If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Good News – Microsoft Teams is getting a makeover!
Coming in March 2023 – Teams 2.0! Faster, more responsive and with less resource requirement. That means that if you are working on the road, your laptop battery will last longer!The new version is reported to use 50% less memory, and less CPU power. The preview...
ChatGPT and other improvements coming to Microsoft Teams in March
Thanks to the demand for work-from-home, we’ve all become very used to using Microsoft Teams. We love the way it combines all our messaging, phone calls, conferencing into one, we love the way it works on all our devices and we’re adding smarts with various ‘bots into...
Is your PC running slow?
That Windows hourglass can get very annoying. Waiting on your PC gets very frustrating especially when you are busy. If it seems that your PC is slower today than when you got it, you are probably right. But there are a few things we can do. Here are 3 tips to speed...
Is automated Microsoft patching enough?
Microsoft have been releasing patches for 30 years. It’s easy to become blasé about them. Yes, Microsoft can automatically apply updates to Windows and Office. But that does not mean that you can rely on it. Any system is only as good as how well it is monitored....
Unplugged? : Microsoft Office 365 vs Microsoft Office
One of the great strengths of Microsoft and Office has been their continuity. Word, Excel, Outlook and so on have worked fairly seamlessly across all our old documents and new ones, and files on our PCs, servers and in the cloud. It’s even worked from our mobile...
Have you tried ChatGPT yet?
ChatGPT seems to be the talk of summer. Whether people are using it to write marketing material, prepare articles or profiles, it seems to be amazing users all over the world, apparently including Microsoft who seem to be considering a major $10Bn investment in it.If...
Beware of “Pig-Butchering” – a new trend in Social Engineering
Where do these names come from? The latest trend is referred to as Pig-Butchering. The name comes from the Chinese underworld (shāzhūpán). The term refers to fattening up a pig, taking a longer-term view. They develop their target slowly, looking to get maximum...
Top Tech Predictions for 2023
As always, we know we will be wrong, but it doesn’t stop us speculating! There might be fears of global recessions and doom and gloom, but the tech sector will keep innovating! Here are our top 5 guesses for 20231. Artificial Intelligence – What will we see this year?...
What does the LastPass breach mean for you?
There have recently been a couple of well-publicised breaches of LastPass. Most people will be familiar with LastPass but in case you are not, it’s a well-known and popular password vault/manager.Does this mean you shouldn’t use a password vault? Absolutely not. YOU...
Are you making the most of your password manager?
Passwords are the basic protection for our various online accounts. It amazes me how basic some people’s passwords are. Passwords like, well ‘password’ or ‘123456’ are still commonly in use! In case that sounds unbelievable, here’s a list of the top 200 for...