can be daunting, but failure to do so has serious implications. Managing compliance, therefore, is imperative. Microsoft offers Compliance Manager, a unique cross-Microsoft-Cloud tool, that allows organizations to manage and navigate the complex terrain of regulations. Here is how Compliance Manager works to help your company comply with the law and applicable regulations and standards.
Who is Compliance Manager For?
Compliance Manager is for any company or organization that needs a comprehensive and proactive tool to assess, track, verify regulatory compliance and assign tasks related to the same. Anyone who must comply with regulations or standards like the following would benefit from this tool:
EU General Data Protection Regulation (GDPR)
Health Information Portability and Privacy Act (HIPAA)
International Organization for Standardization (e.g., ISO 27001 and ISO 27018)
National Institute of Standards and Technology (NIST)
Essentially, the tool allows you to protect data and meet regulatory requirements via Microsoft cloud services.
What are Compliance Manager’s built-in features?
Compliance Manager features various tools to help your organization comply with regulations and standards pertinent to data protection and security. Here are three specific capabilities featured:
Assessment. The tool allows you to assess compliance from one place. Risk assessments are conducted on an ongoing basis.
Protection. Users can protect data across all devices, applications, and cloud services by using encryption, controlling access, and implementing information governance.
Response. Users can respond to regulatory requests through the incorporation of eDiscovery and auditing tools that allow you to locate relevant data for meaningful responses.
Through these features, Compliance Manager works to help you stay in and proactively manage compliance.
How does Compliance Manager Work?
Compliance Manager works by utilizing a single dashboard to see compliance stature. The dashboard provides summaries of your company’s assessments and action items. From those summaries, you can access controls and tools like exporting data to Excel.
You create assessments for the regulations and/or standards that matter to your company using Office 365, Azure, or Dynamic 365.
From these assessments, you receive actionable insights and detailed information about what Microsoft does to secure your data and help you comply with regulations.
Assessments
On the Assessments page, you are provided snapshots of your company’s compliance with specific regulations and standards — like those listed above — assessments of each.
For instance, compliance snapshots of your company will identify your company’s overall compliance with regulations like GDPR or standards associated with NIST or ISO. Each category is provided a “Compliance Score,” and the higher the score, the better your compliance stature.
On the same page, you are also provided with snapshots of assessments for each of these same categories. An Assessment Status is provided to let you know the status of the current assessment (e.g., in progress).
Under each of these snapshots, whether it is for compliance or assessment, you are additionally informed of:
The created date;
The modified date;
The number of customer-managed actions and the number of those actions that have been addressed; and
The number of Microsoft managed actions and the number of those actions that have been addressed.
Action Items
This page provides guidance on actions that could or should be taken to increase your Compliance Score. These are recommendations and are up to the company to implement.
Controls
Controls are the core of how Compliance Manager works. There are two controls: Microsoft and Customer.
Microsoft managed controls is a family of controls that align your company assessments with the standards and regulations. They are managed controls used to implement the assessment and assess compliance. Customer-managed controls, on the other hand, are controls that you as an organization manage. Here, you can implement actions recommended by Microsoft to increase your Compliance Score.
Compliance Manager is a tool to simplify compliance for organizations. It offers real solutions to a complex problem.
by Felicien | Feb 14, 2019 | Education
Users of Facebook Messenger, which number over 1.2 billion people worldwide, now have a new feature that makes life a bit easier after making an “oops.” An oops is a mistake in an instant message that is immediately noticed, right after sending it, by the person who wrote it. It could be that a message includes a goofy typo. Typos are usually much easier to see right after sending a message than before sending it. This is a psychological thing.
The need for message deletion could also come from a message intended for one person that might be accidentally sent to the wrong person or incorrectly to a group. It could be that a group message was sent to someone who should not be included.
One thing that is helpful with this new feature is the ability to remove a photo that was sent in error. If the person receiving the message with the photo does not make a copy of it, it is possible that the mistake goes away when deleted by using the new unsend feature.
This may save considerable embarrassment. There is probably nothing more unfortunate than sending an explicit photo to your mother by accident. Hopefully, she does not see it before you get a chance to unsend it and send her a new message with the correct photo attached.
Ten Minutes to Change Your Mind
Now, for up to ten minutes after being sent, Facebook Messenger allows a person to delete a message. It disappears and then in its place appears the notation that the message was deleted.
Be aware, that there is no delay in sending the message out. Perhaps, if the receiver of the message is not paying close attention to their Facebook Messenger, the message may go unread. However, if a person already read the message, they know what it was about. The time limit of ten minutes for deletion also means that a message is not changeable the next day after a late night, drunken, message-sending binge.
