Office 365 Tips for Improving Data Security

Office 365 Tips for Improving Data Security
Microsoft Office 365 Tips for Improving Data Security

Microsoft Office 365 has become one of the most widely used collaboration tools for many businesses around the world. This is due to the familiarity, convenience, and functionality that the platform gives its users. The pandemic made it even more apparent when businesses had to close their offices and remote work was enforced globally. However, cyber criminals are aware of this and are actively looking for ways to exploit user ignorance for their gain.

Below are a few security tips to help you and your company improve your Office 365 security:

Enable Device Protection

Microsoft Office 365 Tips for Improving Data Security protection

Users of Office 365 will agree that one of the best features it has is its mobility. Being able to access your files, collaborate with others, and checking business emails on any device is incredibly convenient. However, this can lead to security risks in the long run if devices are not properly secured.

Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). It helps your organization properly manage and secure your users’ devices, whether or not they are using company devices or using their personal devices (BYOD). One example of its capabilities is preventing emails from being sent to people outside your organization. It also allows your corporate data to be secured even if they are on a personal device, keeping it isolated from personal data.

Microsoft Intune Capabilities

  • Option to be purely cloud or co-managed with configuration manager and Intune.
  • Customize rules for both personal and organization-owned devices when accessing corporate data and networks.
  • Protect your company information by controlling the way users access and share information.
  • Ensure security compliance for all devices and apps

Set up Email Security

Microsoft Office 365 Tips for Improving Data Security email

Attackers usually take the path of least resistance when targeting your network which is usually your users. Phishing attacks have gone up since the pandemic since users are more vulnerable outside your network. Making use of the default Office 365 anti-phishing capabilities can help your company monitor and block known campaigns to lessen the risk of a breach. These functions can be enabled through the Microsoft Defender in the settings window.

If your company would like a complete email security solution for your Office 365 defense, Trend Micro Email Security for Office 365 can help. The Trend Micro solution uses an optimum blend of cross-generational threat techniques, like machine learning, sandbox analysis, data loss prevention (DLP), and other methods to stop all types of email threats.

Trend Micro Email Security Capabilities

  • Stops phishing and spam by examining email senders, analyzing email content and malicious URL
  • Protects against BEC by examining email behavior while allowing you to define priority users for BEC protection
  • Detects and blocks advanced threats using machine learning and sandbox analysis

Turn on Multifactor Authentication (MFA)

Enabling the MFA capabilities of Office 365 adds an additional layer of security to avoid data breaches. By verifying each user that requests for access, lessens the chance that any malicious attacker can get into your network. Office 365 MFA can be enabled for individual accounts or through policies for all users. Individual account option makes users go through authentication on their login while policy-based MFA can be customized based on the user’s role or permission levels. The policy-based option is not available on all licenses.

RSA SecurID is another option if you are looking to improve your MFA capabilities for Office 365. With a native Office 365 integration, you can better secure your network with a variety of different authentication methods. The below authentication methods are also available whether or not the user has internet access:

  • Hardware tokens
  • Soft tokens through the mobile app
  • Biometrics through the mobile app
  • Tokens received through Email or SMS

For further security form the RSA solution has machine learning for its authentication solution. However, it is not included in the basic edition.

Contact us at marketing@ctlink.com.ph to learn more on how you can better secure your Office 365 suite today!

Improve Visibility and Detection Beyond Endpoints with Trend Micro XDR

Improve Visibility and Detection Beyond Endpoints with Trend Micro XDR

The threat landscape is always evolving, making it hard for traditional security measures to adapt to it. This has become even more prominent ever since the pandemic; threat actors have been taking advantage of the increased attack surfaces that remote work has provided. However, if you are only securing the endpoint side, you only see a part of the malicious activity and would not be able to properly find the source and cause of it.

Another thing that must be put into consideration is that not all companies have a dedicated security team to make sense of all the alerts that an organizations security solution may notify them of. If you have no one to analyze the alert or if your team can’t respond fast enough due to the number of alerts, you leave your network vulnerable to threat actors.

This is where a security solution like Trend Micro’s XDR can help.

Better visibility of threats to your network

Trend Micro XDR has a reference of indicators of compromise (IoC) that is capable of scanning not just endpoints, but also across emails and network servers, giving your IT team more security visibility of your infrastructure.

