OK - I'll start this off with some admiration for Google & Yahoo pretty much mandating that mail sent to them (including GWS hosted domains) has a DMARC policy configured.

For the uninitiated, DMARC is a policy configured in a DNS record for your domain that instructs receivers of email claiming to be from your domain on what to do if the message fails validation from Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM).
SPF validates which servers are allowed to send mail from your domain, and DKIM validates the message with a digital signature.
By default, a failure of either or both of these validations (depending on the recipient's mail provider) doesn't mean that the message won't be delivered to the recipient, and the recipient may not be warned about these failures either, as neither of these validations are included in the SMTP mail standard.
Your DMARC policy tells the recipient's mail provider what to do if validation of the message via SPF & DKIM fails. There are three actins that can be defined in the policy:

• None - Do nothing and let the message pass
• Quarantine - Quarantine the message, and don't forward it to the recipient
• Reject - Reject the message outright

In reality, Quarantine and Reject policies are essentially the same thing - the (fake) message from you isn't delivered to the recipient.
The None policy tells the recipient's mail provider "even though you know the message is fake, send it to the recipient's mailbox anyway, as if there is nothing wrong with it"

The None policy is intended only for short term testing (along with monitoring enabled by the RUA & RUF parameters in the DMARC policy) so that you can see if you've not configured your SPF & DKIM records correctly (it's common that people forget about their web server that sends messages on their behalf, or forgetting about a mass-mailing service that they use for marketing) or if your sending server isn't signing the outbound messages with a valid DomainKey.

Here's where we get to the root of the problem with Google/Yahoo's recommendation. Their recommendation is to set the DMARC policy to None, and they don't recommend configuring any of the other essential parameters, such as RUA or RUF.

If you're going to set your DMARC policy to None and leave it at that, then you have next to zero protection against Spoofing, where threat actors send emails that claim to be from you to (for example) your customers and suppliers with fake invoices, or notification of a change in bank details. They often also send malware via attachments or links to the same people as part of a targeted phishing campaign (remember that the recipient thinks the message from you, so trusts it). This is a supply chain attack.
Another scenario is that the attacker uses spoofing to gain access to a legitimate email account by tricking your internal IT support to reset a password (it's trivial to set a different reply-to address in a spoofed email - in fact, many marketing mass mailers use this technique)

So what should you do?

There are a number of recommendations:

• Correctly configure your DMARC record with a reject policy and appropriate RUA and RUF parameters
• Do some reconnaissance on your supply chain, checking that your suppliers in particular have a robust DMARC configuration
• Educate your end-users on Spoofing & Phishing
• Have a comprehensive set of policies regarding what to do when a
• Implement strong authentication, such as an MFA authenticator app or better still, implement phishing resistant authentication like PassKeys, which don't use passwords at all (your users will thank you).
• Utilize a good inbound mail filtering service

Remember that email is the key to your kingdom - you need to protect it at all costs.

Here's the good news - we at Cyber Warden can do all this (and much more!) with our Mail Aegis service quickly, inexpensively, and with minimal hassle.

cyberwarden.io/services/aegis

When selecting a cloud backup service for your Microsoft 365 (M365) or Google Workspace (GWS) data, a lot of companies look purely at price. These typically range in price from 3-5 USD/user/month.
What is often not considered is WHERE and HOW that data is stored.
Some services offer storage in just one location, others offer a choice between Europe and the US, which works for most companies located in the US or the EU, but if you're located elsewhere, what are the regulations for data sovereignty? What are the regulations for data retention? Do those services meet those regulations?
What happens if an attacker gets access to your backup portal as part of a ransomware attack and deletes all your backups?
Which software does the backup provider use?

Oh my…

A cloud backup provider that provides:

• Data Sovereignty in the location of your choice
• Immutable Backups (can't be deleted or changed)
• Retention Policies of your choice
• Encryption of the backups
• Fully managed service (not every company has a backup specialist)
• Named top tier software on the back-end
• Pooled capacity between users (some users have more data than others)
• M365 (including Teams, OneDrive and Sharepoint) and GWS support

That has to be expensive and complicated, right?

Maybe, if you did it yourself, and then on top of the software cost, you'd have to pay someone to implement, maintain and operate the platform…

What if there was a better way?

Well you're in luck. We partner with Assured Data Protection (Rubrik Global MSP Partner of the year 2023) to provide a fully managed, Rubrik based platform with all the features listed above for USD 3.00/user/month (even less if you are a Mail Aegis Gold customer, which bundles this service).

So yeah, not only do we (in our opinion) have the best (price AND performance) mail security platform on the market, but we offer the best (price AND features) disaster recovery platform on the market.

What are you waiting for?

Contact us at cyberwarden.io/contact

Sometimes we are asked what the cost of our services are, and when given the annual price, there's often some teeth sucking and a reply of "That's not in the budget - Maybe next year".
Let's start with some selected stats

• 11% click rate on phishing emails (Verizon 2024 Data Breach Investigation Report)
• Upto 66% of phishing attacks are ransomware or extortion (2024 Verizon DBIR)
• According to the FBI’s Internet Crime Complaint Center (IC3) ransomware complaint data, the median loss associated with the combination of Ransomware and other Extortion breaches has been $46,000 (2024 Verizon DBIR)
• Incidents involving Pretexting (the majority of which had Business Email Compromise [BEC] as the outcome) accounting for one-fourth (ranging between 24% and 25%) of financially motivated attacks. In both years, the median transaction amount of a BEC was around $50,000, also according to the FBI IC3 dataset. (2024 Verizon DBIR)
• 1.2% of all emails sent are malicious (getastra.com)
• 92% of Australian organizations suffered a successful phishing attack, showing a 53% increase from the year 2021. (getastra.com)
• Breaches caused by phishing took the third longest mean time to identify and contain at 295 days according to IBM’s 2022 Data Breach Report. (getastra.com)
• Statistics by Norton reveal that around 88% of organizations face spear phishing attacks in a year meaning businesses are targeted almost every day. A 2019 Threat Report by Symantec showed that 65% of cyber-attacks are perpetrated through spear phishing. (getastra.com)
• Over half of all users can't differentiate a real and fake login page (getastra.com)

Worrying stuff…

Now let's explore the cost of protection.

• Secure Password Manager (Bitwarden Teams) - 4USD/user/month
• Cyberwarden Mail Aegis Gold - 6.85 USD/user/month.

That's right. Our top tier mail protection platform works out to just 0.22 USD/user/day. That includes full DMARC, SPF, DKIM and MTA-STS configuration, M365/GWS Tenant security configuration, Basic DMARC/DKIM/SPF reporting, Mail Filtering for phishing & malware with zero retention, DNS record monitoring, and immutable backup of your M365 or GWS tenant with full data sovereignty.
The silver tier is even cheaper at less than 0.14 USD/user/day (excludes the backup component)

What are you waiting for?

Schools around the world have been the target of cyber attacks, and the potential impacts are significant. The theft of PII is of course a concern, as are the financial impacts, however the potential danger to students is the most concerning issue.

https://www.cbc.ca/news/canada/cyberattacks-k12-schools-1.7416966

The headline from this article in PC Mag ( https://www.pcmag.com/news/chinese-hackers-targeted-japan-by-exploiting-vpn-flaws ) is maybe a little clickbaity, but the article itself describes how phishing attacks lead to malware infections, which in turn lead to VPN compromises of networks.
No-one is too big or small to become a victim of a phishing attack. We help with our Mail Aegis platform which significantly reduces the likelihood of phishing attacks succeeding through a variety of techniques.