If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Is public WiFi safe?
Free public WiFi can be tempting.Whether it is in cafe, an airport or a shopping centre, free Wi-Fi is very tempting. Who wouldn’t want faster data, without the cost. But, as with anything that is free, be very careful! It is very easy to become a victim of something...
Why so quiet? (where was last month’s newsletter?)
We lost a month! No August newsletter. Apologies for that (although you probably have so many emails and messages that you may not have noticed). We're super busy - here's what is going on!Our Christchurch office is moving. Our new office is just up the road from the...
What can you expect if you get crypto-locked?
!Right now, there’s a crypto-locked server in the lab in our Kinetics Auckland Office. It’s not from one of our clients, but a business that’s come to us, after the event, asking for help. We are busy rebuilding it and restoring the data and configuration to the...
Are you meeting the requirements of your Cyber Insurer? (And are you minimising your risk anyway?)
Given the scale of cyber-attacks, we aren’t surprised to be hearing reports of insurers applying a "duty of care" test before agreeing to pay out. Despite sending chills up your spine, when you consider this, it makes sense as Insurers do the same thing to vehicles,...
3 billion devices are at risk. Does that include you? (it probably does)
An actively exploited high severity "zero day" cyber-security exploit has been found in the Google Chrome web browser. With over 3 billion users it will take some time for the update roll out to everyone. Meanwhile, everyone who uses Chrome on their PC is...
Who is Tina?
Meet Tina Moulynox , our new Engineering Services Manager. Tina manages our engineering team, from recruitment to development, planning and all the support in-between. Tina, Welcome to Kinetics - You've been here a few weeks now - When did you actually...
We’re looking for people (you probably are too)
I'm not convinced about the 'Great Resignation' but I do think there are a few people evaluating their futures. Covid and lockdowns have taught us to think about who we are, where we are and what we want to be doing, and that's healthy. Like every organisation I've...
MFA is important, but it is no silver-bullet.
There are no silver bullets. No one can guarantee you won’t be hacked, but we can make it harder. We can reduce your cyber-risk by taking reasonable steps to make it harder to hack you. The key is to have layers of security, and to keep reviewing the technology in use...
Disaster at Kinetics
Sometimes, it feels like there is only bad news. All businesses face challenges with suppliers, our own people and even some of our customers. As managers, we work hard to get ahead of issues and create systems to mitigate problems, but there’s always something. ...
Happy Retirement Internet Explorer
Dear Internet Explorer 15th of June is your last day. No more support and you’ll effectively stop working. You’ll fade from our desktops and in time, Windows Update will clean up and even remove your icon from our screens. To be fair, most of us won’t notice. You’ve...