Data Leak Protection (DLP)
is the name of several policies in Office 365, setting up what data can, and can’t be, shared and with whom.
Imagine being able to automatically identify private information like passport numbers, Health IDs or bank account details and make sure that those are only being shared with people that are authorised to see them.
The good news is that you can do this with 365, provided you turn on the policies and set them up correctly, and monitor when data is shared.
Under the NZ Privacy Act, we’re all expected to take care of personal data entrusted to us and to make sure it’s only used for the purpose for which is being obtained.
With Office 365, there’s no excuse for that to be breached provided that we understand what data should be kept, what might be kept incorrectly, and how its being shared. With this we can set up rules to monitor your Office 365 system and report on how records are shared.
We include a basic set up of DLP in our KARE for Security S2 plan to get you started.
Cyber-risk mitigation – why Multi-Factor Authentication (MFA) is vital, but NOT enough
We keep making the point that nothing can guarantee you won’t be hacked. But you can, and must, mitigate your cyber-risk. We think tools like Multi-Factor Authentication is crucial for protecting your IT systems – and MFA should be on EVERYTHING you use – your email...
The Worst Hack in US History
In the last week, we’ve seen two major successful attacks on critical US IT management and Cyber security tools. The first we learned about was on FireEye which is one of the leading and most trusted cyber security tools, used by much of the Fortune 500. ...
Look out for more ransomware in 2021
2020 saw a crazy amount of ransomware attacks. We've warned repeatedly of the increasing sophistication and organisation of these bad actors. Names like RangarLocker and Dharma are cyber-businesses or do it yourself cyber-crime kitsets designed to cause havoc for...
DDOS – Distributed Denial of Service Attack (aka what went wrong at the NZ Stock Exchange)
Denial of Service (aka what went wrong at the NZX?) In September the NZ Stock Exchange was the victim of an attempted extortion via a DDOS attack. The attack took them offline serval times over a number of days. Many business are now asking, what is DDOS and could...
Keeping our Security tools up to speed
Cyber-crime is estimated to earn criminals US$7 Trillion a year That sort of money buys cyber criminals a lot of resources. It’s no surprise then that cybercrime has its own support industries. You don’t need to access the "Darknet" to purchase hacker tools. Many...
GOOD PROCESS WASN’T GOOD ENOUGH – SCAMMERS STILL WON
In August we all heard about Team NZ falling prey to a $2.8 million invoice payment fraud. It was the now-familiar story of a fake or hacked email, asking for payment to go to a different bank account. We should all be familiar with these tales by now. I’m sure that...
What is Double Key Encryption and why should you care?
Double Key Encryption (DKE) is coming soon to Microsoft 365 (E5 plans required) Like the name suggests, this is even MORE secure than the levels of encryption previously seen. Microsoft are saying that you need it if: You want to ensure that only you can ever decrypt...
How does a ransomware attack start?
When you read about the ransomware attacks, such as those on Honda, Garmin, Toll, Fisher and Paykel and Lion, it’s easy to think these attacks only target large enterprises. Unfortunately, that would be a mistaken view. The reality is that all businesses are under...
International eSecurity Compliance
It feels it's like a daily occurrence for one of our clients to be asking for assistance with a security compliance questionnaire from their client. Most of these are being driven by corporates with international footprints. This becomes complex as each jurisdiction...
3,102 reported cyber-security incidents in NZ for first half 2020.
The numbers are staggering. We always get a few clients saying "My organisation is too small, cyber-criminals won't attack us". We can state with absolute certainty that this is a fallacy. Cyber Criminals are targeting every sized organisation Remember that not...