Security Awareness Training

Fear Doesn’t Train Employees to be Cybersafe, Creativity and Trust Do

Scaring employees is an ineffective way to make them cyber-vigilant, research finds. In fact, too much fear mongering can harm cybersecurity awareness training efforts.  Key Points: Research shows that fear tactics in cybersecurity awareness tr…

Read More
Email Security

Europe Aims to Accelerate and Secure its 5G Future

European businesses are calling for urgent, unified action on a secure 5G network to catalyze innovation and competitive advantage. Key Points: Europe is lagging behind other regions in implementing 5G. Businesses have urged their governments to ta…

Read More
Brand Protection, Threat Intelligence Hub

How to Slam a Door on the Cutwail Botnet: Enforce DMARC

DMARC can help protect brands from email domain spoofing. The problem is that not enough organizations are enforcing on DMARC yet. Key Points: The Cutwail botnet continues to be very active and often spoofs the brands of well-known organizations via…

Read More
Security Awareness Training

Q&A: Best Practices for Building a Culture of Cybersecurity

With cybercriminals increasingly well organized, companies must infuse cybersecurity awareness into their corporate culture. Key Points: Cybersecurity preparedness and widespread cybersecurity awareness throughout an enterprise go hand in hand. Inte…

Read More

Important Update from Mimecast

Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophistic…

Read More

Important Security Update

At Mimecast, we prioritize the security of our customers, and our commitment to being transparent with them, above all else. These two principles have guided our rapid response to the recent security incident, as well as this update and the customer …

Read More
Email Security, Threat Intelligence Hub

Detecting and Preventing a TA551 Email Spam Strike

TA551 email spam attacks are devious and very difficult to detect. Only in-depth analysis of the emails plus enhanced AV software has been able to defeat them. Key Points: Like a chameleon, a TA551 attack blends in with its surroundings, making it e…

Read More
Security Awareness Training

For Systemic Change in Your Cybersecurity Culture, Keep Things Interesting

Employees are more likely to buy into and act on cybersecurity awareness training when they’re interested by the content, according to a new study conducted by Osterman Research.   Key points: The end goal of awareness training is systemi…

Read More
Email Security

Improve Your Automating and Orchestrating with Integration

Greater tool integration allows for better orchestration and more automation of security processes, which improves threat detection and response times. Key Points: Better tool integration enables greater security orchestration, which improves threat…

Read More
Security Awareness Training

To Raise User Security Awareness — Don’t Coddle Them

Attempting to train users by exposing them to sample phishing emails can backfire if the examples used are too easy to detect. Key Points: Limiting cyber awareness training to phishing emails that are easy to spot can backfire. To be effective, trai…

Read More
Email Security, Web Security

Preventing Data Loss from Blended Threats

Blended threats are a growing cybersecurity challenge for businesses of all sizes. Preventing data loss from blended threats is possible, but hard. Key Points: Blended threats attack organizations through many channels simultaneously, whether for in…

Read More
Email Security, Archive and Data Protection

Gmail Outages and Cloud Downtime: How to Ensure Business Continuity

The recent high-profile Gmail outage was part of a troubling increase in cloud service breakdowns. Organizations need to revise their planning for business continuity. Key Points: December’s Gmail outage was not an isolated incident in the cl…

Read More
Email Security, Web Security

How to Protect Your Database Against Password Leaks

Cybercriminals want the companies they target to leak passwords. These strategies and tactics help prevent password database leaks.  Key Points: Passwords are still a key factor in 80% of cyberattacks and a growing concern for security professi…

Read More
Email Security

What Is an Email Blocklist? How to Check and Get Yourself Removed

Email blocklists are intended to thwart spam. But legitimate email marketers can find themselves blocked if they’re not careful. What to do? Key Points: Email blocklists provide a valuable service in blocking spam and malware. But legitimate e…

