The plan is the plan, until it isn't! As you can see in the updated Services Update, Mimecast has decided to go back to "opt-in" for device enrollment versus requiring "opt-out" as the original Services Update explained. As a diligent security service provider we feel very passionately about our role in improving your organization's email security. We constantly debate internally how best to inform and enable our customers to improve their security posture. In some cases we can do it for you, for example, by making Attachment Protect smarter at detecting and blocking malware. Safe to say no one wants email-borne malware delivered! But in other cases security policy and user experience choices need to be made and ideally our customers' Mimecast admins continuously assess and make the right decision for their organizations. We still feel that for the vast majority of our customers, device enrollment is a feature that should be enabled for the reasons discussed below and in the Services Update. But clearly it isn't for everyone either as you can see in the associated discussion threads. My bottom line ask is if you have admin responsibilities for Mimecast that you look closely at device enrollment and make up your own mind. We aren't going to do it for you!
In an effort to improve the usability and security of our URL-dependent security services (Attachment Protect & URL Protect), there are important new changes coming to Device Enrollment that might change your users' experience if you aren't already using it. Check out this newly posted Services Update for details.
It is very important that the Mimecast service keeps track of who clicks Mimecast links as part of the URL Protect and Attachment Protect services. And thus, the ability to associate a device to a specific user is key.
So this is why instead of requiring organizations to opt-in to Device Enrollment, it will instead be the default experience in the near future, unless your Mimecast administrator opts-out on behalf of your organization.
Feel free to open a dialog in the comments below if you want to discuss further.
Jason Wright is a Junior IT Administrator at H&M Bay Inc., a refrigerated logistics provider specializing in fresh and frozen commodities transported throughout the US (i.e. seafood from the northeast and northwest, produce from the south, and even gator skins!). You may also know him as one of our oldest community members and Mimecast Legend!
Prior to getting into IT, Jason was in the automotive industry where he did a little bit of everything, from tech helper in high school, to lead technician at an independent shop, to general manager of his own auto parts store.
Jason lives on Maryland’s “Eastern Shore," and was born in Baltimore.
Could you describe your role in your company, and how Mimecast helps you with your daily work?
My role is first the helpdesk admin. I handle just about all incoming calls ranging from application issues to hardware problems. Besides managing the helpdesk, I also manage our on-premise Exchange environment, Mimecast (of course!), our Cisco wireless equipment, enterprise AV solution, and other things including computer reloads and hardware upgrades.
I have been with H&M Bay since August 2014 when I got my start in the IT industry, and have no plans on going anywhere else!
Best piece of advice/helpful pointers for one of your peers just starting off?
Take the Mimecast training, especially if you are new to Mimecast. It will allow you to get your feet on the ground and learn where to look for certain features.
After you are comfortable, join the community of course, and do the 10 Steps to Get Started with Mimecaster Central. I remember joining Mimecaster Central back in 2016. Originally, I came here looking to network and share ideas and learn some new information. From the beginning, I can say I have learned a lot from this community and its great network of individuals here.
This is a two‐part answer! For my users and some admins, it is the Archive. I cannot tell you how many sighs of relief we hear when someone is able to find an email from a customer or shipper that helps to save the day.
However, for me personally, I love Targeted Threat Protection (TTP): Attachment Protect. Sandboxing is a great feature and we have many instances where users say “I NEED THIS ATTACHMENT.” Being able to show proof of the malicious intentions of an attachment to the users is great, but it also helps these users to share that information with the customers who may have been compromised. So essentially, to an extent, we get to save ourselves and customers.
Hard to say. My favorite series, being a car person, is Gone in 60 Seconds (I mean, come on -- that Mustang is nice) followed closely by Law Abiding Citizen. This one is a little bit darker, but it really makes you think.
I love cooking and I get many recipes from Gordon Ramsey (we both speak in similar styles ). Anything with zucchini and I will eat it.
That is a hard one. I honestly listen to so many different types of music. If I had to choose, I would have to say Linkin Park. I'm a bit of a fanboy, having seen them live over eight times in three different states. Other than that, I listen to a lot of harder rock and like to be in mosh pits and at festivals like Rock on the Range and Mayhem Festival.
