What is ‘Shadow IT’?
Shadow IT refers to the various web tools informally in use within most organisations. These tools are often chosen without reference to IT or to management in general.
They are often used for all the very best reasons. Your colleagues have work to do, and these tools help them, so they get used. You might know about some because there is a subscription charge, but others might be free.
These tools can be anything from simply keeping lists of tasks to do, sharing information or managing workflows, providing newsletter lists, or recruiting staff. Its endless.
There’s all sorts of web pages out there that your people will be finding useful and will be using.
The question is, do you know what is being used on your behalf?
Even more importantly, do you know who’s got access to them? As your staff come and go, do you know to change passwords or reset user accounts to make sure that no one who has left you (maybe even gone to a competitor) is still able to access your confidential data?
Shadow IT is one of the largest threats to data privacy in organisations today. It’s not necessarily because these sites are going to be hacked, although it’s always possible, but it’s because if you don’t know the tools are in use, then there is no way that you can manage them!
The first step to maintaining this data is to identify them, and that’s why you need new tools that are cloud focused.
If you’re still using the same old security tools that you used prior to the cloud, then you are simply not keeping up and we need to talk!
Here’s a story about what happens if you don’t have this under control: Why you need to know all the cloud services that your organisation uses – IT Solutions and Managed Services (kinetics.co.nz)
Shadow IT is part of our 10-point cyber-security check list
While there is no single layer of technology that can guarantee you will be safe from hackers, you can reduce your risk by adding layers of protection. How many of our 10-point check list are in place for you?
Manage My Health Data Breach – What We’ve Heard
What New Zealand Businesses Need to Learn from 126,000 Compromised Patient Records New Zealand's largest patient information portal confirmed a major cyber security breach on New Year's Eve, with up to 126,000 users potentially affected. The Manage My Health incident...
URGENT ADVISORY: We’re seeing a significant increase in authentication attacks this Christmas
Significant Hacking Trend Over this 2025/26 Christmas and New Year period, our Kinetics KARE security monitoring has detected a significant increase in sophisticated authentication attacks targeting New Zealand businesses. KARE Foundation clients are protected and...
Your Customers Need to Trust Your Emails: Here’s How DMARC 2.0 Helps
Yet another IT acronym: "DMARC" DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It's an email authentication protocol that helps protect your domain from being used in email spoofing, phishing attacks, and other cyber...
Christmas is coming. But will you get a visit from Santa or from a grinchy hacker?
Protecting Yourself from Cyber Threats While on Holiday We're more vulnerable than normal to hackers at this time of year. Unfortunately, the hackers know it and tend to be more aggressive.In the rush up to Christmas, there's normally so much to do that we're all that...
Understanding Your Microsoft Secure Score: Why Your Percentage May Drop (While Your Security Improves)
Important Update for KARE Foundation Subscribers If you've noticed your Microsoft Secure Score percentage decreasing recently, don't be alarmed. Your security hasn't weakened. In fact, Microsoft is making significant enhancements that will ultimately make your...
2025 Q4: Cyber Landscape Update (are you still feeling lucky? New Zealand’s Cyber-threat landscape demands action)
Why This Brief Matters A cybercriminal only has to be lucky once. You have to be lucky every minute of every day. That remains the stark reality for kiwi businesses in Q4 2025. This isn't another dry technical report filled with acronyms and alerts. Kinetics has...
SpamGPT: When AI Becomes a Phishing Playbook—And How to Protect Your Business
For years, we've told businesses to watch for telltale phishing signs: poor grammar, suspicious sender addresses, generic greetings. But what happens when cybercriminals have access to the same sophisticated AI tools your marketing team uses—except weaponised...
The Rise of AI-Powered Ransomware
Unveiling a dark future: The First AI-Powered Ransomware In a groundbreaking discovery, researchers at ESET have uncovered what they believe to be the first known AI-powered ransomware strain, aptly named PromptLock. This sophisticated malware is not just a step...
Webinar Replay: Rethinking Endpoint Security: Smarter Strategies for a Safer Business
Cyber-protection keeps getting more complex, more restrictive and more expensive. This month we are talking with expert Thomas Shobbrook. He updates us on the latest security trends and help us understand how well protected your device is out-of-the-box. We ask...
Webinar Replay – Securing the Mobile Frontier: Cybersecurity Essentials for Phones and Tablets for Modern Businesses
As mobile devices become the backbone of modern business operations, they also present a growing target for cyber threats. Apple or Android - they're both important. Every time you use these to access your Teams, Email or anything else, you are relying on them to be...