Read More
Archive and Data Protection

POPIA 101: The Basics of South Africa’s New Data Privacy Act

POPIA is changing the way South African organisations handle personal data. Here’s what you need to know. Key Points: POPIA became effective July 1, 2020, and South African organisations have until June 30, 2021 to become compliant. The regula…

Read More
Email Security

False Positives Continue to Dog Cybersecurity Industry

False positive security alerts will keep draining cybersecurity team resources and performance until automation is fully implemented and tightly integrated. Key Points: In the midst of an “alert overload,” cybersecurity professionals fac…

Read More
Archive and Data Protection

Q&A: Protecting Data Privacy and Security as the Number of Digital Identities Surge

Digital identity technologies including blockchain and biometrics are pieces of a bigger puzzle that empowers users to be in more control of their data. Key Points: Security and privacy practices can be more efficient when people have increased cont…

Read More
Email Security

The Boring Life of Cybercriminals

Researchers see dissatisfaction in the lower ranks of cybercrime enterprises. Law enforcement could take advantage of it to stem cyberattacks. Key Points: The dramatic evolution of cybercrime from rogue to industrial-scale cyberattacks has employed …

Read More
Email Security

Episode #1 of Phishy Business: A Podcast About Risk, Reward and Ridiculousness

Learn Why Difference (and Mints) are Cybersecurity Strengths in Our First Episode  We all know a business’ cybersecurity is only as strong as its people. And that’s where Jenny Radcliffe comes in. Known as the People Hacker, Jenny i…

Read More
Email Security

Spotlight on Women in Tech: A Promising Trajectory

Women working in the male-dominated tech industry have proven their perspectives and leadership matter. We need more female role models and outreach to keep the momentum going. Key Points: Women have made great headway in the tech world, and resear…

Read More
Email Security

ROI Analysis: The Bottom Line on Blocking Malicious Emails

The return on investment in cybersecurity has always been difficult to assess, but our multipart blog series introduces new ROI findings, beginning with email security. Key Points: The risk surrounding email has never been higher, as it is used by c…

Read More
Email Security, Threat Intelligence Hub

Beyond Patching: Five Ways to Help Mitigate the Risk of Hafnium or Other Microsoft Exchange Server Zero-Day attacks

To best fortify against zero-day attacks, organizations' cyber resilience strategies must expand far beyond patching vulnerabilities. Zero-day attacks, like the recent one Microsoft disclosed was perpetuated by the Hafnium group, present a heightened…

Read More
Security Awareness Training

The Security Paradox: How Phishing Filters Can Make Your Organization Less Secure

Research finds that too little exposure to phishing emails can make users more susceptible to them. The key is finding the right cadence of simulated phishing campaigns. Key Points: Humans require occasional exposure to maintain vigilance against so…

Read More
Email Security

American Rescue Plan Helps K-12 Schools Defend Against Ransomware

The new COVID relief bill holds funding hope for K-12 schools hit with unprecedented ransomware attacks on remote learning. Key Points: K-12 schools suffered a record-breaking number of cyberattacks in 2020. Often, it was ransomware that hit hardest…

Read More

Report on Our Security Incident Investigation

In January, Mimecast became aware of a security incident later determined to be conducted by the same sophisticated threat actor responsible for the SolarWinds supply chain attack. We immediately launched an internal investigation, supported by leadi…

Read More
Archive and Data Protection

ROI Analysis: Streamlining E-discovery

Effective e-discovery software can eliminate 87% of a corporate legal department’s e-discovery costs, according to Forrester Research. Key Points: E-discovery is one of the fastest-growing legal expenses for many companies. The right e-discove…

Read More
Archive and Data Protection

Episode #2 of Phishy Business: POPIA, GDPR and Other Tasty Acronyms

Walk through the post-Brexit world of POPIA and GDPR in the second episode of our new podcast.  Is it a bird? Is it a plane? No, it’s POPIA – but with all the data protection rules flying around today, you could be forgiven for gett…

