If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Webinar Replay: What Recent Cyber-Breaches Teach Us About Protecting Your Business
Every cyber-breach tells a story, and the best way to protect your business is learning from others' experiences before they become your own. This isn't about fear—it's about learning. We'll translate real-world breach experiences into practical insights you can apply...
Microsoft Copilot in 2026: Why So Many Businesses Are Taking a Second Look
Think Copilot Was a Let‑Down? It’s Quietly Got Much Better in 2026 If you tried Microsoft Copilot early on and walked away a little underwhelmed, you’re not alone. We heard it a lot last year: “It’s interesting, but it’s not quite there yet.” The thing is that Copilot...
Your (Home/Small Business) Router Could Be Working for Criminals Right Now
Right now, somewhere in the world, a home or office router is quietly routing cybercriminal traffic, and its owner is completely unaware. That's the reality revealed by the discovery of KadNap, a sophisticated malware campaign that has become one of the most...
When Geopolitical Conflict Becomes Your IT Problem
Lessons from the Stryker Cyberattack A global medical technology company. 56,000 employees. Operations in 60 countries. And in March 2026, systems wiped across every one of them — not because of a data breach or ransomware, but because of a school bombing in Iran....
When AI Becomes the Attack Tool
What the Mexico Government Breach Means for Your Business A cyberattack that unfolded over December 2025 and January 2026 has changed how security professionals think about AI . New Zealand business leaders should take note. A single attacker jailbroke Anthropic's...
A Revolution in Copilot: Adding “Tasks” goes from AI Answers to AI Action
From AI Answers to AI Action For the past year, Microsoft Copilot has helped people draft emails, summarise meetings, and analyse documents. Now Microsoft is taking the next big step with Copilot Tasks. This is a new capability that moves Copilot beyond...
How Small Businesses in New Zealand Are Using AI — And What’s Holding Them Back
Artificial intelligence has moved from buzzword to business reality for New Zealand organisations, but the picture is more complicated than the headline numbers suggest. While adoption figures look impressive on paper, a sharper divide is emerging between businesses...
Your Phone Is a Target
Why Mobile Security Can't Be an Afterthought Think about everything on your smartphone or tablet right now: your email, your banking app, Microsoft 365, client communications, multifactor authentication codes, and a direct line into your company's cloud systems. Now...
10 Windows Shortcuts That Will Save Your Team Hours
Most people learn a handful of keyboard shortcuts early in their careers and stick with them forever. Ctrl+C, Ctrl+V, maybe Alt+Tab if they're feeling adventurous. But Windows has quietly accumulated a powerful set of shortcuts that most business users have never...
5 Microsoft 365 Features That Solve Real Business Problems (No AI Required)
Since October 2025, Microsoft has rolled out more than 1,100 features across Microsoft 365, Security, Copilot, and SharePoint. It's hard to keep up! While much of the attention focuses on AI capabilities, some of the most practical improvements are the foundational...