When Is an Outage Not a Priority?

by David Hood - Director, Technology Marketing, Mimecast

When Microsoft Office 365 went down again last month, a painful truth emerged as the outage rolled on for several days – a big deal for your company is not always a big deal for Microsoft.

There’s been repeated Office 365 cloud email outages recently, from an American Office 365 email outage in July to the Azure Active Directory problems that impacted much of Europe in early December.

When Microsoft Office 365 went down again last month, a painful truth emerged as the outage rolled on for several days...
When Microsoft Office 365 went down again last month, a painful truth emerged as the outage rolled on for several days...

But what’s different about this one is how slow Microsoft  was to respond – maybe because it just affected customers that use IMAP. Microsoft promised to fix the problem by January 23 – five days after the outage.

Certainly Office 365 is not the only service to suffer like this – outages happen, but the reason why Office 365 outages grab widespread attention is because of its increasing popularity and the business critical nature of the email management services it provides.

But there is something significant about this one: what appears to be a failed service update could create an outage lasting more than week. This highlights that your problem and Microsoft’s problem aren’t always aligned. With the number of companies adopting Microsoft Office 365 increasing quickly (as many as 50,000 a month) this problem only gets worse over time. Far fewer customers will be using IMAP, so there is a perceived risk that problems will be treated as a lower order priority fix. This underscores a risk to any organization’s business continuity and data security. No business should rely on a single provider for a critical service such as email. Additional third-party cloud services are the only way to manage these risks.

For many businesses, email is their most critical IT workload. Email continuity is also highly valued by employees. Tolerance for email downtime is almost zero as it costs money, damages reputations and cripples business operations. In short, we all need it to work and to work all the time.

For years IT teams have built disaster recovery plans and systems predicated on the belief that IT fails and you always need a plan B. Nothing changes in a cloud first world. Cloud services clearly fail and if you don’t have an independent email continuity service, your email will be down until Office 365 gets it back up again. And you can’t control when that will happen. One hour. Five hours. In the case of the IMAP failure, 7 days.

So take a page out of the on-premises risk management handbook. Make Office 365 safer with the addition of an independent third-party email continuity service and by keeping an Office 365 disaster recovery solution in place.

For all its strengths, if you rely 100% on Office 365 for your email you are asking for trouble. It’s just a matter of time.

Find out more about how Mimecast can help keep your business running during an Office 365 outage here


What’s in a Mail?

by Gary Bezuidenhout - Education Manager

Email stationery seems to be one of the most valuable, yet under-utilized, pieces of business real estate available. Why is this so? Well, it’s generally a hazy area of responsibility that sits between IT and Marketing and is often given very little consideration. It can, however, be a trackable and intuitive piece of advertising space in a business email if used properly.

Why should email stationery have your attention?

Consider the vast numbers of emails that get sent out of your organization to customers and potential customers each day. Each of those emails could act as an opportunity to market your current services or product updates, alert an identified group of recipients to specific campaigns or promotions you’re running, or even lead them to relevant information (like your social media platforms) to help you better engage with them. Email stationery also has a corporate governance role to play, ensuring that important company disclaimers and email signatures are included and managed appropriately.

 As we offer email stationery and associated training for free to Mimecast customers, we decided to check how it’s being used by running a competition with our South African customers and partners at the end of 2015. The judging was based on the aesthetics and functionality of the email stationery, taking into account what the applicants had leant and applied from their training with Mimecast. We received incredible feedback and selected a winner and a runner-up based on their stationery and entry information.

Winning piece – Edusport

Anne-Marie Green, Digital Marketing Manager for Edusport sent through the below banner and entry: “Mimecast has enabled us to showcase our sports travel packages; for this particular one we have used images that entice the user to attend the Hong Kong 7s. As you can see the images show what fun you could have at the event, that it is about rugby and provides the main info you need - dates and price. People interested in this package or campaign would be youngish individuals who enjoy a fast game of rugby as well as a party vibe at the stadium.

We have also been able to link to our social platforms, provide the client with a sports calendar link as well as a survey so we can find out how we are doing.”

Edusport stationery

Our runner-up – Progression

Sam de Boer submitted the below banners which communicated a specific campaign Progression ran towards the end of last year.

Progression stationery

Progression stationery 2

To learn more about our email stationery training, please visit our website and book your seat to attend our online or classroom training (Johannesburg only).



If last year’s leaks, hacks and breaches have taught us anything, be they from Fortune 500 companies or our own personal accounts – it is that cyber security, especially concerning email management, is now a top priority.