Read More
Email Security

4 Different Types of AI — and How They Fit Into Your Cybersecurity Arsenal

A primer on the types of artificial intelligence every cybersecurity professional should know: how they work, what they can do, and where they deliver the greatest value. Interested in finding out how to use AI and Machine Learning to stop email-born…

Read More
Email Security

Stopping Email Spy Trackers Can Break The Cyberattack Kill Chain

Threat actors’ use email spy trackers to learn about potential victims before launching a full-scale attack — but these trackers can be rendered harmless. Key Points: Every day, hundreds of millions of emails likely contain images with p…

Read More
Archive and Data Protection

ROI Analysis: Retiring On-Premises Email Archives

Forrester quantifies the return on moving email archives into the cloud: big savings on systems, software and staffing. Key Points: A small to midsize company could save nearly $1 million over three years by moving its on-premises email archive to t…

Read More
Email Security

FBI: Cybercrime Nearly Doubles in 2020, Costing a Record $4.2 Billion

Email phishing and business email compromise top the list, while continued global uncertainties invite future cybercrime increases. Key Points: Email phishing attacks are still the most favored attack vector by criminals, more than doubling year ove…

Read More
Archive and Data Protection

Data Backup vs. Archive: What’s the Difference?

Data backup and archiving are often assumed to be the same, but this can be a costly mistake. Here’s the difference. Key Points: Businesses need both backup and archiving for email and other data. Backup systems help protect against data loss …

Read More
Email Security

Episode #3 of Phishy Business: Delving into the Murky World of Cybercrime

How modern cybercrime works – and pays Why do people become cybercriminals? Is it the need for money, a disassociation from their victims – or just a fascination with gaming? For investigative journalist Geoff White, you need to understa…

Read More
Email Security

AI in Cybersecurity: 6 Use Cases

Learn the many applications for AI in cybersecurity, from detecting malware to predicting attacks to triaging alerts. Key Points: The number of use cases for AI in cybersecurity is growing. AI capabilities like machine learning, deep learning and na…

Read More
Email Security

How to Manage Microsoft 365 Email Retention Policies

A comprehensive Microsoft 365 email retention policy can reduce compliance and cybersecurity risks — and simplify email management. Key Points: The default email retention settings in Microsoft 365 aren’t adequate for most organizations&…

Read More
Archive and Data Protection

A Business Guide to Data Backup and Disaster Recovery

Data backup and disaster recovery can help your business prepare for the worst. Key Points: Data backup is standard operating procedure for business continuity. But you also need solid disaster recovery capabilities. Modern realities from remote wor…

Read More
Email Security

Why Your Organization Should Have an Email Security Policy

Email security policies help protect against your company’s biggest vulnerability to cyberattacks. Here’s what goes into a good policy. Key Points: Email is the No. 1 cybersecurity threat vector. Organizations should have an email securi…

Read More
Email Security

All About Advanced Persistent Threats and Protection

Advanced persistent threats (APTs) are costly and attention-grabbing exploits, but increased awareness and multiple layers of security can help prevent or limit their impact. Key Points: Recent mega-breaches have highlighted the magnitude and impact…

Read More
Email Security, Web Security

What is Cloud Network Security and How Do You Achieve It?

Cloud network and service providers build cybersecurity into their offerings, but companies need to remain vigilant in vetting, managing and monitoring their use. Key Points: On-premises and cloud networks face many of the same security risks, such …

Read More
Archive and Data Protection

Top 9 Reasons You Need a Data Privacy Framework

Data privacy is a business, technology and regulatory issue that matters more and more every day. Here is how a privacy framework can help your company handle it. Key Points: New regulations, technologies and business arrangements keep raising the b…

Read More
Email Security

Types of Email Security Solutions to Prevent Threats

Email is the backbone of a company’s communications network. It’s also the most common way in for attackers. Here’s how different types of email security defend your network. Key Points: Email security threats are becoming more sop…

