What is ‘Shadow IT’?
Shadow IT refers to the various web tools informally in use within most organisations. These tools are often chosen without reference to IT or to management in general.
They are often used for all the very best reasons. Your colleagues have work to do, and these tools help them, so they get used. You might know about some because there is a subscription charge, but others might be free.
These tools can be anything from simply keeping lists of tasks to do, sharing information or managing workflows, providing newsletter lists, or recruiting staff. Its endless.
There’s all sorts of web pages out there that your people will be finding useful and will be using.
The question is, do you know what is being used on your behalf?
Even more importantly, do you know who’s got access to them? As your staff come and go, do you know to change passwords or reset user accounts to make sure that no one who has left you (maybe even gone to a competitor) is still able to access your confidential data?
Shadow IT is one of the largest threats to data privacy in organisations today. It’s not necessarily because these sites are going to be hacked, although it’s always possible, but it’s because if you don’t know the tools are in use, then there is no way that you can manage them!
The first step to maintaining this data is to identify them, and that’s why you need new tools that are cloud focused.
If you’re still using the same old security tools that you used prior to the cloud, then you are simply not keeping up and we need to talk!
Here’s a story about what happens if you don’t have this under control: Why you need to know all the cloud services that your organisation uses – IT Solutions and Managed Services (kinetics.co.nz)
Shadow IT is part of our 10-point cyber-security check list
While there is no single layer of technology that can guarantee you will be safe from hackers, you can reduce your risk by adding layers of protection. How many of our 10-point check list are in place for you?
Are your legacy IT systems giving hackers a backdoor into your business?
One of our engineers was working on migrating a customer from a legacy email server into Office 365 after we discovered they were under a brute force external attack. The migration required that we receive the users passwords. These would, of course, be reset after...
Service Alert
We're experiencing an extra heavy call volume today and it's proving challenging to respond as quickly as normal. It's been brought on by an apparent Microsoft change resulting in unexpected Windows 11 upgrades. These are happening to a number of devices even if...
Breaking news: New protections added to Kinetics KARE Foundation
We have big news for Kinetics customers on our “KARE Foundation” cyber plan. We've added new Browser Cyber-Protection We’ve found an amazing new security tool called ‘Conceal' that provides even more added protection. Cyber-security is all about layers and this one...
Penetration Testing
Penetration testing is important for businesses because it helps them identify and fix security vulnerabilities before they can be exploited by attackers. It can be a significant job as it needs a team of security professionals to simulate a real-world cyberattack....
What would you do?
Imagine – you are busily going about your day when suddenly your meeting is interrupted. “No one can access their files!!!” or “We just accidently paid $50,000 to a fraudulent account and we can’t get it reversed!!!” or something similar. What would you do? Where...
Security Updates
We need to make some security changes. These are in accordance with the continued work by Microsoft to protect 365 users. This will keep your configuration current with their latest advisories but may have some (limited) impact on your IT experience. It is all about...
Layered Security Works
There is no silver bullet in cyber-security. Best practice requires layers of protection. One of those layers is ‘geo-blocking’, which means you can only log in from specified countries and overcomes many of the African and Eastern European hacker fraternities....
Look out for LinkedIn Smart Links
This is a great example of needing new tools that didn't used to exist, to keep cyber-safe, even if they add cost to our cyber-protection. Hijacking your trust in LinkedIn Cybersecurity firm Cofense have detected phishing campaigns that used LinkedIn links called...
Would your cyber-security have saved you from this hack attempt?
This is a real and very clever 'spear-phishing' attempt that one of our legal clients in Auckland received today.Would you have opened it? Would your IT have protected you?To: Me From : new customer Hello, My Husband and I are looking to buy a property (First-time...
Is it really you?
News that an elderly woman was tricked out of $100,000 over Facebook won't be a surprise to regular readers. She was fooled into thinking she was talking to a friend, and then sending money to access some make-believe Covid fund. AI makes it easy to speak in...