{"id":3491,"date":"2019-05-04T12:22:25","date_gmt":"2019-05-04T00:22:25","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=3491"},"modified":"2019-05-04T12:22:25","modified_gmt":"2019-05-04T00:22:25","slug":"anyone-can-be-hacked-and-anyone-can-be-the-cause","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=3491","title":{"rendered":"Anyone can be hacked! And anyone can be the cause."},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”4.16″ global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_row admin_label=”row” _builder_version=”4.16″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}” theme_builder_area=”post_content”][et_pb_column type=”4_4″ _builder_version=”4.16″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||” theme_builder_area=”post_content”][et_pb_text admin_label=”Text” _builder_version=”4.16.1″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ global_colors_info=”{}” theme_builder_area=”post_content” sticky_enabled=”0″]<\/p>\n

Guess who got hacked?<\/strong><\/h2>\n

In recent articles, we\u2019ve warned that people are the weakest link in your IT security<\/a>. We\u2019ve also warned that any business is a target. No one is immune.<\/strong><\/p>\n

Tech companies like us are especially cautious because, in order to do our job, we have access not just to our data but also to our customers\u2019 data. That\u2019s why Kinetics has invested in an SOC2 compliant password vault (the highest levels of security), and we\u2019re tracking and auditing access to these. We will shortly be able to extend access to this same password vault to our KARE for Security client so you can have the same levels of security.\u00a0<\/strong><\/p>\n

Microsoft?!<\/strong><\/h2>\n

Even a huge corporate with extensive controls can be compromised.<\/strong> Microsoft recently got caught, (April 2019) when a Microsoft \u2018support agent\u2019 had their credentials compromised. Microsoft have advised<\/a> industry website ]\u2018TechCrunch\u201d<\/a>\u00a0that these were used for three months to gain access to customer information!<\/p>\n

It seems that access was limited to the free email services they operate \u2013 MSN, Hotmail. Commercial tools like Office 365 were NOT compromised.<\/p>\n

\"\"<\/p>\n

Microsoft reported:<\/p>\n

\u201cMicrosoft recently became aware of an issue involving unauthorized access to some customers\u2019 web-based email accounts by cybercriminals.\u202fWe addressed this scheme by disabling the compromised credentials to the limited set of targeted accounts, while also blocking the perpetrators\u2019 access. A limited number of consumer accounts were impacted, and we have notified all impacted customers. Out of an abundance of caution, we also increased detection and monitoring to further protect affected accounts.\u201d<\/em><\/p>\n

 <\/p>\n

If you use these accounts, we recommend you change your password \u2013 NOW!<\/strong><\/p>\n

We know that Microsoft take these events seriously and they have extensive systems to protect data. This will be hugely embarrassing to them. We\u2019d just point out that it could have happened to anyone. Under new legislation like GDPR, they are now required to advise you if your data may have been impacted, so we\u2019re likely to see more transparency of these events.<\/p>\n

What should you do?<\/strong><\/h2>\n

We\u2019ve packaged up what we think are the new \u2018reasonable\u2019 steps and called it \u201cKARE for Security<\/a>\u201d.<\/strong>\u00a0<\/strong>A large number of our clients have taken this up, and they can take comfort \u2013<\/p>\n

but it is vital that all staff are taking security seriously and taking up the training we offer.<\/p>\n

Certainly, we think every business needs to consider, at a minimum:<\/p>\n