Read More
Security Awareness Training

ROI Analysis: Improving Resilience with Cybersecurity Awareness Training

Forrester research underscores the ROI of cybersecurity awareness training as remote work increases risk. Key Points: Industry consensus finds cybersecurity awareness training to be one of the most cost-effective investments in defending against mal…

Read More
Email Security

Episode #4 of Phishy Business: Recruiting Incredible Women in Cybersecurity

Cybersecurity’s gender gap and how to solve it Picture a room full of one hundred IT specialists (or in today’s world, a screen of one hundred IT specialists). Going by the industry average, only 18 of those specialists would be female. …

Read More
Brand Protection

ROI Analysis: Keeping Brands Safe from Digital Impersonation

Forrester cites the return on investment in brand protection against spoofed websites: hundreds of thousands of dollars per year for a typical small to midsize business. Key Points: Brand impersonation websites are proliferating, increasing companie…

Read More
Email Security

Mimecast’s State of Email Security 2021 Reveals Pandemic Email Threats

New study examines how companies are responding to the cybersecurity challenges posed by COVID-19. Key Points: In 2020, as the pandemic spread, survey respondents reported that email-based security threats soared by 64%. Phishing and ransomware atta…

Read More
Email Security

Q&A: Catalytic Events Drive U.S. to Take Cybersecurity More Seriously

Though the U.S. government has ignored prior opportunities, former strategy chief of the National Cybersecurity Center, Mark Weatherford, says this time is different. Key Points: You can’t have data privacy without good cybersecurity, so the …

Read More
Brand Protection

DMARC Basics: What It Is and How It Works

Brand impersonation through email phishing highlights the need for DMARC. To make the case to leadership, cybersecurity teams must clearly communicate how DMARC works. Key Points: DMARC is an email authentication standard that can help businesses fi…

Read More
Security Awareness Training

Security Awareness Training: Dealing with Repeat Clickers

How do you make your security training more successful? Focus on employees who repeatedly fall for phishing emails. Key Points: The greatest risk to your company’s email security is probably posed by a small group of employees. These “re…

Read More

Mimecast’s Commitment to Strengthening Environmental Resilience

New corporate social responsibility Annual Report highlights ways Mimecast is working to build a more resilient future. Having grown up in Cape Town and seen first-hand the critical need to support those less fortunate, I have always prioritized embe…

Read More
Email Security

Will 2021 Be the Year of Ransomware?

Ransomware is hitting more companies harder than ever, according to Mimecast’s State of Email Security report. Key Points: Six out of 10 companies say they were disrupted by ransomware in the past year. Companies hit by ransomware experienced …

Read More
Brand Protection

Episode #5 of Phishy Business: Peeking Beyond the Forms at the Mysterious World of Marketing

Cybersecurity and Marketing Teams are Crossing Paths More Than Ever. Here's how they can work together. Cybercrime can be a very mysterious area. But for the uninitiated, the world of marketing can seem equally obscure. It’s easy to feel lost…

Read More
Archive and Data Protection

Everything You Need to Know About IT Disaster Recovery

COVID-related business disruptions have been teaching companies a lot about the need for disaster recovery planning. Here are the basics your company should master. Key Points IT disaster recovery helps maintain business activity in the event of a d…

Read More
Email Security

Cyber Resilience Strategies Prove Their Worth

Companies that have implemented cyber resilience strategies report less disruption and greater confidence in Mimecast’s latest State of Email Security research. Key Points: A growing number of companies have implemented cyber resilience strate…

Read More
Email Security

All You Need to Know About WannaCry Ransomware

The 2017 WannaCry ransomware attack was one of the most widespread computer infections ever, and WannaCry attacks continue today. Key Points: The WannaCry ransomware epidemic of 2017 disrupted hospitals, banks and communications companies worldwide.…

Read More
Security Awareness Training

Cultivating Cyber Resilience Stewards

Motivating users to take an active role in advancing your organization’s cybersecurity can be challenging. Gamifying their training is a promising approach to increasing engagement. Key Points: Cyber resilience stewards are employees who bolst…

