[et_pb_section fb_built=”1″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_row _builder_version=”4.9.4″ _module_preset=”default” custom_padding=”||0px|||”][et_pb_column type=”4_4″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_text _builder_version=”4.9.4″ _module_preset=”default” min_height=”207px” custom_margin=”||-5px|||” custom_padding=”||23px|||”]<\/p>\n
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?<\/p>\n
Here’s the problem.\u00a0 If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard.\u00a0 It is common for people to sign up to web services because they offer something useful that helps them do their job.<\/p>\n
They sign up using their email address and creating a password.\u00a0 \u00a0There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.<\/p>\n
Secondly, what data do they upload?\u00a0 Is that data that you have a legal or moral responsibility for?<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.9.4″ _module_preset=”default” custom_padding=”0px|||||”][et_pb_column type=”1_2″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_text _builder_version=”4.9.4″ _module_preset=”default” min_height=”318px”]<\/p>\n
<\/p>\n
This isn’t theory – it’s real.\u00a0 \u00a0 USAID is a pretty important US organisation – promoting democracy and human rights around the world.\u00a0 Turns out, someone there was using a well-known email database tool called Constant Contact.\u00a0 But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.<\/p>\n
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out.\u00a0 The bulletin contained malware that allowed the hackers to take command and control over victims computers.\u00a0 Ironically the fake email alleged interference in the US federal elections.<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2021\/06\/MalwareEmail.jpg” title_text=”MalwareEmail” align=”center” _builder_version=”4.9.4″ _module_preset=”default” custom_margin=”38px||||false|false” hover_enabled=”0″ sticky_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.9.4″ _module_preset=”default”][et_pb_column type=”4_4″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_text _builder_version=”4.9.4″ _module_preset=”default”]<\/p>\n
The first step is knowing what SaaS tools your people are using.\u00a0 We call this SHADOW IT and it is inevitable.\u00a0 Rather than stopping it, the job IT has is to identify it and manage it.\u00a0 The second step is to secure those platforms.\u00a0 That’s why our KARE for Security S2<\/a> plan contains a useful tool to help you identify what services your people are using.<\/p>\n