If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Three key questions to assess if your IT strategy is meeting your business needs
Three key questions to assess if your IT strategy is meeting your business needs There’s a saying that goes “A goal without a plan is a wish." With that in mind, do you have an IT Strategy? Is it aligned with your business plan? The reason this is important is that...
Who really controls your IT systems and your data?
Who really controls your IT systems and your data? You know who owns and leases your operational equipment, or your buildings, plant and other physical facilities. Can you say who controls your IT? How flexible is your IT supply chain to meet your ongoing needs. Given...
Are you maximising your technology investment?
Are you maximising your technology investment? When you last made a significant IT investment, you had a clear understanding of why you made it and the return you were seeking to achieve. You might even have had to justify it to a board and make various assurances...
IT is more than silicon – have you ever stress tested the human side of your I.T?
I.T. is more than silicon - have you ever stress tested the human side of your I.T? Every chain relies on every link, and the stronger each link, then the stronger the chain - hence the saying about the weakest link. Your IT chain has people - we need to think...
Are the appropriate IT Governance controls in place to protect your business value?
Are the appropriate IT Governance controls in place to protect your organisation? In most organisations, IT has grown organically, meeting business needs as they arise. Those demands have come through thick and fast from almost all areas of the organisation's...
Are you meeting your obligations to shareholders/stakeholders?
Are you meeting your obligations to shareholders/stakeholders? Until relatively recently an organisation's board typically only got involved with IT when the management wanted to proceed with a major capital investment - a system refresh, new software or a similar...
What to look out for in Windows 11
Whether we like it or not, Windows 11 has been putting in an appearance on many of our machines. For some of us, it is exciting to get a shiny new version of Windows. The potential is compelling. For others of us, we just want to get through our work and we don't...
10 IT Questions every Law Firm should be asking about their IT
Is IT Critical To Your Law Firm? From managing matters to productivity, from Deeds and archines to Precedents and Documents, Collaboration and Filing... Law Firms RELY on IT. Here are the key questions every FIRM should be able to answer about their IT...
Is the partnership doing enough to get the cyber-security cost/risk balance right?
Cyber-security protection can feel like an unending cost.You'll already be aware that the bad news is - no matter how much you do, there is always more that can be done, and no promises that any of the steps you take will make your practice 100% safe. We keep...
Is your IT strategy meeting the business needs of your partnership
There’s a saying that goes “A goal without a plan is a wish." With that in mind, do you have an IT Strategy? Is it aligned with your practice's business plan? The reason this is important is that it allows you to make better decisions and be more proactive with your...