If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Will this really ‘break’ the internet?
[header2 text="What is news?" align="left" color="#336A40" margintop=""] There's nothing worse than accidentally clicking on a daft click-bait link that re-directs you to a dodgy, untrustworthy website. They are all too common, with news you can't trust, and...
What are @Mentions in Office?
How many times,. when you are working on documents with someone else, do you want to ask them a question? "Why did you add (or remove) this section?", "How does this calculation work?" and so on. So, you stop what you are doing, send them an email or make a phone...
Tech like it’s 1999
This week, we've seen some pretty interesting tech announcements - I confess the foldable phones really interest me. While these are crazily expensive now, volume will bring the price down. But what's really interesting is imagining this tech in other applications...
Three Cyber-Insurance questions you need to consider
With all necessary attention on cyber-security and fraud, we've had a couple of people asking us about insurance solutions. This makes sense, insurance is all about mitigating risk. Of course, insurance doesn't give you a license to be careless - you still need to...
Code Red? Hacker alert
One of our clients recently found themselves dealing with one of the most brazen hack attempts I've heard to date. They'd heard from one of their customers that they (the customer) had taken a phone call purporting to be from our client, to say they'd changed...
Three every day timesaving tips
Here's three quick time-saving tips - how many did you already know? [wow_colorme]1. Reading (or writing) long - how much time do you spend scrolling up and down long emails or documents as you make sure the content fits together?[/wow_colorme] Introducing...
What’s with Windows updates now?
Is MY Windows 10 still the latest and most stable question? It's not a question we can easily answer. Windows 10 has two different update cycles - security/reliability updates (aka patches) and feature updates. Security updates are incredibly important. They are the...
Is it ok for the (Australian) government to read your data?
Late last year, the Australian Government introduced the Assistance and Access Act. This new legislation makes it mandatory for any organisation whose website or data is hosted in Australia to give Australian authorities access to their IT system if requested....
Don’t be fooled! FAKE problems.
Wow, some of the phishing hacks are getting smart! While we haven't seen this particular one ourselves yet, it's certainly good enough to fool most people! (so beware!) The clue is that it's emailed to you - a message like this wouldn't come as an email, and...
Cake Group Case Study – making paperless real
"Everyone talks about going paperless. But really achieving that has enabled us real-time feedback on health and safety on-site, our quality compliance has increased massively and our clients now have live access to work we are carrying out for them" - Dean Wall,...