If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Copilot Update – How the AI is getting more useful
Copilot keeps getting better and better. We’re going to keep you updated on developments as we become aware of them. Firstly, make sure you have the Copilot app on your phone. You can download it here. It will create imagery, write content and even work with photos...
Lessons from the Change Healthcare attack. Why MFA Matters
By now, regular readers know how important MFA is. Unbelievably, there are still some people who think this is for someone else, and they don't need it themselves. Unfortunately, we are seeing some of these people fall victim to the very scams we've been writing...
Two Windows 11 changes coming this month (June 2024)
"Please wait" and "update installing" are completely frustrating. You have things to do, and you have to wait for Windows to update. Be warned, there is another update coming this month, although you can preview it sooner if you want.So, what can you expect? Our...
What happened when we got told we’d been hacked?
“We’ve been hacked”. When you hear that the world stops. What does this mean? How bad is it? How can we manage that? That was the news earlier this week. It was quite confronting! Suddenly your careful plans for the day are thrown aside as your priorities have...
Are you getting results from Copilot?
By now, most people will have seen Copilot in their browser, and for those that are subscribing, Copilot is now an icon in your Office documents. The benefit is that it helps you write material, like this article, quickly and to a high standard. I asked Copilot for an...
Can VPNs be defeated?
We’re reading about a flaw called ‘TunnelVision’ that could give hackers access to overcome virtually any VPN security solutions. It works by manipulating routing in DHCP, which is the mechanism networks use to hand out IP addresses to devices. DHCP has been around...
What are the next steps for your AI Journey? (How to be Copilot ready)
Are you ready for Microsoft Copilot? How do you build your practical AI roadmap? How will you ensure your people embrace the opportunity, that your data is ready, that the skills to use AI are in place and you have the right AI governance in place. How will you...
Will some of your emails stop?
Microsoft Exchange Online to retire Basic authentication We are going to face a big change coming in September 2025, Microsoft is going to be disabling SMTP Basic Authentication. This continues work they commenced a couple years ago to disable other protocols such as...
Webinar Replay: Embrace Generative AI today. Copilot for Microsoft 365
Free Webinar Replay : Embrace Generative AI today with Copilot for Microsoft 365 services from Kinetics Group AI for Microsoft 365 is here and available now.Learn how you can use Copilot to save hours every day. Transform your daily workflow with Copilot for Microsoft...
How to create passwords that hackers hate
A guide to making your online accounts more secure and less boring Have you ever used your birthday, your pet's name, or the word "password" as your password? If so, you're not alone. According to a study by NordPass, these are some of the most common and worst...