Read More
Email Security, Archive and Data Protection

Episode #6 of Phishy Business: Curious Cases of Identity Theft with Maria Genova

Maria Genova and Dr. Kiri Addison share lessons learned from unfortunate instances of identity theft.  Did you know it’s possible to be imprisoned on a database, but not in actual reality? While the idea may seem strange, this is the case…

Read More
Web Security

A Guide to Web Application Penetration Testing

Web application penetration testing is necessary for securing web apps. From e-commerce to healthcare, web pen testing is essential to businesses today. Key Points: Web application penetration testing is essential for protecting data, and is distinc…

Read More
Email Security, Web Security

5 Types of Phishing Attacks to Watch For

Phishing comes in many forms, as fraudsters work across email and other communications channels to steal from your company. Key Points: The types of phishing attacks have evolved and expanded from email to text, voice and social media. Fraudsters us…

Read More
Email Security

Global Ransomware Surge Claims U.S. Oil Pipeline Victim

Nearly half the U.S. East Coast petroleum supply is disrupted by a ransomware attack. IT security professionals call ransomware a ‘terrifying’ menace. Key Points: Ransomware attack on Colonial Pipeline shuts down flow from Texas to the N…

Read More
Email Security

WildFire-Mimecast Integration Can Raise Enterprise Cyber Resilience

Integration with WildFire from Palo Alto Networks Gives Mimecast Users a New Level of Protection. Key Points: Whether turnkey or customized, integration with WildFire delivers another level of threat intelligence. Critical insights and diagnosis of …

Read More
Email Security

Minding the (Email Security) Gap During the Pandemic

A recent Censuswide survey, commissioned by Mimecast, shows companies may need to rethink email security strategy as COVID-19 shifts work models and introduces new cybersecurity challenges. Key Points: The pandemic has driven a huge acceleration of …

Read More
Email Security

Layered Security: A Must-Have, Especially for Microsoft 365

Mimecast’s State of Email Security 2021 research finds that MS 365 users reap substantial benefits by adding additional layers of cyber protection. Key Points: Since the start of the COVID-19 pandemic, email-based security threats have soared …

Read More
Archive and Data Protection

Going Beyond Email: Secure Collaboration Tools

Email remains the biggest source of online attacks, but the surge in remote work has forced IT to look beyond email for cybersecurity, toward collaboration tools. Key Points: The global pandemic made almost everyone a work-from-home employee overnig…

Read More
Email Security

Episode #7 of Phishy Business: Generation Z – the Born Digital Generation with Bob Wigley

On this week's episode, we explore the first generation to be born into the digital age: Gen Z.  Did you know that the average person checks their phone 47 times a day? While we would love to say we were surprised by that number, we suspect we&…

Read More
Security Awareness Training

The Human Factor in Cybersecurity: Q&A with Troy Hunt

Too many organizations still “tick the box” on security awareness training instead of providing ongoing training and “out of the blue” phishing attack tests. Key Points: The sudden, rapid transition to work-at-home mostly wen…

Read More
Email Security

Understanding and Mitigating the Risk of AI Bias in Cybersecurity

As more cybersecurity teams rely on AI to help mitigate cyber risk, AI bias is a growing concern. But it can be managed. Key Points: Bias is a concern with the creation and use of any artificial intelligence (AI) application. As cybersecurity organi…

Read More
Archive and Data Protection

Three Common (and Risky) POPIA Myths Debunked

The grace period for POPIA compliance will soon end in South Africa. We did some myth busting to ensure you’re adequately prepared. Key Points: Some common misconceptions about POPIA could be putting your organisation at legal and financial ri…

Read More
Email Security

Collaboration Tools: Many Benefits — And New Security Risks

Since the start of the pandemic, business use of collaboration tools has soared — bringing new security and compliance challenges. Key Points: Collaboration tools like MS Teams and Zoom are contributing greatly to employee productivity &m…

