If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
When Geopolitical Conflict Becomes Your IT Problem
Lessons from the Stryker Cyberattack A global medical technology company. 56,000 employees. Operations in 60 countries. And in March 2026, systems wiped across every one of them — not because of a data breach or ransomware, but because of a school bombing in Iran....
When AI Becomes the Attack Tool
What the Mexico Government Breach Means for Your Business A cyberattack that unfolded over December 2025 and January 2026 has changed how security professionals think about AI . New Zealand business leaders should take note. A single attacker jailbroke Anthropic's...
A Revolution in Copilot: Adding “Tasks” goes from AI Answers to AI Action
From AI Answers to AI Action For the past year, Microsoft Copilot has helped people draft emails, summarise meetings, and analyse documents. Now Microsoft is taking the next big step with Copilot Tasks. This is a new capability that moves Copilot beyond...
How Small Businesses in New Zealand Are Using AI — And What’s Holding Them Back
Artificial intelligence has moved from buzzword to business reality for New Zealand organisations, but the picture is more complicated than the headline numbers suggest. While adoption figures look impressive on paper, a sharper divide is emerging between businesses...
Your Phone Is a Target
Why Mobile Security Can't Be an Afterthought Think about everything on your smartphone or tablet right now: your email, your banking app, Microsoft 365, client communications, multifactor authentication codes, and a direct line into your company's cloud systems. Now...
10 Windows Shortcuts That Will Save Your Team Hours
Most people learn a handful of keyboard shortcuts early in their careers and stick with them forever. Ctrl+C, Ctrl+V, maybe Alt+Tab if they're feeling adventurous. But Windows has quietly accumulated a powerful set of shortcuts that most business users have never...
5 Microsoft 365 Features That Solve Real Business Problems (No AI Required)
Since October 2025, Microsoft has rolled out more than 1,100 features across Microsoft 365, Security, Copilot, and SharePoint. It's hard to keep up! While much of the attention focuses on AI capabilities, some of the most practical improvements are the foundational...
Webinar Replay: Decoding SMB1001. Understanding Your Cybersecurity Maturity
Cybersecurity certification doesn't have to be complex or overwhelming. Understanding SMB1001: What is SMB1001 and why it was created specifically for organisations like yours The five certification levels (Bronze to Diamond) and what each means for your organisation...
Empowering Craigs Investment Partners with Microsoft 365 Copilot
Accelerating AI Adoption Across a Nationwide Network When Craigs Investment Partners embarked on their AI journey, they weren’t simply looking for a training provider. They were looking for a partner who understood the pace, precision, and care required in a highly...
5 Ways AI Can Transform Your Annual Budget Planning Process
How New Zealand businesses are using AI to build smarter, faster budgets in 2026 March marks budget season for most New Zealand businesses. Finance managers face the familiar challenge: predicting next year's needs with this year's information while wrestling with...