User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

 

We know that it is much more practical to keep passwords stored in internet browsers, not to block the computer session when we are away for short periods and keep active sessions in the browser, but often practicality is the enemy of security - even more so if we are dealing with confidential information.

Leaving data exposed on our computer screens while we are not present leaves the information vulnerable and accessible to users who are not authorized to access it. In the case of public or shared computers, the issue can be even worse, because if we forget an open session, another user who we don't even know can have access to our data.

As a solution to these issues, Microsoft provides the function to limit the session time of OneDrive for Business and SharePoint Online, so if the system detects inactivity for a period determined by the administrator, the user's session is automatically disconnected, and he/she will need enter his/her credentials again.

To learn how to protect your organization against unauthorized access to confidential information on OneDrive for Business and SharePoint Online, contact the R2SIS Tecnologia team of professionals.

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

Among many of the security policies that R2SIS adopts both internally and for its customers, is the question of the criterion of least privilege, that is, employees will only have access to information that is essential to perform their daily tasks, and nothing else. This ensures that unauthorized people do not have access to confidential information and is in line with one of the main pillars of Information Security, which is Confidentiality.

In Exchange Online, part of the Microsoft 365 suite, you can control so that users only have access to the email protocols they really need to work. For example: We can block the employees' access to the Outlook webmail, so that they do not access their emails outside the work environment, or using computers that were not properly authorized to install the Office package; we can also block the use of POP and IMAP protocols, to prevent malicious users from configuring their employees' emails in automatic email triggering tools – thus preventing the use of their corporate addresses to send spam/phishing -. In this way, only the exclusive Exchange Online protocol will be accepted for sending/receiving messages, to protect your organization's information.

To find out what is the best e-mail security scenario for your company, contact our team of experts at R2SIS Tecnologia.

 

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

To keep your organization's password data secure, it is very important to align two or more authentication methods.

We know that many users have difficulty remembering passwords - perhaps because of the number, variety, or degree of difficulty of passwords - and often end up using insecure methods to store this information, such as taking notes on paper, spreadsheets, documents, etc.

It is not ideal to work this way, as if someone unauthorized has access to this document, they will have access to all your confidential information at once.

The alternative that some users find to make it easier to remember passwords is to change them with insecure and repetitive passwords (they use the same password for all the systems they access). This method is also not secure, as if a malicious user has access to these passwords, they will also have access to all systems where you have your record.

It is very important to enable MFA in as many tools as possible to ensure a second layer of protection for your information. Even if someone gains access to your password, they will need a second confirmation to gain access to your account.

The self-service password reset, and MFA features are disabled by default in Microsoft 365 services and should be configured according to your organization's scenario. To enable them in the best way, you can count on R2SIS Tecnologia's team of professionals, who will assess your scenario and better understand how these tools can further protect your business.

 

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

On October 5th will be released the new version of Windows operating system, from the date, Windows 10 users with qualified computers will be able to download and install Windows 11 for free.

If you have a computer with Windows 10 that is eligible for update, Windows Update will let you know when it is available to you so you can perform a system update.

Windows 11 promises a revolution in design and in terms of facility and practicality, specific to more intuitive handling. The main requirement required by Microsoft to perform the upgrade is TPM 2.0.

It consists of a security chip used in motherboards, which ensures more security for the operating system, one of its main functions is to manage the system's encryption keys, the problem is that not all computers configured this device today.

For R2SIS customers it is recommended that they wait for the guidance of our responsible technical team before performing the update. Our team is working on

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

Microsoft is releasing patches for multiple different on-premises Microsoft Exchange Server zero-day vulnerabilities that are being exploited by a nation-state affiliated group.
The vulnerabilities exist in on-premises Exchange Servers 2010, 2013, 2016, and 2019. Exchange Online is not affected.
To minimize or avoid impacts of this situation, Microsoft highly recommends immediate action to apply the patches for any on premises Exchange deployments you have. The first priority being servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).
To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates and then install the relevant security updates on each Exchange Server.
We are committed to working with you through this issue. For additional help, please please contact our support team at This email address is being protected from spambots. You need JavaScript enabled to view it..
Exchange patch information:
March 2, 2021 Security Update Release - Release Notes - Security Update Guide - Microsoft
CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)
CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)
CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)
CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability (public)

 

Fale Conosco