If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Why you should care about BlueKeep
Regular readers will know that we are fanatical about updates and patches for all critical software. The world is more connected and the cyber-crime community is more organised and determined than ever. If you think cyber-criminals are teenage kids working from home,...
9 Common Excel Mistakes
We were reminded of the risks of messing up spreadsheets in a recent blog post at Oracle: The scary fact they quote is that 88% of all spreadsheets are wrong! The consequences of relying on bad information as a result can be insane! That reminded me of a couple of...
Feeling less Vulnerable
When the Microsoft cloud had a momentary failure in early May, most of us had an uncomfortable hour with limited access to our files and systems. It seems that some red-faced engineer at Microsoft made a simple small mistake that impacted systems all around the...
RIP Windows 7, SQL 2008 and friends
It's time to say goodbye to Windows 7 The end of the (support) road is approaching rapidly. They are over ten years old which is ancient in IT terms. If you think about tech around your home or in your daily life, then its quite understandable that these products...
The alarming business models of cyber-criminals
Cyber-crime has become big business It's organised, and the purveyors are shameless in their determination to steal from all of us. Heaven only knows where they get their names from. One group we recently became aware of is called 'PINCHY SPIDER', and they are doing...
Anyone can be hacked! And anyone can be the cause.
Guess who got hacked? In recent articles, we’ve warned that people are the weakest link in your IT security. We’ve also warned that any business is a target. No one is immune. Tech companies like us are especially cautious because, in order to do our job, we have...
Updated Privacy Laws coming to NZ
Overshadowed by overseas privacy law changes like GDPR, our own NZ Privacy legislation has flown a little under the radar. But rest assured, changes are coming here as well. The last change in NZ Law was 1993, and it was world-leading at the time. Then in 2011, the...
Te Whangai – Growing People by Growing Plants
We are incredibly proud to have helped The Te Whangai Trust. They are an amazing organisation. There’s a whole group of society that miss out on the opportunities many of us take for-granted. While many under-privileged members of our community can access various...
Using the Cloud to compete globally from New Zealand
As a small kiwi business working in a global context, The Conference Company (TCC) faced some unique challenges. They compete around the world to host some of the most pre-eminent events against impressive competition from much larger operations. TCC has to present...
Have you noticed the new Office search?
We love that Office365 keeps improving. One of the most common challenges we all have is finding things. So, if this resonates for you, the new search feature might be just what you need. [header2 text="Microsoft Search in Office" align="left" color="#336A40"...