If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Damn – I just “corrupted” that document
It happens to all of us. The IT geeks tell us all to save our work to the cloud (or server for those still to move), but it’s just so convenient to have it on the desktop. We all do it. It could be a spreadsheet you want to work on or a document that a client shared...
3,102 reported cyber-security incidents in NZ for first half 2020.
The numbers are staggering. We always get a few clients saying "My organisation is too small, cyber-criminals won't attack us". We can state with absolute certainty that this is a fallacy. Cyber Criminals are targeting every sized organisation Remember that not...
Is “Deathstalker” coming for you?
Cyber-Crime is big business. The criminals are organised and sophisticated. Imagine if they put their ingenuity to things that are good? But alas, that's not reality. Instead we have to brace ourselves to deal with another wave of crime. Deathstalker is a such a...
Automating our own business processes with Microsoft 365
Normally our case studies reflect work we’ve done with clients. This time we wanted to share how we’ve used our own services through lockdown to automate a key business process. One of the challenges we’ve always had is that it can be really hard to know how long a...
Privacy Act 2020 – Are you ready for Dec 1st?
Parliament recently passed the new Privacy Act, which comes into effect on 1 December 2020. This introduces stricter measures around the storing, sharing and breach of personal information and gives the Privacy Commissioner more powers. Every organisation should have...
Nostalgia – Floppy Disks flying high in 2020
The old TRS-80 just turned 43 years old. It brings back memories of storing programmes on cassette tape. I still have copies of games I wrote and published on cassette many years ago. That got us thinking about whether their successor, floppy disks, were still in...
Is Cyber Security important at work? What about Working from Home (WFH)?
The best way that security can be managed when Working From Home (WFH) is to ensure the WFH devices are known to be patched, have AV, and are monitored. There is always going to be a risk if the device is not monitored as you won’t know what the patch/AV status is,...
What to do when the proverbial hits the fan?
What should you do when ‘Evil Corp’ comes to call? (Yes, that’s a real name.) By now, its well understood that hackers and cyber-criminals are busy and it’s only a matter of time before they hit you. They will keep trying and trying and whether they succeed, or...
Webinar : Protect your business from cyber attacks
Since Covid-19, there has been a surge in ransomware and cyber-attacks in New Zealand. For almost 25 years, Kinetics has specialised in providing comprehensive cyber security solutions and staff training to a broad cross section of the business community. Learn...
Drowning in eMail – survive the flood
It’s hard to believe there was once a world with eMail. Working from Home meant we couldn’t talk to colleagues as easily as we used to. Some messaging moved to tools like Teams, and that cut email traffic, but others stayed in eMail and inboxes were flooded. Do you...