If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Webinar Replay: AI in Action: How one business saved a day a month
AI Builder in Action: How One Business Saved a Day a Month Learn how one business uses AI tools to save one day of effort each month Use AI models to automate processing of documents, images, and emails Design AI prompts to supercharge your workflows Key Topics:...
Which of these new features in Windows 11 will save you time?
Which of these new features in Windows 11 will save you time?
Microsoft are gradually rolling out new Windows 11 features to Beta users, This means that the rest of us can expect them sometime later in the year.
Don’t let these common security gaps take your business down.
We’re only a few months into 2025, and already we’ve seen businesses hit hard by cyberattacks they could have prevented. Every time we conduct IT security checkups, we find the same critical vulnerabilities—gaps that could lead to serious downtime, data loss, or...
Has Outlook “classic” been dropped from Microsoft 365?
Late last year, we commented on the new Outlook, and how it wasn’t being appreciated as much as Microsoft might like.Our view on this has only been reinforced with most clients preferring the ‘classic’ version that we are all used to.We’re now seeing that the Classic...
AI Digest: February 2025
The AI race steams on in February. Our Kambium Consulting colleagues are tracking the world of AI and keeping us abreast. Here's the summary for Feb 2025 in case you missed it. Firstly the adoption in sales is compelling. That makes sense. Sales people have to...
NCSC warns law firms
It’s not surprising that legal practices are targeted by cyber-criminals.By their very nature, they hold considerable amounts of private “PII” data (personally identifiable information). On top of that, law firms are typically busy, pressured environments where it is...
Webinar Replay – What are the NZ Government recommendations for SME Business cyber-security?
What are the NZ Government recommendations for SME Business cyber-security? How does your business match up?CertNZ has been rolled into the new National Cyber Security Centre. They've released the 10 Critical Controls and a Cyber-Security Framework? What do they mean...
That day when a Kinetics client DIDN’T get hacked.
We’ve just wrapped up a security investigation for one of our amazing clients. All of our clients are amazing, but as you read this story, you’ll see why we’re especially proud of this client. We’ve anonymised it out of respect, although this story reflects really...
Internet Alert – Chorus Maintenance – Planned Events 10-18 February 2025
Chorus have planned maintenance occurring across their network. This MAY impact your internet connectivity. We have scheduled to check all systems on the morning after these windows and will proactively respond to any alerts we receive. Date Time Estimated...
The Hidden Dangers of Oversharing Family Photos on Social Media
In today's online age, sharing family photos on social media has become a common way to stay connected with loved ones and document precious moments. But beware of ‘Oversharing’ There is a huge danger that this seemingly harmless activity can expose you and your...