Everyone Has Zuckerberg Unsend Power Now
The idea for message deletion on Facebook Messenger came from users who noticed that some of Mark Zuckerberg’s messages would disappear after a certain amount of time expired. Zuckerberg had this power to remove the messages if he changed his mind about the content with an afterthought. This was a superpower built into Mark Zuckerberg’s Facebook account that allowed him or his assistants to delete messages but was not part of the overall Facebook Messenger software’s capabilities.
Facebook Messenger users in droves petitioned the company to give them this unsend power for their accounts. The company agreed to do this and leaks came out during 2018 that this upgrade was underway.
Facebook also owns WhatsApp. Facebook bought WhatsApp for $14 billion in October 2014. On the WhatsApp system, it is possible to delete a message for up to an hour after it was created. This WhatsApp feature was extended to Facebook Messenger.
Adding this feature to all the Facebook Messenger accounts was not trivial. It took nine months of software retooling to get this feature working for all of Facebook users. Finally, in February 2019, it became available to everyone in the latest Facebook Messenger software release and upgrade.
What’s Next for Facebook Messenger?
Behind the scenes at Facebook, there is an ongoing effort to integrate all the messenger apps into one. Adding this unsend feature is heading in that direction of making Facebook Messenger blend with WhatsApp.
Facebook also owns Instagram, which it bought in 2012 for the bargain price of only $1 billion. Instagram was considered a startup at that time. Instagram has about one billion users now. About 80% of them live outside of the United States. The plans for 2019/2020 are to continue the integration of Facebook Messenger, WhatsApp, and Instagram with a redesigned interface that is simpler to use and elegant.
Until now, WhatsApp operated independently of Facebook Messenger. It has features, like message encryption, that Facebook Messenger does not have. There are also plans to make WhatsApp a payment gateway to challenge payment services like PayPal.
One significant problem is that Facebook is suffering from a serious diminishing of public trust. Many users have been leaving the system and deleting their Facebook accounts. Some do not trust Facebook’s influence over WhatsApp and think that Facebook can be persuaded to put a “backdoor” in the WhatsApp system to allow law enforcement the easy ability to spy on the encrypted communications of the WhatsApp users.
This is not so far-fetched because of the revelations that Facebook allowed its users’ data to be hacked and private information of its users to be misused by hostile foreign governments. The Facebook system was gamed in an attempt to influence the American elections.
Facebook has quite a way to go in order to rebuild trust with the public. There is no point in using any encryption service if the encryption protection can be bypassed by anyone, especially governments. Facebook may find that it loses WhatsApp users by trying to convert them to Facebook Messenger users, since, at this time, most WhatsApp users do not even realize that the service is owned by Facebook.
The Facebook Messenger Behemoth Rises
The New York Times reports Facebook wants to integrate the underlying system structure of Facebook Messenger with WhatsApp and Instagram while keeping the public interface of these three systems appear to be operating as stand-alone apps. This will aggregate the instant messaging of over 3.2 billion users. This move to integrate the three services by the Zuckerberg team brings up serious anti-trust issues and more concerns about privacy and security. Can Facebook really be trusted with all of our most private conversations?
To address privacy concerns, adding point-to-point encryption is one of the main goals for the integration of all three services during 2019 and 2020. The challenge for Facebook may not be convincing its users that it is serious about protecting their privacy as much as being able to avoid having to introduce a “backdoor” in the encryption software to allow government spying on the messages.
The new anti-encryption legislation, which just passed during December 2018 in Australia, suggests that this backdoor policy may become a new standard of government intrusion on privacy. A backdoor makes systems vulnerable to abuse and exploitation. Criminals may gain unauthorized access by exploiting the vulnerability of having a backdoor. Government workers may misuse private data that they can access.
The project requires thousands of Facebook programmers to work on it. Facebook estimates that the upgrade and integration of Facebook Messenger with the other systems will take over one year to complete. That timeline may be overly optimistic when it took nine months for Facebook just to add the unsend feature.
While the unsend feature may keep others from continuing to see a message if deleted within ten minutes, it does not permanently delete the record of the message from the system. Beware that Facebook will continue to store that embarrassing photo you mistakenly sent to your mom forever.
by Felicien | Feb 14, 2019 | Education
There is a lot to love about the work that you do, and hopefully, your technology is part of that. Loving your IT means having a great relationship not only with the devices, software, and applications you use each day, but with the folks who look after them.
If you’ve stopped feeling that spark with your IT or your IT provider, now is the time to find a relationship that works.
Get in touch with {company} at {email} or {phone}, and we can help you fall back in love with your business technology.
by Felicien | Feb 13, 2019 | Education
Microsoft Office 365 is a suite of services that includes Customer Lockbox and Privileged Access Management. Both tools to assist customers in meeting their compliance obligations and maximizing data security and privacy. These tools are currently only available for customers with Office 365 Enterprise and Advanced Compliance SKUs.
