If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Empower your non-profit with the latest Microsoft Technology, including Co-Pilot (Christchurch)
Empower your non-profit with the latest Microsoft TechnologyThis in-person Masterclass will highlight Microsoft's "Tech for Social Impact" initiative that aims to accelerate digital transformation across the Not-for-Profit/For-Purpose sector globally, so they can have...
Fractional CIO, vCIO, ITMaaS – what’s the difference?
Kinetics has been providing IT strategy advice and leadership to a number of clients for many years now. We have found that there are a number of organisations who are mature enough to realise they require a more strategic approach to technology, however they cannot...
Service Alert
We're experiencing an extra heavy call volume today and it's proving challenging to respond as quickly as normal. It's been brought on by an apparent Microsoft change resulting in unexpected Windows 11 upgrades. These are happening to a number of devices even if...
Copilot is here!
We’ve been talking about Copilot for a while now and it's finally available, for business users and personal/family! You can try a slightly clunky version for free. Just click on the Copilot link and you can ask questions, and create content to copy into Word or...
Keeping up with Microsoft 365 and Office
Microsoft have added a stack of new capabilities to Office in just the last six months. Because they just appear, it's easy to miss them, and some of these new features are really useful. How many of these new Office features did you know about? 1. Insert Pictures in...
AI Introduction: Free Self-Paced Learning
We've been exploring AI for a while now. Regular readers have shared the journey with us to uncover practical AI for everyday use. AI isn't science fiction. We've been seeing it for a while now and now Microsoft (and others) have made it mainstream. AI's been in...
Breaking news: New protections added to Kinetics KARE Foundation
We have big news for Kinetics customers on our “KARE Foundation” cyber plan. We've added new Browser Cyber-Protection We’ve found an amazing new security tool called ‘Conceal' that provides even more added protection. Cyber-security is all about layers and this one...
Preview: Microsoft Copilot AI
Practical AI - What can you expect from Microsoft 365 and Copilot? What's the hype and is it real? What can you expect? Will it help you?Preview Copilot AI Our colleague Ben Fish has taken a closer look at Copilot. Check what he has to say!
Christmas Hours and Seasonal Cyber-Warning
Thank you! Thanks to our wonderful clients, staff and partners for your support in this most difficult 2023 year. Its been a real challenge for so many of us in so many ways, and a real test of resilience. For those businesses that have been devastated by this year,...
Penetration Testing
Penetration testing is important for businesses because it helps them identify and fix security vulnerabilities before they can be exploited by attackers. It can be a significant job as it needs a team of security professionals to simulate a real-world cyberattack....