Investigating across your organization

Trend Micro XDR allows your IT team to find threats that may have bypassed your security before and also allows you to investigate threats that have already been blocked to find their origin.

Extending your security team

With Trend Micro Managed XDR, you are able to outsource experts from Trend Micro to help interpret the security reports and alerts to quickly remediate threats to your network. This is helpful in both situations in which you have a dedicated security team, as it helps free their time to do other tasks, and those who cannot afford to have a dedicated team.

Machine learning and signatures

Machine learning is used to ensure that files you download are safe through sandboxing to ensure no malicious actions are done once it is running. Signatures on the other hand help quickly distinguish known malicious files and immediately blocks them once detected.

Virtual patching

Once an exploit is found, you need to apply the necessary vendor patch to ensure your business-critical server is safe. However, as we know this is usually easier said than done as patching requires your operations to stop. With Trend Micro, you are able to virtually patch your machine to protect you from the exploit while you slowly patch your business-critical servers.

These are just some features of the XDR suite that Trend Micro Offers, if you are interested in learning more on Trend Micro XDR or other security solutions, you may fill out the form below and we will contact you as soon as we can!

Enhance your VPN security with Multifactor Authentication!

Enhance your VPN security with Multifactor Authentication!

Today, traditional username and password is no longer enough to ensure the security of your network. As users are likely to reuse passwords, credentials are vulnerable to leakage, which become additional potential entry points for threat actors.

This is because cyberattacks now indirectly target networks through your users and their devices. In the Philippines where virtual private network (VPN) is widely used to remotely access the corporate network, this becomes a prime target. With only traditional username and password as security in place, it is difficult to verify if the access request is from a legitimate user, and thereby, easily granting unrestricted access to your network.

So what can companies do to mitigate these threats? This is where multi-factor authentication (MFA) solutions like RSA SecurID come in.

Confidently authenticate users with RSA SecurID

To achieve a higher level of security for your network, you need an adaptive way to verify user identity before authenticating. By having an MFA solution in place, it minimizes the risks of allowing compromised user accounts into your network, especially with the huge repercussions as VPNs usually provide users a full access. This is done through authentication steps like approving via push notifications, biometrics, and one-time passwords. Access requests are also screened by SecurID’s risk analysis before access is granted.

When using a VPN, companies are unable to get the control and visibility that they need to ensure security of their network if user convenience is in consideration and vice versa. RSA SecurID eliminates this dilemma through the following:

Creating a single platform to access and authenticate when accessing the VPN, which eliminates the need of multiple MFA solutions on an on-app basis while maintaining compatibility for your legacy or modern (whether its on-prem, private, or public) applications.

Providing a high level of identity assurance that gives your security a strong mechanism for confirming users are who they say they are

Giving users a choice over how they authenticate (either through push notifications, biometric or one-time password)

Granting users a way to authenticate quickly and intuitively with real-time responses at no expense of productivity

On top of these, It is easy to deploy and manage. Users only need to download the SecurID app through their preferred app store (IoS, Android, or Windows) while administrators are able to manage all account through a single window.

If your company is looking for ways to improve your access gateway security whether it be for legacy applications, on-premise or cloud apps, SecurID has the capabilities to ensure identity assurance.

To learn more about RSA SecurID and multi-factor authentication solutions, fill out the contact form below and we will get back to you as soon as we can!

Improve your Zero trust Strategy with Pulse Zero Trust Access!

Improve your Zero trust Strategy with Pulse Zero Trust Access!

Digital transformation is changing the business norms. Access and connectivity are becoming more flexible as devices, users, applications, and infrastructure adapt to a new era of hyper-connectivity. This has prompted enterprises to consider how to secure access for their users and applications while managing cybersecurity risks in a network with little to no boundaries. This is where Zero Trust solutions like Pulse Zero Trust Access (PZTA) comes into play.

The PZTA platform enables diverse users from any location to access public, private, and multi-cloud applications as well as data center resources securely while staying user friendly. Be it a hybrid cloud or pure cloud strategy, PZTA can help organizations enhance their security, productivity, and compliance while also improving administrative and user experience.

Below are a few key areas in which PZTA can help improve:

On-premises, SaaS and Hybrid Cloud Applications

PZTA allows you to have Zero Trust Secure access remotely or on-site to your corporate applications whether they are located in your network perimeter or in the cloud (private or public). Users and devices are authenticated continuously while maintaining secure entry points for your network and user device through the use of encryption channels.

