Leftovers, for some, mean enjoying that good dish a second time. For others, it’s just a repeat of a bad cooking decision. No matter how you look at it, someone is either going to eat it or toss it in the trash. Regardless, the food is going to leave the refrigerator in a few days—unless you stick it in the freezer to be enjoyed in a couple of months. At least, that’s the idea. 

But what about Microsoft’s new feature called Recall? Since it takes a fresh screen capture of your screen, will it serve that data to you—or to someone else—later? 

Microsoft's new Recall feature is designed to enhance data recovery and management by allowing users to retrieve, restore, or review specific data from past activity across various applications. The feature works by capturing snapshots of data interactions, such as edits, deletions, and transfers, within supported Microsoft platforms. These snapshots are stored to create a robust history log, enabling users to recover mistakenly deleted items, audit changes, or retrieve lost content. The primary purpose of Recall is to provide an additional safety net for users, reducing the risk of accidental data loss and improving organizational transparency and compliance. 

However, this convenience comes with potential risks. The data captured by Recall often includes sensitive or confidential information, raising concerns about where this data is stored and how it is secured. Currently, the snapshots are stored in Microsoft-managed servers or a user-specified location within their organization’s network. If not properly configured, these storage locations can become vulnerable to unauthorized access, data breaches, or compliance violations. Furthermore, storing such a comprehensive data history may create a lucrative target for cyber criminals and increase the organization’s exposure to insider threats, especially if access controls and encryption are not adequately implemented. 

As a security-minded individual, the so-called "good" points of Microsoft's Recall feature seem to be outweighed by significant concerns. Two key issues that come to mind are limited storage and access to the captured data. Regarding storage, the feature's continuous screen captures every 3 to 5 seconds can quickly consume hard drive space. When the drive inevitably fills up, will it retain the data, overwrite the oldest entries, or force the transfer of new data to the cloud? 

The second concern is access to the captured data. While encryption is a crucial safeguard, my concern lies in who has access to the stored data. Regardless of retention duration, I wouldn’t want a snapshot of my banking information stored in a way that could be stolen. This adds yet another item to our checklist for protecting ourselves, introducing another layer of potential vulnerabilities. 

My recommendation is to disable the Recall feature entirely. However, users should be aware that Microsoft may automatically re-enable it during the next network update or the next time the operating system connects to Microsoft's servers. Continuous vigilance is essential to protect your data and privacy. 

When going to a local burger joint many of us think about how good that burger and fries are going to be. Having one without the other for some is like having a peanut butter sandwich without the jelly. And sometimes you may find that hot fries with garlic and rosemary herbs added takes it to another level. It’s just almost like adding Sophos MDR to Microsoft’s Defender.

Sophos MDR Complete is underpinned by Sophos XDR, has industry leading warranty, as well as incident response with no limitations and no caps. It's a winner.

However, there are many businesses that have existing 3rd party endpoint technologies and in particular leverage Microsoft technologies, with security bundled in as in E3 or E5 licenses. They don't want to change their endpoint solution, and equally may not have enough in-house expertise to effectively use Microsoft’s multi-product technology stack to detect, investigate, and respond to hundreds of security alerts every day.

This is where Sophos MDR for Microsoft Defender comes in. It consumes all the alerts of the Microsoft Defender estate; not just the endpoint, but also Defender for Cloud, Defender for Identity and several other telemetry areas. All of this is ingested into Sophos’s 24/7 Sophos MDR service, giving your business increased protection and value with existing Microsoft technologies.​

Sophos MDR for Microsoft Defender provides the most robust threat detection, hunting, and response capabilities available for Microsoft environments. 

For more information and to schedule a meeting with an expert click here. https://lnkd.in/eKWkHh6K

https://lnkd.in/ebb4zXM2

A week or so ago, I wrote about discovering that files were being removed from my computer after enabling Data Loss Prevention (DLP). The files in question included a medical document, a military document, a banking statement, and a brochure I had downloaded about firewalls. Naturally, this raised concerns about data security and prompted me to investigate what was happening.

During my troubleshooting, I discovered that the application attempting to export my files was none other than Microsoft Edge. Now, before you jump to conclusions, I’m not saying Microsoft is stealing data; it’s widely known that malicious actors often hijack legitimate applications for their purposes. Since Edge isn’t my primary browser, I’d left it largely unconfigured—something that could have contributed to the issue. For the record, I don’t have any add-ons installed on Edge, but I’ve since made some tweaks to make it marginally more secure. However, I’m fully aware that these adjustments won’t entirely stop the files from being exported.

A few days ago, I ran additional tests to see which files were being flagged by DLP rules. Interestingly, my capability statement was flagged, but a personal file that should have matched one of the rules wasn’t. Upon further investigation, I discovered a critical limitation: files smaller than 8KB don’t meet the size requirement for detection and are therefore allowed to be sent. (Pro Tip: Always verify the size thresholds in your DLP settings—it could be a weak link in your security chain.)

