If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
The Secrets of Successful LawFirm Practice Management selection and implementation (based on a few years of experience)
Navigating the Complexities of Law Firm Practice Management Software In the dynamic world of legal practice, the right Practice Management and Document Management solutions are not just a necessity—they are the backbone of a successful law firm. When you firm outgrows...
When not being able to access a website is a good thing.
We know it can be incredibly frustrating when you can’t access a website that you need. That happened for a number of a number of our clients last week, (and, counter-intuitively, it’s a good thing) Many websites are built on common components. One of those is...
When good updates go bad (resulting in Windows 11 Endless Reboots)
Navigating the Challenges of KB5039302: A Guide to Recovery. In the ever-evolving landscape of technology, updates are a constant. They bring improvements, new features, and security patches. However, occasionally, an update may not go as planned, leading to...
TeamViewer Compromise
TeamViewer is a common piece for software that allows IT businesses to remotely access, control, manage, monitor, and repair devices – from laptops and mobile phones to industrial machines and robots. Many software vendors include it to allow them to remotely support...
Lawfirm moves into the cloud with Azure Virtual Desktop
Kinetics moves McElroys into the cloud with Azure Virtual Desktop. With ageing server infrastructure supporting its practice management software coming up for a refresh, law firm McElroys checked in with its managed services provider Kinetics for guidance on the...
What should you know about Microsoft AVD?
Why is "Azure Virtual Desktop" (AVD) important?In today's fast-paced world, the ability to work remotely is not just a convenience; it's a necessity.That's where Azure Virtual Desktop (AVD) comes into play, offering a seamless transition from traditional Remote Access...
Cert NZ Business online security assessment tool
A Personal Encounter with Cert NZ's Assessment Tool. Have you recently received an email about cyber-security that set off your system's alarms? It's ironic isn't it? That was my recent experience with an email from Cert NZ. Despite the initial warning, the email...
3 Easy Tips for Excel
Here are 3 essential tips for Excel users starting from beginner users through to advanced users.For Beginners: Excel Quick Access ToolbarThe Quick Access Toolbar is in the top right of every Office app. Ensure the commands you use most frequently or those that are...
Eliminate embarrassing screen pop-ups during video calls and Teams meetings
Say goodbye to annoying email alerts, video call pop-ups and Teams meeting interruptions. Imagine if you were on an important video call with a client, confidently presenting your latest proposal, or project update. Suddenly, a notification pops up on your screen...
Avoid the IT Travel Woes
Free Webinar Replay : Avoid the IT Travel WoesBusiness travel is fraught enough. It's a nightmare to balance tight connections, and tough time zones with work colleagues that are accustomed to being able to link you into Teams meetings and urgent chats.How can you...