Command Control Power is doing live broadcasts! Become a patron today to participate in our livestreams.
How do you protect domains that do not have email? Here are the key points:
-Email addresses can be spoofed to appear as if they are coming from a different domain. This can be used for phishing attacks.
There are several ways to protect domains without email addresses:
* DMARC record: This tells email servers what to do with emails that claim to be from the domain but don't come from an authorized source.
* DKIM record: This helps to verify the sender's identity for emails.
* SPF record: This specifies which email servers are authorized to send email for the domain.
Jerry recommends looking into Cloudflare.
* Whois privacy: This service hides the contact information for the domain owner. It can prevent ethical hackers from reaching out to report vulnerabilities, but it doesn't prevent spoofing.
Joe talks about creating a separate global admin account that is not used for regular email and has a strong password. MFA (multi-factor authentication) should also be enabled for this account.
Phishing campaigns and training is a great add on to protect clients from the weakest link…the user.
-Some users won’t see the value of services until something goes wrong.
-Sam is concerned about being locked into a cloud backup service once enrolled.
* Challenges of selling security services: Some clients may be resistant to paying for security recommendations, especially if they don't see the immediate benefit. We need to explain the risks and the potential consequences of not taking action.
Let clients say no to additional services, especially with relation to security.
* Synology vs Backup Service: There's a good discussion in the chat between on-premise backup using Synology and cloud-based backup services like Datto or Barracuda. Synology requires an upfront cost but offers more control and potentially lower cost in the long run, while cloud backups are easier to manage but can be more expensive.
Backup Considerations:
* Legal holds: Legal requirements to retain data for a certain period (e.g., 7 years) need to be considered when choosing a backup solution.
* Migration:** Moving between backup solutions can be difficult and expensive.
Synology Management:
* Active Backup can be used for backups.
* Active Insight can be used for monitoring backups and servers.
* Email notifications can be configured for Synology alerts.
Ultimately, choosing a Backup Solution depends on factors like the number of users, the amount of data, budget, technical expertise, and desired level of control.
Joe brings up Genie by Norton as a free scam detector.