Concerned about the potential for sensitive files like my medical records to be shared with unauthorized parties, I returned to the DLP portal to create a more comprehensive rule. I tested the classic wildcard argument *.??? for each file type, hoping to lock things down further. My testing revealed something unsettling: file transfer attempts were triggered when I started closing applications in preparation for shutting down my computer.

To dig deeper, I used Wireshark to monitor network traffic and traced the IP addresses involved in the file transfers. To my surprise, the IPs were associated with Microsoft services. One file was sent to an Azure IP, and another was sent to an IP linked to Teams. Why these files were routed to Azure and Teams is still a mystery I’m working to unravel.

So, what can you do to protect yourself? First and foremost, enable or install DLP on your system. Many antivirus solutions include it as an added feature, especially in business or professional versions. If you’re part of an organization, your IT team should be able to configure it for you. If you don’t have an IT team or need reliable antivirus software, reach out to me at PacketEx. Let’s get you secured before a data breach becomes your reality.

Whether it’s a diner, fast-food restaurant, or fine dining establishment, items like plates, forks, spoons, glasses, salt and pepper shakers, and even napkin holders often go missing. By the time anyone notices, it’s too late—the culprits are long gone. To combat this, some restaurants switch to disposable items like paper plates, plastic utensils, salt and pepper packets, and paper cups. Others take extreme measures, such as drilling screws through plates to anchor them to tables or chaining utensils to prevent theft. If someone manages to steal a plate secured by a screw, they’ve earned it!

For an IT professional, this scenario mirrors data loss protection (DLP) on steroids. While screwing a hard drive into a desk might technically secure your data, it also renders it inaccessible without special equipment. And as for physically chaining files. Let’s not even go there. Fortunately, DLP acts as the digital chain for your data, giving you visibility into what’s leaving your network and how. Is an employee innocently sharing data with a client? Could a disgruntled worker be forwarding company information to their personal email? Or worse, is a program harvesting and transmitting data through a trusted application like Edge? With DLP, you can monitor, control, and protect your data from wandering off your network—no screws or chains required.

https://lnkd.in/ebb4zXM2

For the past couple of weeks, I’ve been investigating what triggers browsers to export files from my computer and which files are being targeted. The files range from simple text documents with no apparent value to PHA and PII data. I haven’t found any consistent pattern in the files being selected for export. Here’s what I’ve observed so far:

1. When closing files, folders, or applications, I received notifications that a file was attempting to be exported. If I blocked the attempt, the application would try again at least 2 to 3 more times, either within a few seconds or a few minutes.

2. I found repetition with the files being exported. The same set of files were selected for export 2 to 3 times. Regardless if the attempts were successful or failures a few days later another set of files were selected for export. This leads me to believe that the file type or content doesn’t matter—any file that can be copied and exported seems to be fair game. The system will try to export the numerous times making sure that it receives the latest version.

3. While downloading files from different websites, I received pop-ups asking me to allow or block the transfer of the file. Both files were publicly available documents. I denied the transfer, suspecting a DLP issue, but after repeated tests, I found the files in my download folder. However, when I tried to open the files in Edge, I received an error message stating they were corrupt. Oddly enough, the same files opened without any issues in Adobe Reader. The one thing to note is the program does not try to export every file I downloaded.

To address these concerns, I’ve tightened restrictions within my DLP settings, limiting the export of files by extensions, names, and other identifiers. Additionally, I’ve created an expression to match Social Security Numbers, which has proven effective in my initial testing. There’s still more to fine-tune, but my ultimate goal is to minimize or entirely eliminate unauthorized file exports.

If your antivirus solution doesn’t offer this type of protection, contact me. Sophos’ Intercept X Advanced includes this feature along with several others that could be highly beneficial to you.

To try it out for free to go Sophos website https://lnkd.in/eYF333Q8

Security is best done in layers. How many times have you heard this? How many more times will you hear this? I guess until you decide technology is over rated and you revert to using pad and pencil for all transactions. Let’s see how long you stay in business.

You won't feel the need to invest in protection until you can clearly see how each layer works to keep you safe. The old say what you don’t know won’t hurt you. Well by now you should know this statement is meant for a kid who is being protected by their parents. You are being hurt right now and you don’t know it. Heck! I didn’t know that until now.

Recently, I noticed security alerts popping up. To be honest, I actually turned on notification for the first time since implementing this technology. It was requesting approval to send out files. The files were all PII and banking information. None of this is to be shared without my consent and knowledge. However, seems like someone else has different plans about my data.

