People are the weakest link
This sounds like a nightmare too impossible to happen. US soldiers putting sensitive information online in non-secure third party websites. It defies belief, yet we’re reading that it happened. The story popped up on ‘Gizmodo’
It is alleged that US Soldiers were saving sensitive information on a couple of common flashcard sites, presumably of things they were trying to memorise and learn. Even worse, their settings were on ‘public’ not ‘private’
It’s a classic warning about the risk of people, however well intentioned, saving critical data online in places the organisation is unaware of, and can’t control. That’s why our new KARE for Security S2 plan helps identify use of these sites in your organisation.
US Soldiers Accidentally Leaked Nuclear Weapons Secrets: Report (gizmodo.com)
Shadow IT
Shadow IT is one of the largest threats to data privacy in organisations today.
It’s not necessarily because these sites are going to be hacked, although that’s always possible, but just because if you don’t know the tools are in use, then there is no way that you can manage them!
The first step to maintaining this data is to identify it! That’s why you need new tools that are cloud focused. If you’re still using the same old security tools that you used to use prior to the cloud, then you are not keeping up and we need to talk!
Is your IT strategy meeting the business needs of your community?
There’s a saying that goes “A goal without a plan is a wish." With that in mind, does your organisation have an IT Strategy? Is it aligned with your board's business plan? The reason this is important is that it allows you to make better decisions and be more...
Is the board doing enough to get the cyber-security cost/risk balance right?
Is your organisation doing enough to get the cyber-security cost/risk balance right? Cyber-security protection can feel like an unending cost. Is your board aware of their obligations to your not-for-profit? Are they aware of the unique risks that most NFP's...
Does your NFP have the right relationship with your IT provider?
Do you have the right relationship with your IT provider? Regardless of whether your IT provider is your in-house IT team or a trusted business provider, do you have the right relationship with them? The right IT provider will ask "WHY" long before they ask "WHAT" and...
Does your Not-For-Profit have the right data privacy policy?
Data privacy is now a hot topic in NZ. This was driven by three main factors: 1. The GDPR (General Data Protection Regulation) which came into effect in Europe in May 2018. This introduced strict regulations on what private information is, how to get consent from...
When hacking can help.
Ukraine is pretty well known for tech innovation. In fact it was worth $US6.8 Billion last year Ukraine’s Booming Tech Outsourcing Sector at Risk After Russian Invasion - WSJ. On top of that ‘legitimate’ work, Ukraine has also been home to some of the...
Sigh! How dumb and immoral can hackers get?
You can only sigh! We are witness astounding bravery and inspirational leadership in the Ukraine. We are watching the unfortunate abandoning everything they have built up to become refugees as they flea the dangers. The world is heartbroken. But amongst us there are...
Who really controls your organisation’s IT systems and your data?
Do you know who owns and leases your operational equipment, or your buildings, plant and other physical facilities..Can you say who controls your IT? How flexible is your IT supply chain to meet your not-for-profit's ongoing needs? You exist to serve your community -...
Are you maximising your Not-For-Profit’s technology investment?
Every organisation has to be careful when making IT investments - as everyone has competing projects demanding attention. It seems even more heightened in the not-for-profit sector when reducing money needed for infrastructure frees up resources for community...
IT is more than silicon – have you ever stress tested the human side of your I.T?
Every chain relies on every link, and the stronger each link, then the stronger the chain - hence the saying about the weakest link. Your IT chain has people - we need to think about them - the volunteers, the staff users, and of course the management structure around...
Are the appropriate IT Governance controls in place to protect your community value?
In most organisations, IT has grown organically, meeting business needs as they arise. Those demands have come through thick and fast from almost all areas of the organisation's operations. IT has become integral to almost all aspects of operations in most workplaces,...