If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
Webinar: Updating what is ‘reasonable’ to protect your organisation from cyber-crime.
Cyber-security gets harder, so we make it easier. Much as the heading may sound 'double-dutch', it isn't. Simply, the levels of protection that are 'reasonable' to protect your organisation have changed. We need to do more, and at Kinetics we know that...
Webinar Replay: 3 ways Microsoft’s Modern Workplace changes EVERYTHING
The nature of work has changed. Your team expect to work securely from anywhere, on any device, and they put a high premium on work that enriches and fulfills them. They need to be more connected, more 'plugged-in' to colleagues, partners, clients and suppliers, and...
What’s a passkey? What do they mean for my password?
Every time you sign up for something new, it seems you have to think up a new password. Sometimes you can use your Google or Facebook credentials but more often than not, you have to use your email address and come up with a new password. The lazy amongst us reuse...
Cyber-attacks on emails get faster and faster
A lot can happen between your morning coffee and your lunch. That’s all it takes to go from ‘normal’ to ‘disaster’ when the hackers strike. Microsoft researchers recently worked backwards through a ‘BEC’ attack (business email compromise – IT people love to convert...
When KARE isn’t enough
The world has changed... Since we designed our original ‘base’ KARE plans, the world has gone more mobile, more in the cloud and ‘work-from-anywhere’ is ubiquitous. And the cyber-threat environment has become much more adverse. Our KARE plans need to reflect 2023! In...
Webinar : 3 ways Microsoft’s Modern Workplace changes EVERYTHING”
The nature of work has changed. Your team expect to work securely from anywhere, on any device, and they put a high premium on work that enriches and fulfills them. They need to be more connected, more 'plugged-in' to colleagues, partners, clients and suppliers, and...
How cybersafe are you at home?
The NSA have released a ‘Cybersecurity Information Sheet’ for home networks. We know that home networks can range from simple to complex. You might have smart TVs, smart home lighting, Google Home, Alexa, alarms, cameras – the list goes on. These devices can be less...
Warning : Business Email Compromises skyrocket
The stats are in, and they are alarming! Business Email Compromise (BEC) attacks are up 81% in 2022! Small Medium Businesses often say to us that they don’t need to worry about cyber because they're not worth it for an attacker. Unfortunately, that’s incorrect. There...
Good News – Microsoft Teams is getting a makeover!
Coming in March 2023 – Teams 2.0! Faster, more responsive and with less resource requirement. That means that if you are working on the road, your laptop battery will last longer!The new version is reported to use 50% less memory, and less CPU power. The preview...
ChatGPT and other improvements coming to Microsoft Teams in March
Thanks to the demand for work-from-home, we’ve all become very used to using Microsoft Teams. We love the way it combines all our messaging, phone calls, conferencing into one, we love the way it works on all our devices and we’re adding smarts with various ‘bots into...