Keeping user and application traffic
within the corporate network

Organizations can be confident when users from any location access any application using any device. All user traffic is directed to PZTA which acts as a middleman where user requests are fulfilled by PZTA accessing data from the corporate network on their behalf. Since data are not accessed directly by users, this lowers the area of attack of compromised accounts and devices.

Difficulty of managing
resources in the cloud

The PZTA cloud-based service emulates the same access and management experience as an on-prem solution. This means that you can enable the same level of visibility, compliance, enforcement, and analytics as you would in an on-prem solution.

Visibility, Enforcement and Compliance Reporting

PZTA provides a single pane-of-glass visibility of all users connecting to your network, regardless of the location of the user, application, or resource.

Visibility gaps

From the PZTA dashboard, administrators can get holistic visibility of users, devices, infrastructure, and applications as all access is authenticated and authorized by it. These are also logged in the dashboard for reporting and auditing purposes.

Ensuring user endpoint compliance

PZTA first goes through a set of policies during authentication to see if devices trying to access the corporate network are compliant. Users can then follow pre-defined remediation given set by the administrators so that they may access the network.

Measuring users’ risk factors

User activities are measured and given a “risk score” based on users’ behavioral patterns. Stricter authentication or restrictions can be dynamically applied to verify the user’s identity once there is behavior outside the norm detected. This continuous anomaly and malicious activity detection is used to ensure the network’s security.

These are just a few ways in which Pulse Zero Trust Access can help companies improve their visibility and security. If you would like to learn more about Pulse Secure solutions, you may fill out the form below and we will contact you as soon as we can!

Protect users from browser based-attacks with Citrix Secure Workspace Access

Protect users from browser based-attacks with Citrix Secure Workspace Access

The way we work has changed. The imposed strict social distancing rules due to the global pandemic, combined with the growing representation of the digital-savvy millennials in the workforce were catalysts in moving organizations forward in their digital transformation journey to increase employee mobility.

However, this shift in workplace culture has increased the security risks brought about by the proliferation of BYO devices of employees that access resources via VPN. When not secured properly, these devices serve as additional entry points for cybercriminals to the organization’s network.

Key challenges in traditional security controls

Mishandling of data and misuse of network access have become a growing concern, increasing the demand for more control and visibility over the users’ granular access to permissions to data.

Threats that may come from malicious websites, such as spoofing web conferencing sites, should be isolated from the corporate network to protect corporate data.

Employees may knowingly (or unknowingly) access restricted websites such as pornographic or social media web pages. The organization must block those attempts to protect its assets.


To address these challenges is a big step forward for organizations to improve their digital transformation journey. Although this is easier said than done, Citrix may have the answer to help you address these challenges.

Citrix Secure Workspace Access

The Citrix Secure Workspace Access service provides a unified experience by integrating single sign-on, remote access, and content inspection into a single solution for an end-to-end Secure Workspace Access. It does this by providing your administrators the ability to:

Configure a workspace to securely add, manage and deliver access to apps from any device

Configure web filtering to allow/block websites that can be accessed by the end-user

Isolate web browsing to protect the corporate network from browser-based attacks with no user device configuration needed

With these, administrators can rapidly roll out secure browsers, providing instant time-to-value. By isolating internet browsing, IT administrators can offer end users safe internet access without compromising enterprise security.

This is only the tip of what Citrix Secure Workspace Access can provide to your organization, if you would like to learn more, you may fill out the form below and we will get back to you as soon as we can!

Security Advisory: Malicious Attacks using COVID 19 are becoming more widespread

Security Advisory: Malicious Attacks using COVID 19 are becoming more widespread

Due to recent events, many of us have had to do significant life changes be it personal or work related. This has affected many of us globally and even created a trend that many are using to their advantage, such as people making profit off shipping masks to other countries. So, it comes to no surprise that many cyber criminals are also using this to their advantage. According to Trend Micro, there has been a surge of malicious attacks being detected that have been using the COVID 19 as a lure to infect unsuspecting users.

