Security flaws in MS Exchange: Email Continuity in case of emergency

Security flaws in MS Exchange: Email Continuity in case of emergency

One topic is certainly dominating cybersecurity talk these days. Hundreds of thousands of exchange servers have been discovered to be at risk around the globe. In the US alone, more than 30,000 organizations are already known to have been hacked. The victims include a significant number of SMEs, but municipalities and local governments have also been targeted.

The US Cybersecurity and Infrastructure Security Agency (CISA) already issued an emergency directive at the beginning of March to instruct all federal civilian departments and agencies to immediately implement the latest patches.

Meanwhile, the German Federal Office for Information Security states in its official security warning (threat level: red) that it is working on the assumption that companies of all sizes have been impacted in equal measure. Media reports have also quoted the authority as saying that for many companies, it may well be too late. Systems that have not yet been patched, may “already have been taken over by criminal hackers”. To make matters even more difficult, thousands of systems still have holes in their security that, for the most part, have generally been known for well over a year.   

Open heart surgery for the system: Remain available despite maintenance activities

This situation means companies may not be able to solve the issue by simply patching or updating the system. In many cases, protracted interventions may be required. Performing these “open heart” operations on the company’s most important communication channel is, as you would expect, problematic and challenging. How can the enterprise ensure that staff can still be reached and remain able to communicate while the Exchange Server is taken offline?

Independent email continuity of critical importance

This latest Microsoft example is only one of many. It clearly illustrates, yet again, that events of this nature can happen at any time – even in “the best of families”. In addition to security incidents, it also has to be ensured that email communication can continue seamlessly and undisrupted when software or hardware issues occur as well as during server or cloud downtimes. 

A suitable fallback solution should thus ideally be set up outside of the company’s own systems. This is the only way to ensure that email can be sent and received without interruption, even during lengthy outages. In addition to this, it makes a lot of sense to opt for a solution that is independent of Microsoft or any of the other popular mail service providers – especially when large-scale outages may cause provider-wide disruption.

To achieve the smoothest possible transition to the fallback solution, email continuity services should already have pre-provisioned email accounts in place, which can easily be accessed from any location without technical hurdles. This ensures that employees can seamlessly continue ongoing email conversations, keeping critical business processes running in the event of an emergency.     

Queuing messages during short maintenance windows

On the other hand, if the server downtime is expected to be remedied within a very limited period of time, other technical measures may also be appropriate and advisable – especially if the maintenance work can be performed outside of business hours. With services such as Quiet Time, Retarus’ customers and partners are able to define time periods during which all inbound messages are temporarily queued within the Secure Email Platform. Once the maintenance activities have been completed, all emails are automatically delivered to their recipients.

More details about Email Continuity can be found in our Retarus whitepaper on the topic.

Tags: //

Submit a Comment

Your email address will not be published. Required fields are marked *