If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
SIM Swapping Hijacking Cybercrime defeats (some) Multifactor Authentication
Today, its absolutely vital that you have multi-factor authentication on every key website you access, especially banking ones. In some cases, the multi-factor response is by way of a SMS text message sent to your phone, that you then enter into the website. Imagine...
Top Microsoft Teams Tips to Keep Your Team Together
People are already feeling strain with the rapidly changing face of Covid-19. Stress and tensions are naturally high and for many organisations this could be first time they have asked people to work remotely for extended periods. It’s definitely not our New...
Making it Work When Working From Home
Working remotely can be invigorating from time to time, but there’s a reason why we don’t do it permanently. If we’re forced to work remotely for a long period, how do we overcome isolation effects? Working together in an office has a number of social benefits. You...
Get a free copy of our COVID19 Business Readiness Kit
In this kit,we’ll take a look at how you can effectively check your systems, processes, and people are ready for the impacts of COVID19. We’ll explore the key things you need to consider relating to: The tools you use and how...
Covid-19 (CoronaVirus) and your IT
No amount of AntiVirus software will help with this one! Whether this is a "Black Swan" event or not, it's certainly having an impact. As I write this, there are stories of panic buying of hand sanitiser and face masks at the local supermarkets. That means it's...
Google Chrome – Urgent Security Warning
Security Advisory – Google Chrome Google has reported a security issue in the Chrome browser. This issue is known to attackers and it is already being exploited by some. All versions of Chrome are affected. Google have released an update for...
Are you really at threat from Cyber-Crime? 2 trillion reasons to say YES.
In New Zealand, the National Cyber Security Centre (NZ Govt - https://www.ncsc.govt.nz/ reports they reduced harm in NZ by $27.7 million in 2018/19. We know that’s just the tip of the iceberg – most cyber crime still goes unreported and certainly doesn’t get stopped...
With yet another IT security warning from the NSA, we’re being asked “so what is best practice?”
Aligning with NIST.....? Is your Cybersecurity protection matching best practice? Clearly the cybersecurity stakes are higher. The security precautions that used to be reasonable are no longer enough. Stakeholders expect businesses to do more – whether it’s your...
What will the 20’s decade bring?
There’s a debate raging in our office as to whether the new decade begins this year, 2020, or next, 2021. Regardless, we can all agree on the vast change in everyday technology since 2010. It’s a great time to reflect on what we might see in the next ten years, using...
Is your Bluetooth safe?
Bluetooth has become ubiquitous. We use it to connect our phones, laptops, keyboards, mice, headphones, speakers, cars – more and more each day. Even watches now! It seems to have got easier, maybe because we’re so practised with it. Bluetooth is everywhere. ...