From the duration of January 1, 2020 – March 27, 2020, Trend Micro’s Smart Protection Network blocked more than 300,000 threats using the COVID 19. They found that 65% of the attacks were in the form of spam emails while other 35% were malware related or malicious URLs. Around 56% of malicious URLs are phishing attacks, so making sure your workforce is properly educated on how to spot these attacks is crucial in keeping your company safe. Around 80,000 files used in spam that had the keyword COVID were mostly Trojan files, the others were in different malware families, only a handful were ransomware related.

Defending your Workforce from COVID related threats

Below are a few tips in which your workforce can follow to help minimize the risk of falling for COVID related scams:

Use a company device for remote work if possible

If possible, use company issued devices. Personal devices may not have as much security controls then company owned devices. Do not use company devices for anything unrelated to work.

Prepare a backup solution at home

Preparing a backup with what you have on hand (USBs, external hard drives, etc.) is better than not preparing in case anything goes wrong.

Be wary of online scams

Unfortunately, there will be people using this crisis to scam or make money of people who are currently on high alert. Let us remember to always be vigilant and look out for suspicious emails or URLs, especially if they are unverified and currently using COVID in their filename or URL.

For those who wish to add more security to their current mobile workforce, Trend Micro’s Smart Protection suite and Worry-Free Business Security can help you detect and block these malicious threats.

As an added layer of defense, Trend Micro™ Email Security thwarts spam and other email attacks. The protection it provides is constantly updated, ensuring that the system is safeguarded from both old and new attacks involving spam, BEC, and ransomware.


To learn more about how to better protect your workforce with Trend Micro solutions, you can send an email to marketing@ctlink.com.ph and we would be happy to answer your inquiries!

Five tips from Microsoft Detection and Response Team to minimize Advanced Persistent Threats

Five tips from Microsoft Detection and Response Team to minimize Advanced Persistent Threats

Microsoft’s Detection and Response Team (DART), in an effort to encourage the use of better security practices, is planning on sharing its experiences wit customers to let others know the methods of hackers.  One particular customer story just shows how some organizations are still lax when it comes to security as they had 6 different groups hacking their network in the same time period.

In the first report that they gave, there was details of an advanced persistent threat (APT) that was able to steal administrator credentials to steal sensitive data.  This attack persisted for 243 days, this was when DART was called in to help the customer.

One thing to note, this attack could have been prevented if a multi-factor authentication (MFA) was in place.  Microsoft says that almost 99.9% of compromised accounts do not use MFA, and only 11% of enterprise accounts use MFA.

When DART was in the process of removing the attacker on the system, that was when it discovered the other 5 intruders within the network.  The attackers were not coordinating the attack together, the main attacker used a password-spraying attack to get the credentials of the Office 365 admin.  They then searched the mailboxes for confidential emails that contained intellectual property in certain markets.

The company tried its best to resolve the attack in the first month, but then needed to call in an incident-response vendor to help.  It proved to become a lengthy investigation and after 7 months, Microsoft’s DART was called to help with the investigation.  They were able to eject the threat on the day they were assigned the task.

Below are a few Microsoft recommended ways in which to avoid the risk of APT attacks:

  • Enabling MFA
  • Removing legacy authentication
  • Giving enough training to first responders
  • Logging events properly with a security, information and event management product
  • Recognizing attackers use legitimate administrative and security tools to probe targets

To learn more about how you can keep your systems safe from APT attacks or other major attacks like ransomware, you can contact us at 8893 9515 or email us at sales@ctlink.com.ph and we would be happy to help you!

Ransomware attack causes a US Telemarketing Company to shutdown before the Holidays

Ransomware attack causes a US Telemarketing Company to shutdown before the Holidays

Last year before the holidays, an Arkansas-based telemarketing firm was hit by ransomware.  Their employees at the time didn’t even know they were hit by it, however they felt the repercussions of the attack.  More than 300 employees were sent back to their homes and told that it would be best to try looking for another job as a worst-case scenario if they are unable to recover their data.

The attack that happened on October 2019, forced the CEO of the company to send a letter informing their employees of the situation.

“Unfortunately, approximately two months ago our Heritage servers were attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running,” wrote Sandra Franecke, the company’s CEO, in the letter sent to employees.

With the initial recovery plan failing, it was estimated to only take 1 week, management decided to suspend operations while the process is ongoing.  However, many of the 300 employees are doubtful that the company will be able to survive this situation.

This situation is not as uncommon as you would think it is.  In the last few years, many other companies have decided that a ransomware attack was too costly for them to recover and ended up shutting operations down.  One example would be a Medical practice in Michigan opting to end their operations 1 year earlier than planned rather then deal with the fallout of a ransomware infection.

