If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
AI’s big stories over summer
A month is a long time in the world of AI, so we thought we’d share some of the AI news highlights. Deepseek The big highlight has to be the emergence of Deepseek. Whether it builds on OpenAi and others, or whether it is entirely new is being wrangled over, but the...
Where do you think AI will take us in 2025? Do your picks match ours?
Artificial Intelligence has been the IT and business topic of 2024. “What’s next, how can we use it, should we be afraid of it” have been the big questions. Now we’re in a new year, and what are the new trends we need to ready for?
TEN things the government says you need to know about your cyber-security defence
Regular readers will be a little tired of hearing us talk about cyber-risk and the threat of hackers. You'll forgive us a little because we see the impact when events happen, and we spend our days protecting our clients to keep them safe. But we're just a tiny cog...
Not loving the new Outlook?
Microsoft have been pushing out a new version of Outlook for a while now. You’ve seen the toggle offering the chance to trial it. It seems to be an acquired taste and we’ve seen a few people revert to the old ‘classic’ version. Microsoft have been encouraging us to...
What do Microsoft’s Upcoming 2025 Security Enhancements for Windows mean for you?
In response to the significant CrowdStrike meltdown last summer, which exposed some critical vulnerabilities in the Windows platform, Microsoft is set to introduce a series of further security updates in 2025. The meltdown, caused by a flawed update, led to widespread...
Webinar Replay: Practical AI – Turning your 365 data into a Copilot AI resource
Webinar - Practical AI - Turning your 365 data into a Copilot AI resource Harness the power of your data to achieve effective AI outcomes.Webinar Recap: Introduction: Scott Fennell welcomed attendees and introduced the webinar's focus on Microsoft Copilot and AI...
The End of an Era: Windows 10 Support is Ending – What You Need to Know.
October 14, 2025 marks the end of support for Windows 10. That’s a bit of a milestone. Windows 10 has been a reliable companion on our PCs at home and work for years. However, as with all good things, this era is coming to an end. So, what does this mean for you if...
Is your MS Teams vulnerable to this new hacker threat?
It has taken a while, but hackers have now figured out that they can target users via Teams chat. There are legitimate reasons to chat with external parties, but, as with all forms of digital communication, you need to be alert.CyberThreat Summary Researchers at...
Why most business IT projects fail – Don’t miss this crucial step.
There is one IT project factor that is overlooked all too often and it is costing businesses more than they realise. Implementing AI tools like Microsoft’s 365 Copilot might seem like a quick win for improving productivity, but without effective change management,...
The Implications of Using ChatGPT (free gen-AI tools): An instructive Case Study from Australia
Recent news from Australia In a recent investigation, the privacy regulator in the state of Victoria has imposed a ban on the use of ChatGPT within a government department. This case highlights the dual nature of Generative AI (GenAI) tools, which offer significant...