If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Hot off the press – we have just received CERT NZ’s report for the last quarter of 2021
So, just a quick reminder of who CERT NZ are – it’s the official NZ Government Cyber-Security agency. So, first up – 13% increase in reported incidents on the previous year and a big spike into the last quarter. 9% more phishing attacks. 24% more malware, based on the...
Are your staff or volunteers your organisation’s biggest security risk?
Despite the best technology defenses (next-gen firewalls and antivirus, advanced threat protection, mail washing, web filtering, regular patching) infections and security events can still occur due to what is often the biggest risk – your people People-risk is harder...
Is your IT strategy meeting the business needs of your community?
There’s a saying that goes “A goal without a plan is a wish." With that in mind, does your organisation have an IT Strategy? Is it aligned with your board's business plan? The reason this is important is that it allows you to make better decisions and be more...
Is the board doing enough to get the cyber-security cost/risk balance right?
Is your organisation doing enough to get the cyber-security cost/risk balance right? Cyber-security protection can feel like an unending cost. Is your board aware of their obligations to your not-for-profit? Are they aware of the unique risks that most NFP's...
Does your NFP have the right relationship with your IT provider?
Do you have the right relationship with your IT provider? Regardless of whether your IT provider is your in-house IT team or a trusted business provider, do you have the right relationship with them? The right IT provider will ask "WHY" long before they ask "WHAT" and...
Does your Not-For-Profit have the right data privacy policy?
Data privacy is now a hot topic in NZ. This was driven by three main factors: 1. The GDPR (General Data Protection Regulation) which came into effect in Europe in May 2018. This introduced strict regulations on what private information is, how to get consent from...
When hacking can help.
Ukraine is pretty well known for tech innovation. In fact it was worth $US6.8 Billion last year Ukraine’s Booming Tech Outsourcing Sector at Risk After Russian Invasion - WSJ. On top of that ‘legitimate’ work, Ukraine has also been home to some of the...
Sigh! How dumb and immoral can hackers get?
You can only sigh! We are witness astounding bravery and inspirational leadership in the Ukraine. We are watching the unfortunate abandoning everything they have built up to become refugees as they flea the dangers. The world is heartbroken. But amongst us there are...
Who really controls your organisation’s IT systems and your data?
Do you know who owns and leases your operational equipment, or your buildings, plant and other physical facilities..Can you say who controls your IT? How flexible is your IT supply chain to meet your not-for-profit's ongoing needs? You exist to serve your community -...
Are you maximising your Not-For-Profit’s technology investment?
Every organisation has to be careful when making IT investments - as everyone has competing projects demanding attention. It seems even more heightened in the not-for-profit sector when reducing money needed for infrastructure frees up resources for community...