If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
5 Quick IT Wins That Cut Costs in 90 Days
5 Quick IT Wins That Cut Costs in 90 Days A survival guide for NZ professional services, charities & manufacturers under pressure.Cheaper Biscuits & No Colour Printing? Yep, times are tough. The NZ economy is putting pressure on every dollar. The lunchroom...
Webinar Replay – Securing the Mobile Frontier: Cybersecurity Essentials for Phones and Tablets for Modern Businesses
As mobile devices become the backbone of modern business operations, they also present a growing target for cyber threats. Apple or Android - they're both important. Every time you use these to access your Teams, Email or anything else, you are relying on them to be...
Can Copilot tame your Outlook Inbox?
Is your email inbox overflowing? You’re not alone. Managing a busy inbox can be time-consuming and draining. The average professional deals with around 100+ emails a day, and over half of those could be spam or trivial notifications2. Every new email interrupting your...
Meet our upgraded Remote Engineering Team
Listening to your feedback You've told us that we need to step up our initial call contacts. We understand. These days, responsive and efficient support is not just a value-add—it is a necessity. As organisations grow, so too does the complexity of their...
Device Code Phishing: A Dangerous New Scam You Need to Know About
Device code phishing is a sneaky new way hackers are stealing people's online accounts. In device code phishing, threat actors exploit the device code authentication flow to capture authentication tokens, which they then use to access target accounts, and further gain...
Microsoft News – What you need to know about Windows and Teams changes
Microsoft have announced some changes that will impact nearly everyone. Some of these remain fluid and we will update you as soon as we know more.Microsoft Teams Unbundling Update In response to a European Commission antitrust case initiated by Slack in 2020,...
June AI Digest
AI wants to stay 'on'. Hot on the heels of Anthropic's blackmail experiment, OpenAi had a similar problem. Researchers have observed that their newest model, o3, does not consistently follow commands, particularly in relation to shutting down. In a series of...
Did AI really try to blackmail its operator?
AI attempts blackmail to avoid being turned off. During pre-release testing in May 2025, Anthropic (maker of claude.ai) conducted extensive safety evaluations using controlled scenarios to test the model's behaviour under extreme conditions. The company embedded...
New Zealand’s AI Revolution: How Artificial Intelligence is Transforming Productivity in 2025
New Zealand is experiencing a remarkable transformation in 2025, with artificial intelligence driving unprecedented productivity gains across diverse industries. According to recent surveys, 82% of New Zealand organisations now use AI in some capacity, representing a...
AI-Driven Productivity Gains in New Zealand (2025)
New Zealand’s businesses are experiencing notable productivity increases in 2025 due to the use of Artificial Intelligence (AI). Across diverse industries – from manufacturing floors to rural farms – AI technologies are streamlining operations, cutting costs, and...