If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Another drawing pen app from Microsoft and why you should use OneNote and Whiteboard
Collaborate more efficiently Microsoft Garage is their ‘skunk works’ programme to encourage employees to do things they care about. Small teams run their own ideas and trial them – a bit of an ongoing Hackathon. Many of these ideas go on to become part of Microsoft...
Bursting the bubble – what to think about before crossing the ditch?
With the Australian travel bubble opening up, many people are starting to think about heading across to see family, friends or business partners. The government has been very clear about their traffic lights, and a “flyer beware” stance, so we’ve got to be a little cautious and plan ahead. You might be planning to head across for just a day or two, but its prudent to be prepared for a longer stay.
FVLB – Migration to Azure Cloud Services
Overview The Film and Video Labelling Body (FVLB) is a not for profit organisation that is responsible for rating films that are made available to the public. The Labelling Body: Rates unrestricted films Cross-rates unrestricted films that have been rated in...
Don’t click!
We're seeing this phishing attack over and over this week. Your first clue that something is wrong is it doesn't look like voicemail emails you might typically receive. Unless you have a brand new voicemail/phone system these shouldn't change format! The second clue...
Zero-Trust IT Security
'Zero-Trust' is a tough headline. Zero-trust in a world where we trust people all the time is an unpleasant concept. We trust that when we order a package online, that the vendor will take our order and not just our money, that our product will be passed to a courier...
We are who we know
Managing contacts has become more important than ever. Here’s a few tips on how to make use of smart tools built into Outlook: 1. Rather than exchange business cards (so last century)... Share your contact details using Linked In – just hit the box on the right of the...
What is “Dark Mode”? Why should you consider it?
With all our warnings about cyber-hackers, you’d be forgiven for thinking this was another hazard. But no! Dark Mode is a good thing! You can activate it on Windows 10 by going to Settings – Personalization – Colors and picking Dark. Most phones also offer the same...
What does IT mean to you?
Who do you call when you need to : update your IT usage or data privacy policies manage your internal IT staff? select new business software, e.g. CRM or financial software? accelerate a process or break a business processing log-jam? Traditionally businesses think of...
5 simple steps to stay cloud-cyber-secure
We’ve posted repeatedly about cyber-security and the need to be more vigilant and more careful, and we’ve shared real-world stories to reinforce the concern. It’s a concern then that we still see a number of organisations that remain reluctant to increase their...
What are we about?
"Who" is sometimes just as important as "what"? As a client, you know what we do. But we thought you might want to know more about "who we are". By that we mean, "what are we about". When you boil it down, the Kinetics mission is to help our communities. That is...