So, what is the technology? Data loss prevention or DLP for short. Here is the very short version. You tell DLP the data you don’t want to leave your computer. You tell DLP what methods of transfer to monitor such as, emails, uploads, or USB. Next you block all transfers, request approval, or allow all transfers. At the least I hope you select request approval. Then activate DLP by applying it to a computer.

In this short article I told you about data loss protection. I provided you with the why you need to install it. I covered the primary steps to configure it and then to activate it by applying it to a computer. Now verify if your antivirus software has it. If not, contact me to get this security on your personal and business computers.

https://lnkd.in/e82Qtddj

Ransomware attacks can cripple businesses by locking down critical data and demanding exorbitant payments, leaving operations at a standstill.

As someone managing a growing business, you understand the importance of staying operational and safeguarding your hard-earned reputation.

Failing to implement protective measures could result in costly downtime, lost clients, and irreparable damage to your business's trustworthiness.

By investing in robust cybersecurity solutions, including regular updates, backups, and employee training, you can significantly reduce your vulnerability to ransomware.

Protecting your business ensures uninterrupted operations, peace of mind, and the confidence of your clients, saving you far more than the cost of implementing security measures.

Having a dedicated team of cyber experts monitoring your network can significantly reduce the burden on your in-house IT team. These specialists handle threat detection, isolation, and resolution, ensuring your systems stay secure 24/7. This allows your IT team to focus on expanding and improving your network infrastructure, driving innovation and growth. By offloading cybersecurity responsibilities, you can ensure both protection and progress without compromise. Just like having a skilled kitchen crew ensures a flawless meal, having cyber experts ensures a seamless and secure IT operation

In a bustling kitchen, chefs work in harmony, blending their skills and passion to craft the perfect meal, ensuring every dish brings joy and satisfaction to their customers. The Sophos team may not serve up meals, but they work together just as seamlessly. Sophos Managed Detection and Response (MDR) is a fully managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent.
 

Cooking for a group of people is manageable; it’s juggling all the other important tasks that makes it challenging. Small and medium businesses often lack the resources needed to address cyberattacks and manage the other critical tasks of an IT professional. If you don’t have a team in place, consider offloading that responsibility. Just because you can’t see a problem doesn’t mean it can’t harm you later.

To learn more about Sophos MDR: https://lnkd.in/e6tXAwM9

A restaurant that's open 24/7 must always have cooks on staff, ready to prepare meals for hungry customers at any hour. Just as the restaurant relies on its team to ensure smooth operations at all times, your business needs a vigilant defense against constant threats. Hackers and malware operate around the clock, searching for vulnerabilities to exploit and opportunities to steal your data. Without dedicated protection, these cyber criminals can strike when you least expect it, putting your business at risk. Staying proactive with 24/7 cybersecurity is essential to safeguarding your operations and maintaining peace of mind.

A buffet gives you a wide variety of food options, all in one place, so you can try a little bit of everything. Whether it’s appetizers, main dishes, or desserts, there’s always something to fit your taste, diet, or mood. You’ll find plenty of variations on your favorite foods along with some new things to explore. Best of all, it’s usually a cost-effective way to enjoy as much or as little as you want without being stuck to just one choice. 

Having an in-house IT team comes with three significant benefits: your team will know your network, your people, and your technology inside and out. The downside? Beyond paying salaries, you’ll also incur added costs, like taxes and benefits, to keep that team on board. And while their expertise is invaluable, maintaining an internal IT staff can become a headache—especially when everything runs smoothly and they seem underutilized.

For smaller businesses, you may not need a dedicated IT team, but you’ll still want access to experts for those urgent, “need-an-answer-yesterday” situations. The challenge is that you don’t want them full-time or even part-time—you need them on-demand, just in time to save the day and then disappear.

This is where Managed Service Providers (MSPs) like PacketEx come in. Think of us as the buffet of IT solutions—you’ll have a variety of options to choose from, and you can build a plan that suits your needs. Prefer to order à la carte instead? We’ve got you covered there, too. For example, maybe you want the basic entry-level plan but need a feature that’s only on the professional plan. Why pay for everything when all you need is one extra item? It’s like skipping the salad bar and heading straight to the fried catfish on your second trip to the buffet.

PacketEx offers flexible solutions tailored to your needs. Want 24/7/365 cybersecurity coverage but no remote helpdesk support? No problem. Need remote desktop support but not the VPN service? We can handle that too. Our services grow with you. Pay only for what you need now, and if your needs expand later, we’re ready to help you scale—just like going back for seconds (or thirds) at the buffet.

At PacketEx, you get what you need, pay only for what you use, and never worry about being nickel-and-dimed for extra work. Whether it’s cybersecurity, remote desktop support, or another IT solution, we’re here to deliver exactly what your business needs to succeed.