Email continues to be the most popular attack vector, via organizations at their email perimeters, from inside the organization (through compromised accounts, vulnerable insiders, social engineering) or beyond the organization’s perimeters (the domains they own and their brands via impersonation). Cyber threat actors and threat groups are continuously researching and testing out new tactics, techniques, and procedures (TTPs) in an attempt to overcome and exploit this increasingly sophisticated and complicated technology.
To add to the complexity, many global corporations have been forced to adopt remote working policies for office-based employees to help ensure the safety of the workforce during the COVID-19 pandemic, and threat actors have followed them home. An increase in the variety and volume of attacks is inevitable given the desire of financially and criminally-motivated actors to obtain personal and confidential information. The annual State of Email Security report 2020 gives you an overview of the current landscape we are all facing and a guide to help drive continuous improvement to your cyber resilience strategy.
So how can you securely dispose of your old or unused IT devices and hard drives? Every company wants to save the planet or at the very least would like to make a difference, but in these modern times with so much legislation and so many rules to adhere to how do you do it in an environmentally but secure way?
With the continued growth of IT equipment to help with remote working, what do you have planned for your old or decommissioned assets? So much to consider and think about.
Devices can potentially hold information equivalent to approximately 1,000,000 documents, so ensuring that this information is wiped completely, and everything is securely disposed of should be a key element of any disposal decision.
Then there is the environmental impact to consider. Most devices contain enough heavy metals and toxic elements to pollute our air, land and water. They therefore simply can’t be put but in the “recycling or wheelie bin”, they must be disposed of in a responsible and environmentally friendly way.
eacs has a number of solutions available which can help you simplify this process and ensure that you stay compliant and green, while still meeting GDPR regulations
Staying secure against ransomware isn’t just about having the latest security solutions. People are invariably the weakest link in cyber security, with human error causing 90% of cyber data breaches in 2019 according to government figures, and cybercriminals are experts at exploiting normal human behaviours for their own personal gain. Therefore, good IT security practises are essential components of every organisation’s security setup.
Technologies that Microsoft provide are maintained through security and other patches, fixes, updates and support. But their support only lasts for a clearly defined period of time.
A typical Microsoft product lifecycle lasts 10 years from the date of the product’s initial release, and the end of this lifecycle is known as the product’s end of support, in which Microsoft will no longer provide updates or support of any kind.
For Exchange Server 2010, that time is coming this October.
Staying on an unsupported software is a more dangerous practice than you may think. When extended support ends, you’re no longer receiving any kind of updates. And therefore, you’re vulnerable.
End of support can result in vulnerabilities being exposed that impact your business:
No More Security Updates: this leaves businesses vulnerable to all kinds of malware and malicious activity.
No New Documentation: guidance and best practices will no longer be produced; access to support and experts will be limited.
Increased Compliance Risks: running outdated or unsupported products could be a quick ticket out of compliance, based on your specific industry. Do your homework and be prepared to make the transition ahead of time.
PCI DSS - if the systems are not patched and not supported then the business is potentially non-compliant
If you are Cyber Essentials certified - if your Exchange Server is not supported and not patched, you are not compliant with the advice to “keep your devices and software up to date” and potentially non-compliant at your next audit
Your installation of Exchange 2010 will continue to run after this date but as bug fixes will not be provided, this will create risk to the usability and stability of the server.
Due to all of the reasons listed above, we strongly recommend that you migrate from Exchange 2010 as soon as possible.
What are the options?
We hear a lot of security concerns in IT, but this one is completely avoidable with proactive planning.
You have time if you act now. The end of support deadline for Exchange Server 2010 is Tuesday October 13, 2020.