Before we get further into what promises to be the biggest year ever for matters of mail security and onward, it’s worth reflecting on one of the most useful pieces of research published last year - PwC’s The Global State of Information Security Survey 2016. The research found that in 2015, 38% more security incidents were detected than in 2014 (the total number of global security incidents was revealed in the last PwC survey of the same name to be equivalent to 117,339 per day).

Once in place, the CISO will have their work cut out for them assuring the wider company that the focus of cyber security should be weighted towards prevention.
Once in place, the CISO will have their work cut out for them assuring the wider company that the focus of cyber security should be weighted towards prevention.

It’s therefore of great relief to note that this year’s report confirms that the majority (54%) of organizations have a CISO (i.e. Chief Information Security Officer) in charge of the security program. In recent years there has been a sharp rise in the number of CISOs being created and a few companies, recognizing the critical task of defending the company, its assets and its employees, have smartly made their CISO a member of the C-suite.

Hiring a CISO is the first step, but once in place, they’ll have their work cut out for them assuring the CIO, CEO and the wider company that the focus of cyber security should always be heavily weighted towards prevention e.g. email data loss prevention, rather than wholly on incident response  e.g. a spear phishing attack.

That being the case however, what can make the difference between having a problem and suffering a disaster is advance planning and preparation. In addition, more often than not, what can really save a company is how its CISO responds.

A toolkit for industry-standard security should include plans for email continuity and outages (in terms of system, network, facilities and staff) and one over-riding ‘Highlander’ (there can be only one!) Emergency Action Plan that acts as a master checklist and parent to all other emergency and continuity plans. Once those plans have been developed, they should be practiced, frequently, both on paper, on a desk and in real-life, until all those with a part to play are comfortable that they’d be able to act swiftly and decisively should the worst happen.

Technology is another key factor. However, while it may be wise to invest in the best products and services available at the time of purchase, it’s also necessary to use it to constantly assess and reassess elements of the company’s infrastructure, whether it be its email infrastructure, local network architecture, etc. Any weaknesses found will undoubtedly be exploited, so if a CISO is lucky enough to come across them before any cybercriminals, they should be protected and patched immediately. The fit-and-forget mentality is no longer acceptable, as technology and protection date very quickly.

And finally, it also comes down to the employees. Provide them with the best tools you can, educate them about the dangers of spear phishing, weak passwords and public Wi-Fi hotspots – if you show them how to protect themselves, they will be protecting the company at the same time. By using the best protection, technology, education and training possible, you’re closing as many of the exploitable holes—be they in the network, software, people or process.


Whaling Warning for 2016

by Orlando Scott-Cowley - Cyber Security Strategist

Mimecast today released results of a survey* of IT experts at organizations in the US, UK, South Africa and Australia. The results show the majority (55%) of respondents reporting an increase in the volume of whaling email attacks over the preceding three months.

Whaling attacks (also known as Business Email Compromise - BEC) use email sent from spoofed or similar sounding domain names, and appearing to be sent from the senior executives, to trick accounting or finance users into making illegitimate wire transfers to cybercriminals. The research reveals that most whaling attacks pretend to be the CEO (72%), while 36% had seen whaling emails attributed to the CFO. This type of targeted attack relies on a significant amount of prior research into a target organization to identify the victim and the organizational hierarchy around them.

Cyber attackers have gained sophistication, capability and bravado over the recent years, resulting in some complex and well executed attacks. Whaling emails can be more difficult to detect compared to phishing emails because they don’t contain a hyperlink or malicious attachment, and rely solely on social-engineering to trick their targets.

Social media provides attackers with much of the information they need to execute these attacks, especially when combined with wider insider research. Sites like Facebook, LinkedIn and Twitter provide key details that when pieced together, give a much clearer picture of senior execs in the target business.

To help protect against whaling attacks, we’ve collected this group of recommendations for IT teams to focus on in 2016:

  • Educate senior management, key staff and finance teams on this specific type of attack.
  • Carry out tests within your own business. Build your own whaling attack as an exercise to see how vulnerable your staff are.
  • Use technology where possible. Consider inbound email stationery that marks and alerts employees to emails that have originated outside of the corporate network.
  • Subscribe to domain name registration alerting services so you are alerted when domains are created that closely resemble your corporate domain.
  • Consider registering all available top-level domains (TLDs) for your domain, although with the emergence of generic TLDs (gTLD) this may not be scalable.
  • Review your finance team’s procedures and consider revising how payments to external third parties are authorized.

For a more detailed analysis, including a breakdown of how whaling attacks are conducted download Mimecast’s whaling security advisory here.

*N.B. Mimecast surveyed approximately 450 IT experts at organizations in the US, UK, South Africa and Australia conducted in December 2015.