If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
When “Legitimate” Tools Are Used Illegitimately (like booking a meeting time)
Cyber awareness isn’t just about blocking malware — it’s about recognising intent. Recently, we received a callout from a client after a user received what initially appeared to be a genuine business opportunity. The email exchange seemed credible, replies were...
Microsoft Copilot Is Moving From Chatting to Doing
If you’ve been following Microsoft Copilot for a while, you’ll have noticed something important happening. Copilot is no longer just about answering questions or drafting documents. Copilot is getting ready to do real work on your behalf. Two names you’ll hear...
The AI Agent Revolution: What OpenClaw and Paperclip Mean for Your Business
Two open-source AI tools are generating serious buzz in technology circles right now: OpenClaw and Paperclip. You may have seen the names appearing in your LinkedIn feed, or heard them mentioned at a recent industry event. If you're a business owner wondering whether...
Can you really run a business with only virtual staff?
Short answer: yes — in some cases. Longer answer: it depends on what kind of business you’re running, and what “staff” actually means in 2026. We’re seeing a growing wave of businesses experimenting with fully virtual teams — not just remote people, but AI agents...
Could you get into trouble with the law if you lose a USB stick?
A lost USB stick can be a notifiable privacy breach. Here’s why that matters It sounds old school, but USB sticks are still floating around plenty of NZ businesses. A recent draft decision note from the Office of the Privacy Commissioner is a timely reminder...
Copilot Upgrade: Is “Claude” coming to Copilot?
Copilot Upgrade: Welcoming the Sonnet Engine (Claude's engine)A Smarter, Faster Copilot Experience Microsoft has started to roll out the new Sonnet engine across Copilot! This will bring a noticeable improvement in speed, accuracy, and the quality of responses. For...
Additional M365 Security Protection Rolled Out for our KARE Foundation Customers
Turning up your cyber-security Kinetics is busy rolling out an additional security protection for Kinetics KARE Foundation customers only, designed to stop a highly active and sophisticated phishing campaign currently targeting Microsoft 365 environments worldwide. ...
Webinar Replay: What Recent Cyber-Breaches Teach Us About Protecting Your Business
Every cyber-breach tells a story, and the best way to protect your business is learning from others' experiences before they become your own. This isn't about fear—it's about learning. We'll translate real-world breach experiences into practical insights you can apply...
Microsoft Copilot in 2026: Why So Many Businesses Are Taking a Second Look
Think Copilot Was a Let‑Down? It’s Quietly Got Much Better in 2026 If you tried Microsoft Copilot early on and walked away a little underwhelmed, you’re not alone. We heard it a lot last year: “It’s interesting, but it’s not quite there yet.” The thing is that Copilot...
Your (Home/Small Business) Router Could Be Working for Criminals Right Now
Right now, somewhere in the world, a home or office router is quietly routing cybercriminal traffic, and its owner is completely unaware. That's the reality revealed by the discovery of KadNap, a sophisticated malware campaign that has become one of the most...