Information Technology Navigator

Microsoft is making changes to their Secure Future Initiative (SFI) and the principle of “Secure by Default.” The updates to Microsoft 365 default settings will strengthen your tenant’s security and meet essential benchmarks. These changes focus on addressing vulnerabilities associated with outdated authentication protocols and app access permissions that could increase risks to organizations.

When this will happen:

These changes will begin rolling out in mid-July 2025 and are expected to be completed by August 2025.

How this affects your organization

The following settings will be updated:

Read More

Is your organization ready to modernize its security operations with Microsoft Azure Sentinel — but unsure where to start? Whether you're just beginning your Sentinel journey or looking to maximize your existing investment, Daymark’s expert-led Proof of Concept (PoC) provides the hands-on experience and technical guidance you need.

Protecting your organization from sophisticated cyber threats requires more than isolated tools and fragmented systems. Microsoft Azure Sentinel — a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution — offers a unified approach to modern security operations — but success depends on knowing how to deploy and use it effectively.

Read More

Is your organization struggling to balance mobile security with employee productivity? Are you confident that only secure, compliant devices can access your business applications? You are not alone. In today’s hybrid and mobile-first work environment, organizations face the challenge of securing corporate data while ensuring employees can work efficiently from anywhere. Without a comprehensive mobile device management (MDM) solution, companies risk data breaches, unauthorized access, and compliance violations.

Daymark’s Microsoft Intune Workshop

Daymark is here to help. With our Microsoft Intune Workshop, your organization can learn how to gain complete control over mobile security, streamline IT operations, and empower your workforce with seamless and secure access to business applications—no matter where they work.

Read More

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders to improve and monitor the domain’s protection from fraudulent email.

DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages. Because cyber security continues to be a top priority for businesses, DMARC adoption is on the rise for several good reasons.

Top 3 Reasons to Implement DMARC

Read More

 

The risk of a ransomware attack continues to increase at a frightening triple-digit annual growth rate. How bad is it? Bad, really bad. Businesses based in the U.S. face an 80% chance of an attack, compared to 31% chance in EMEA and 9% in the Asia-Pack region. As the attackers’ sophistication increases and cybergangs are forming, it is important to understand what the attackers are going after and how to increase your ransomware resilience.

 

Ransomware Demand and Payment Trends

•  In 2022, companies with $10 million in revenue or less had an average payout of $690,996¹
• Large enterprises (revenue of $5 billion plus) took a bigger hit, with an average $2,464,339² ransom payout
• Recent ransom demands have been as high as $30 million with payouts that have exceeded $8 million
• Threat actors are increasingly focused on extortion techniques—often layering them on top of each other
• Harassment is another extortion tactic being used in more ransomware cases. Ransomware threat actor groups will target specific individuals in the organization, often in the C-suite, with threats and unwanted communications³
• Cybercriminals threatened to leak stolen data in about 70% of ransomware cases involving negotiation in late 2022⁴
• The United States is still the most severely impacted, accounting for 42% of the observed leaks in 2022⁵
• As of late 2022, threat actors engaged in data theft in about 70% of cases compared to 40% in mid-2021⁶ 

Don’t Count on the Government for Help

Read More

Ensuring cybersecurity for an enterprise is a job that is never done. It’s a challenge that requires constant vigilance and, in recent years, has been exacerbated by low visibility into highly distributed and dynamic cloud data spread across increasingly fragmented environments. Our trusted cybersecurity partner, Rubrik, has taken another step to enhance cyber security by acquiring Laminar, a leading data security posture management (DSPM) platform. It’s a strategic move that results in Rubrik’s ability to offer customers a complete cyber resilience offering that reduces weaknesses in an organization’s security strategy.

Securing cloud data is different from securing your infrastructure. Businesses have innovated the way they use cloud data, but not the way they secure it. Not only do you need a data-centric tool for the job, you also need an agile, cloud-based approach to keep up with the dramatic expansion and replication of data manipulated by developers and data scientists so that they can leverage data for innovation without increasing exposure or data protection risks.

Read More

Azure Sentinel is a cloud native Security Information Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) solution from Microsoft. It was the topic of discussion at one of our recent Daymark Cloud Clinics where our technical cloud consultants offer complimentary technical training and tips on a wide range of Azure and Office 365 features.

Read More

Impossible travel. Is it sending a human to Saturn or Venus? Well maybe, but in the context of Microsoft Office 365, Impossible Travel is a security feature that is a great indicator of potential hacking attempts. The concept is straightforward. If you login to Office 365 from your office in Boston and then 20 minutes later you try to login from Dallas, or you login from home in Chicago and five hours later from Beijing, Office 365 basically says “wait a minute, that’s impossible” and it denies login from Dallas and immediately sends an IT security alert. Get tips to optimize Impossible Travel here.

Read More

The risk of a ransomware attack continues to increase at a frightening triple-digit annual growth rate. How bad is it? Bad, really bad. Businesses based in the U.S. face a 60% chance of an attack, compared to 31% chance in EMEA and 9% in the Asia-Pack region. As the attackers’ sophistication increases and cybergangs are forming, it is important to understand what the attackers are going after and how to increase your ransomware resilience.

Ransomware Demand and Payment Trends

Read More

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the DoD framework designed to enhance cybersecurity and protect against compromise of sensitive defense information on contractors’ systems. Some defense industrial base organizations (DIB) have mistakenly taken a “wait and see” attitude about preparing for CMMC compliance, believing that they will wait until the government finalizes 2.0 requirements. While holding off on the time, resources and budget to prepare for CMMC may seem prudent (and frankly easier to delay), the risks of waiting could have a significantly negative impact on contractors’ revenue. Here’s why: 

Read More