Read More
Brand Protection

New Research Reveals Hidden Risks of Online Brand Safety

The State of Brand Protection 2021 Looks at the Dramatic Rise of Online Brand Impersonation and How Companies Can Defend Themselves. Key Points: For many businesses, COVID-19 was the impetus to finally embrace digital marketing trends. For cybercrim…

Read More
Email Security

Polymorphic Viruses — Best Practices to Prevent Them

Polymorphic viruses are continually mutating code used in ransomware and other malware, making them hard — but not impossible — to detect. Here’s how to fight them. Key Points: Polymorphic viruses are designed to evade cybersecurit…

Read More
Threat Intelligence Hub

Episode #8 of Phishy Business: Predicting tomorrow’s news today – the fascinating world of Threat Intelligence

On this week's episode of Phishy Business, we explore threat intelligence. Have you heard of carbon spider, mythic leopard and even ocean buffalo? These are all code names for some of the biggest cyberattacks of 2020, code names created by the threa…

Read More
Email Security, Threat Intelligence Hub

Supreme Court Offers Justice for Cybersecurity Threat Hunters

A ruling by America’s highest court is expected to protect the growing ranks of security researchers and bug bounty hunters against legal liability. Key Points: Cybersecurity threat hunters help companies stay ahead of cybercriminals by identi…

Read More
Archive and Data Protection

PCI Compliance Guide

The PCI Data Security Standard is used worldwide by financial services companies and other businesses involved in payment transactions. Here's how to maintain PCI compliance. Key Points: The PCI Data Security Standard applies to any company that han…

Read More
Email Security

Countering the Cyber Risks of Misconfigured Cloud Services

Cloud security misconfiguration is one of the biggest contributors to data breaches today. Here’s why it’s such a risk, and how to reduce your business’s exposure. Key Points: Study after study has underscored the large and growing…

Read More
Brand Protection

Brand Impersonation Attacks Are A Double-Edged Sword

Brand impersonation attacks put organizations at risk through phishing schemes aimed at end users and by destroying trust in the brand itself. Key Points: Brand impersonation attacks rose significantly during the COVID-19 pandemic, as attackers prey…

Read More
Security Awareness Training

Q&A: Time For “A Technological and Cultural Shift” In Cybersecurity

As the past year attests, much is at stake when a business changes the way it operates, says Archefact co-founder Thomas Parenty. Key Points: Using technology in new ways as a business changes introduces cyber risk. Companies need to shift from gene…

Read More
Brand Protection

Encryption Is No Longer the Hallmark of A Secure Webpage

Now That Most Phishing Sites Use HTTPS to Appear Safe, ‘Look For The Lock’ Has Become Misleading Advice. Key Points: In recent years, the number of cybercriminals using HTTPS certificates on phishing sites jumped from next to none to nea…

Read More
Email Security

Taking Ransomware Protection to the Next Level

Only half of organizations think they’re capable of stopping ransomware and the phishing emails that often deliver it. Here’s how they’re stepping up their game. Key Points: New research shows organizations are frustrated but deter…

Read More
Security Awareness Training

Episode #9 Of Phishy Business: Heard the One about Identity Theft?

In this episode of Phishy Business, we recount identity theft and cybersecurity awareness training with author Bennet Arron. Heard the one about identity theft? Sadly this is not a joke, it is the title of our guest’s book – Bennett Arr…

Read More
Security Awareness Training

Social Engineering Awareness Training for Employees

Social Engineering Training Helps to Defend Against Sophisticated Phishing Attacks. Educate and Train Your Employees to Prevent A Socially Engineered Attack. Key Points: Social engineering coaxes targets into divulging sensitive information so cyber…

Read More
Email Security

Your Business Was Hit by Ransomware. Should You Pay to Get Your Data Back?

Whether or not to pay ransom is a top-of-mind question among businesses. Cybersecurity experts offer their advice on which way to go. Key Points: More than half of all companies that experience a ransomware attack decide to pay the ransom, even thou…

Read More