MS Exchange Security Assessments

An organization's mail server is a critical business application and is often overlooked when designing security programs. But how long can a business function without Email? How much critical or embarrassing organization data is being stored and passed by employees via Email? In 2014, the Sony Corporation lost use of their Email server access for over a week and had some executive level data exposed during an attack and lead to an embarrassing situation.

Microsoft Exchange is by far the most dominant corporate mail server and is often excluded from security testing due to its criticality. Network administrators sometimes exempt Exchange servers from routine patching services due to fear of crashing the core server.

Exchange is often exposed to the Web as an open Internet service and is vulnerable to scanning and exploitation, yet Exchange' s host server security is often ignored with weak passwords and no end point protection. Our security consultants can assess and advise you on your Email server security to bring it into align with your organization's security profile. SD will look at items such as spam and malware management, server configuration and maintenance, DLP settings, AD synchronization, encryption and secure message delivery.

case studies

 
big problem:
Ransomware attack halted a global manufacturer's operations.
big thinking:
Recover and secure the system – fast – save $1 million in ransom.
 
big problem:
High tax burden for family-owned franchisor.
big thinking:
Comprehensive planning for a 15% tax reduction.

our thoughts on

NSA Makes Unprecedented Vulnerability Disclosure - Microsoft Vulnerability CVE-2020-0601

Microsoft’s Patch Tuesday has come again and, with it, another highly publicized vulnerability, CVE-2020-0601. This week’s notification is

read more >

Six Tips for Writing Effective Internal Audit Reports

You’ve successfully planned and executed your audit. Now, it’s time to communicate your findings to the client, board, or committee. Here are

read more >

Wawa's Data Breach

Reset the days without a major data breach back to zero. In the constantly evolving world of cybersecurity, it doesn’t look like the phrase above

read more >

New Orleans Under State of Emergency Due to Ransomware Attack

The city of New Orleans continues to operate under a state of emergency following a devastating ransomware attack. The hack was discovered in the early

read more >

Brian Krebs Sheds Light on Cybercrime at Pittsburgh’s Premiere Cybersecurity Event

On December 9, 2019, I was honored to represent the Pittsburgh Chapter of ISACA and Schneider Downs as the leader of Pittsburgh’s Information Security

read more >

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102