If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
40 years of the IBM PC
For our working generation, desktop computers have been a mainstay of our work life. Its a very different world to the generation before us. In fact this month marks 40 years since IBM signed two young men from a new business called 'Microsoft' to write the operating...
When imitation isn’t flattery!
According to CheckPoint, Microsoft is THE most imitated brand on the internet. We all know that criminals like to pretend to be Microsoft for their phishing attempts, and in the last quarter, misuse of the Microsoft brand for this jumped dramatically – 19% of all...
Webinar: is your IT Partner missing the point?
Most IT support partners miss the most important task of all. ie what does it really take to be a valued IT Partner All IT partners will talk to you about tickets, capacity planning and life cycle replacements, cloud migrations and cyber security. But that’s...
Plucking the low-hanging fruit!
We recently moved our phones to Microsoft Teams. It’s an increasingly common configuration and means we have a single programme for our real-time collaboration. Less is more! There’s nothing like a project that removes infrastructure and risk. We have less to...
What is Double Key Encryption and why should you care?
Double Key Encryption (DKE) is coming soon to Microsoft 365 (E5 plans required) Like the name suggests, this is even MORE secure than the levels of encryption previously seen. Microsoft are saying that you need it if: You want to ensure that only you can ever decrypt...
Our FIVE favourite new features in Teams – which ones did you know about?
Its hard to imagine working through the lockdown without fast fibre internet connections and tools like Microsoft Teams. There is nothing like an imperative to help us drive change and we have seen that with Teams evolving rapidly to meet market needs. Here are our...
How does a ransomware attack start?
When you read about the ransomware attacks, such as those on Honda, Garmin, Toll, Fisher and Paykel and Lion, it’s easy to think these attacks only target large enterprises. Unfortunately, that would be a mistaken view. The reality is that all businesses are under...
Have you noticed the dictate button in your Microsoft Office toolbar?
"Dictate" is relatively recent addition to Office that allows you to dictate directly in Word. Coming shortly will be a new Transcribe feature which allows you upload an audio file, and Office will turn that directly into text. The transcription is saved into your...
Webinar : Why are businesses adopting eLearning for IT Skills even during the COVID recovery?
Even when many businesses are cutting back on costs, they continue to invest in IT skills because they: Need to get more from their teams, particularly as roles change to meet new demands Need to keep training costs down Need to show staff they are supported and...
International eSecurity Compliance
It feels it's like a daily occurrence for one of our clients to be asking for assistance with a security compliance questionnaire from their client. Most of these are being driven by corporates with international footprints. This becomes complex as each jurisdiction...