If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
October 2025: Five AI Breakthroughs to change how businesses work
October 2025 was another big month for AI. We’ve picked 5 that stand out to us for highlighting. These five advances deserve your attention because they're already being integrated into tools your team likely uses daily. Here's what changed in October, and why it...
Beyond Anti-Virus: Understanding EDR and MDR for Your Business
"Do we have anti-virus?" It's one of the first cybersecurity questions business leaders ask. For many years, it was the right question. But in 2025, if anti-virus is your primary cybersecurity defence, you're bringing a lock and key to a sophisticated break-in. The...
Webinar Replay: From Firefighting to Future-Ready: Transform Your IT from Reactive Support to Strategic Business Driver
Does it seem that your IT team constantly putting out fires instead of preventing them? Are technology decisions being made in isolation without clear connection to your business goals? You're not alone. Watch this webinar recording where we'll reveal the critical...
SpamGPT: When AI Becomes a Phishing Playbook—And How to Protect Your Business
For years, we've told businesses to watch for telltale phishing signs: poor grammar, suspicious sender addresses, generic greetings. But what happens when cybercriminals have access to the same sophisticated AI tools your marketing team uses—except weaponised...
Training AI to Write Like You: A Strategic Guide to Developing Your Digital Voice
Your writing voice is one of your most valuable professional assets. It builds trust, conveys expertise, and creates connections with clients, colleagues, and stakeholders. But here's the challenge: as AI writing tools become essential business productivity tools, how...
AI’s Big September Moves
If you’ve been following the AI space lately, you’ll know it’s moving at a cracking pace. Just this month, xAI dropped Grok 4 Fast—a model that’s all about strong reasoning, but at a fraction of the cost. We’re talking 98% cheaper than its predecessor, Grok 4, for the...
Sign up now for New Zealand Cyber Smart Week
New Zealand Cyber Smart Week 2025: Oct 6-12 Transform Your Business Security The countdown is on. In just a few days, Cyber Smart Week 2025 kicks off (6-12 October), and New Zealand businesses have a crucial opportunity to strengthen their cybersecurity posture. But...
Will Microsoft’s Secure Score Requirements for IT Partners impact you?
Microsoft Secure Score Requirements for MSPs: What You Need to Know by October 2025 Microsoft is raising the security bar for Managed Service Providers (MSPs) like Kinetics Group,and the deadline is approaching faster than many realise. Starting October 1, 2025, MSPs...
Webinar Replay: Transform, Grow & Thrive — How Kinetics is Using AI to Boost Business Productivity
Rewatch our short webinar showcasing how Kinetics is harnessing the power of AI to elevate productivity, streamline operations, and safeguard sensitive data.Key Links: Next Events Webinar Slideshow Free AI Copilot Guide In this session, you'll discover: Real-world...
Is Your IT Strategic Enough? The Reality Check Most NZ Businesses Need
Your systems work. Problems get fixed. Your IT person seems busy. So why does technology still feel like a cost centre rather than a competitive advantage? If this sounds familiar, you're not alone. Most New Zealand businesses are stuck in what we call the "Technical...