Situations like this could have been avoided given that they were able to:

  1. Have proper security measures implemented to detect and isolate suspicious files
  2. Had their data recovery plan regularly tested or had on implemented in the first place.

If you would like to learn how we at CT Link Systems, Inc. can help you company better secure your IT environment or even ensure that you have a good BCDR plan in place, Contact us at 8935 9515 and we would be happy to help you!

PlunderVolt: A new Vulnerability found in Intel Processors

PlunderVolt: A new Vulnerability found in Intel Processors

Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs.

It was reported by three academics from three different universities across Europe that a new attack was re that affects the integrity of data stored in the highly-secured area of Intel CPUs called the Intel SGX.  The attack exploits an interface which is in charge of controlling the voltage regulation of the Intel processor, this interface is something that many gamers will recognize as it is the same one that is used to overclock their CPUs.  The attack is aptly named, Plundervolt.

How it works

Plundervolt only targets Intel Software Guard eXtensions (SGX). The Intel SGX, for those unfamiliar with it, is a powerful security feature that is found on all modern Intel CPUs that keeps very sensitive data for applications to ensure that other applications are unable to access it.

By using the CPU’s energy management interface, it is able cause some changes in the SGX data just by altering the electrical voltage and frequency of the SGX memory cells. This causes bugs and faults appear within the data and operations which SGX handles.  Meaning, instead of destroying, Plundervolt sabotages output to weaken the encryption of SGX and even cause errors within apps that might have not been there before to exploit and steal data.

However, unlike other attacks, Plundervolt cannot be exploited remotely like luring users into a website and then being able to execute the attack.  Plundervolt needs to run from an app of an infected hosts with root or admin privileges.  So getting a successful attack may be harder compared to other attacks but once they are able to get in your system, they will be able to exploit your system much faster than most other attacks.

What Intel CPUs are infected and where can we get a fix?

According to Intel, the following CPU series are vulnerable to Plundervolt attacks:

Intel® 6th, 7th, 8 th, 9th & 10th generation CoreTM processors

Intel® Xeon® Processor E3 v5 & v6

Intel® Xeon® Processor E-2100 & E-2200 families

Plundervolt is nothing that end-users should worry about. It’s an attack vector that is of little interest for malware authors since it’s hard to automate at scale. It is, however, an attack vector that could be weaponized in targeted attacks, against specially selected targets. If Plundervolt is a serious threat depends on each user’s threat matrix.

For those who are looking for the update to fix this vulnerability, you may refer to the microcode and BIOS update here.

For any inquiries with regards to this vulnerability or any other security questions, you may call us at 8893-9515 and we would be happy to help you!

A Closer look at Processor Vulnerabilities

A Closer look at Processor Vulnerabilities

The past few years has been rough on processor security, this especially for Intel as one of the biggest processor vulnerabilities Meltdown and Spectre was for nearly all their modern CPUs.  Although patches came out almost immediately to solve these issues, this was just the start to the security vulnerabilities as other attacks such as MDS (Microarchitectural Data Sampling) have been popping up.  So why are these vulnerabilities and security flaws only now coming to light?  These issues actually are quite complex and would need a further understanding of the advances of CPU technology such as the following below:

  • L1/L2/L3 caches
  • Speculative execution
  • Pipelines and buffers
  • Hyper-Threading

If you are unfamiliar with the above technologies, they basically function as ways to help improve the speed of the CPU.  In theory, without these components, we could have a much more secure processor at the cost of performance.  Vendors are caught in a predicament of wanting to increase performance but also have to consider the security implications of newer technology.  This shows in the patches for recent vulnerability fixes which brought performance down of the CPU by 5-30%.  The latter number can be alarming but does not usually affect home users as the 30% is more frequent for servers.

Although vendors are still working on improving their security to prevent future vulnerabilities from happening, there are still ways to make sure that your data is protected like adding an additional layer of security.  With the help of 3rd party security vendors such as Trend Micro can help with products such as Deep Security through virtual patching.

To get a more in depth understanding of the processor vulnerabilities, you can refer to this article here.  To learn more about Trend Miro Deep Security, you can visit our page here or contact us directly at 893-9515 and we will be more than happy to answer your inquiries!