Right now, it is the MSCA for Server 2016 books for the certification I am studying for. I know...not exciting. I can't remember the last time I was able to read something out of fun that was not tech-related. Really want to read the Lord of the Rings series, though.
What keeps you busy off the clock?
A lot! It depends on the season. I am a huge baseball fan, so you have probably seen Ryan Arsenault and I go at it about the AL East at some point (go O’s!). So early spring / all of summer is baseball. I really want to start traveling to different stadiums, but college is holding me back from that currently.
In the fall/winter, when I am not an O’s or Ravens fan, I love to get into the outdoors and go hunting, especially waterfowl sport, one thing that the Maryland “Eastern Shore” is famous for.
Other than all of this, college keeps me busy. This is my second time in (first was for automotive). I recently got my AA and am working towards my Bachelors in Cyber Security, so I am definitely busy.
One thing someone here in the community wouldn’t know about you?
I am completely envious of everyone’s use of footnotes and I still need help with it!
Bob Adams is the Product Marketing Manager for Mimecast's Security portfolio. Bob joined Mimecast three years ago as a Sales Engineer, and was recently recruited to Marketing after developing various educational materials for Mimecast's services. He continues to help educate companies on protecting themselves against advanced cyber threats.
What occurred over the next 13 minutes was a lesson that can be applied to many aspects of daily life – both as an everyday person as well as a user within a company. Whether you receive a phone call, email, text, or even knock on your door, here's some important tips to keep in mind.
Tip #1: Always be suspicious
My phone rang at 8:11 in the morning, and the Caller ID showed a local area code. I answered and was greeted by Lt. Brandon Kennedy from the Middlesex County Warrants and Citation Division. This is suspicious right away, as it’s unlikely a government office will call regarding any matter.
Tip #2: Don’t give them any additional information
Lt. Kennedy is adamant I confirm that I am Robert Adams. When I refused and asked what this was about, he stated he couldn’t tell me until I confirm my identity, or there would be repercussions.
Again, I’m suspicious and always avoid giving out any personal information. However, since they’re calling, already asking for me by name, and a reverse phone number lookup would show my name in the White Pages, I conceded: “This is him.”
Tip #3: Always question the validity of what you’re being told
I learned that a Jury Duty summons was delivered to me on Wednesday, September 25th at 2:23pm, signed for, and returned. I apparently "failed" to appear in court on my assigned day. My absence resulted in two warrants out for my arrest, and there’s a $500 post on each. Failure to resolve this today could result in my immediate imprisonment for 30-45 days. I still remained calm despite their intent to catch me off guard.
Taking notes, I realized September 25th was a Monday, and not a Wednesday. I asked him to repeat the date, year, and where it was delivered, and explain the 25th was a Monday and that his response was not my address.
Regardless of all the red flags here, my curiosity was piqued, and figured that the longer we talked, the less people he could scam (NOTE: While I’m experienced and well versed in scamming tactics, I do not recommend trying this at home!).
Tip #4: Learn from their mistakes
I explained I never received the summons and didn't recall ever having to sign for one before. He assured me the process had changed due to so many people claiming they hadn't received the notice.
To avoid arrest, I needed to “report to the Medford Sheriff’s Department at 400 Mystic Ave, 4th Floor. They cannot accept Cash, Credit, or personal information due to a high volume of transactions, and you need to get a MoneyPak voucher from Walgreens, CVS, or Rite Aid.”
My warrants are for $500 each, which coincidentally is the maximum limit per voucher. When I ask if I can call my local Police Department to confirm there's a warrant, he assured me I can. However, he of course can’t help me with any arrests along the way there if I hang up, so it’s best if we stay on the phone until I arrive.
At this point, the ruse was up, I had my fun, and tried to engage the scammer directly. To the scammer's credit, he insisted it was not a scam and was merely trying to help. Further inquiries went unmet until he eventually hung up.
The moral of the story here is to be suspicious, don’t give out any information, always question what you’re being told, and learn from the mistakes of these criminals to better arm yourself in the future.
RELATED CONTENT: My Grandfather was Scammed: Why User Education Reigns Supreme