Privileged accounts are being compromised more rapidly every day and sensitive data can be exposed in shorter and shorter periods of time. Therefore, organizations must establish multiple regulations, procedures, and compliance obligations that must be followed before access is provided by anyone. Microsoft Office 365 understands this and has built-in Privileged Access Management to meet these higher levels of security. Lockbox and Privileged Access Management provide granular task-based access control within an approval workflow so organizations can gather privileged access as well as monitor and control sensitive tasks.
Multiple Layers of Protection
Microsoft 365 Customer Lockbox and Privileged Access can assist organizations to meet their compliance obligations through a built-in set of tools offering multiple layers of protection to:
1. access their compliance posture
2. protect sensitive data
3. respond to requests
4. maintain business continuity
5. efficiently reduces costs
This is accomplished by ensuring there is a regulated process flow to handle incoming requests. Virtually all Microsoft operations are fully automated unless during very rare circumstances requiring human involvement that is necessary to troubleshoot and correct a problem. If this intervention is needed, an approval request is generated, and then the approval group is notified by email. The request can either be approved or denied and even blocked. If the request is approved, the task is processed and checked against the privileged access policy and then logged in the Office 365 Security and Compliance Center.
Customer Lockbox Controls
Customer Lockbox allows users to control how Microsoft support engineers access data and features special procedures for explicit data access authorization. This keeps your information secure while the problem is being fixed. Customer Lockbox works with Exchange Online, SharePoint Online and OneDrive For Business.
There are multiple levels of approvals from the Lockbox system before access is granted, so your information remains secure. The request must be very specific and include role, data location details, the specific reason for the access and the duration of the access. There is also an expiration time on all requests, so the content access is removed after the engineer has fixed the problem. The majority of problems do not require Customer Lockbox access, but it is available and very secure. The Customer Lockbox feature can be turned off in the Admin Center.
Refer to this informational video to learn more about how Customer Lockbox And Privileged Access Management In Office 365 can help you keep your information secure.
by Felicien | Feb 13, 2019 | Education
The auto-fill feature that makes it easy to enter in usernames and passwords on various websites may be putting your information at risk.
While auto-fill is a convenient way to keep track of the many combinations of letters, numbers and special characters you need to access sites, the feature is also being used by advertisers and hackers. That’s why many security experts are suggesting turning off the auto-complete feature in your web browser.
Password manager programs embedded in browsers are a simple way to get access to a password-protected website. The password manager auto-fills your details, giving you one-click access to account information meant to be kept private.
How Hackers Get Access
If hackers get access to a compromised website, they can put an invisible form on the site and easily collect users’ login information. If your browser automatically enters this information when it sees the appropriate boxes on a web form, it adds the info everywhere those boxes are found on a page, whether they’re seen by the user or not.
Because most web users use the same username and password for multiple sites, the theft of this information on just one website can expose your information on many others.
Not Just Hackers
It may come as a surprise to learn that hackers are not the only ones trying to use your login information. Some ad networks are using tracking scripts to grab email addresses stored in your password manager for auto-filling. That tech can be used to grab passwords too, whether stored on a browser or an independent password management site.
The ad networks are using the same technique as hackers — an invisible form that captures your credentials provided by the password manager. Here’s a helpful demo page that shows you how it works.
Ad networks are using this information not to hack your data, but to understand what sites you navigate to better target ads to you. And while they claim to only be grabbing email addresses, the potential for further abuse is there.
What Computer Users Can Do
Password managers by themselves are still useful tools, especially given the number of codewords we need to go about daily web browsing. It’s the auto-fill mechanism that needs to be disabled. That’s simple to do.
On Chrome
Go to Settings
Search for Passwords and click on the Passwords arrow
Toggle the Auto Sign-In tab to the left (it should be grayed out not blue)
For more protection, you can stop Chrome from saving any passwords by toggling the Offer to save passwords to the left
On Firefox
Open Options
Click on Privacy & Security in the left-hand navigation
Click on History
Select Firefox will: Use custom settings for history
A new submenu will appear
Unclick on Remember search and form history
To fully disable saving any passwords, go to the Logins & Passwords section (just above History) and unclick Ask to save logins and passwords for websites
On Safari (Desktop)
Open the Preferences window
Click on the Auto-fill tab
Turn off all features related to usernames and passwords
On Safari (iOS)
Go to Settings
Scroll down to Passwords & Accounts and click on it
Toggle the AutoFill Passwords tab to the left
Disabling the auto-fill features means spending a little more time finding and entering usernames and passwords manually. However, these steps protect you from prying eyes looking to gain more information about you and your accounts.
