If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Security Training and Awareness offer
We are deploying some new tools for our KARE for Security clients. For a limited time we can share these with all our clients to give you and your colleagues some great e-security awareness training. The holiday season is targeted by scammers, they know that employees...
Zero-Trust Networking for real business?
Zero-trust sounds extreme Humans like to trust. We trust everyday as we drive down the street that the people coming the other way will stay in their lane. We trust that the restaurants we visit prepare our food properly and hygienically. We trust that our doctor...
Fact or Fiction? My files are in the cloud, I don’t need to worry about security any more!
If only life were so simple! We have some clients that ask us about file security in the cloud as if the answer is an absolute. Of course it isn't. The cloud is more secure than an on-premise system Assuming we’re talking about a reputable mainstream cloud, the...
Are your back ups keeping up?
Why do we need offsite, air-gapped backups? About ten years ago the age of the tape ended. USB 3 was the nail in the coffin for tapes. Finally we had something that was just as fast, but supported random access. At about the same time, we moved from data backups, to...
Deepscan Antivirus and AntiMalware
We've warned before about vulnerabilities like Spectre and Meltdown. The basic precautions are to keep your Windows, Office and other software completely up to date, and of course keeping your anti-virus current. That’s going to stop most things but lately we’ve seen...
One charging cable to rule them all?
How many old phone chargers do you have tucked away at the back of cupboards? It is such a waste of resources to have all those plastic and metal boxes that you don’t want to throw way, but can’t be sure you will ever use again. Just to make things slightly worse,...
Helping you with Cyber Insurance Audit Forms
Cyber Security Audits are increasingly common. One cause is that we're seeing more boards ask about cyber security posture, and frankly every board needs to be asking about that. The other major prompt we see is when our clients are applying for cyber security...
The 5 questions you will asking about Windows 11
1. What is it? We’ve mentioned before that Microsoft had stated that Windows 10 would be the last version of Windows and it would simply keep being updated. That’s played out well over the last many years, but now we do have a new version – Windows 11. New Windows 11...
Don’t be in the 67,500
It might be our nearest neighbour, rather than us, but its still a good indicator of the trends that we're also seeing in New Zealand. We have to remember that much cyber-crime is still not reported. Whether it's out of embarrassment or commercial sensitivity, we...
Print NIGHTMARE
If you suddenly can't print at work, it might NOT be you! It could be the "PrintNightmare" problem For months Microsoft has been battling to release a reliable update for a problem called “PrintNightmare” that’s been happening since Microsoft released an...