If you don’t where it is, you can’t protect it.
Do you know where ALL your organisation’s data is – not physically, but on which web and cloud services?
Here’s the problem. If you don’t where it is, then you can’t protect it. The secondary problem is finding out, because not everyone in your organisation will be onboard. It is common for people to sign up to web services because they offer something useful that helps them do their job.
They sign up using their email address and creating a password. There is the first headache – how does anyone track what has been signed up to across your organisation, let alone who has access to it? If that person leaves, no one will change the account credentials if they don’t know about it, but your ex-colleague still has access.
Secondly, what data do they upload? Is that data that you have a legal or moral responsibility for?
There’s nothing noble about Nobelium.
This isn’t theory – it’s real. USAID is a pretty important US organisation – promoting democracy and human rights around the world. Turns out, someone there was using a well-known email database tool called Constant Contact. But their account wasn’t well protected. Worse still, their account had a huge mailing set up, and of course, it had all the official USAID templates.
So, these Nobelium people, allegedly a Russian state-sponsored hacker group, compromised the Constant Contact account and sent a bulletin out. The bulletin contained malware that allowed the hackers to take command and control over victims computers. Ironically the fake email alleged interference in the US federal elections.
So, what can you do?
The first step is knowing what SaaS tools your people are using. We call this SHADOW IT and it is inevitable. Rather than stopping it, the job IT has is to identify it and manage it. The second step is to secure those platforms. That’s why our KARE for Security S2 plan contains a useful tool to help you identify what services your people are using.
Refer : What We Know About The Apparent Russian Hack Exploiting USAID : NPR
GOOD PROCESS WASN’T GOOD ENOUGH – SCAMMERS STILL WON
In August we all heard about Team NZ falling prey to a $2.8 million invoice payment fraud. It was the now-familiar story of a fake or hacked email, asking for payment to go to a different bank account. We should all be familiar with these tales by now. I’m sure that...
What is Double Key Encryption and why should you care?
Double Key Encryption (DKE) is coming soon to Microsoft 365 (E5 plans required) Like the name suggests, this is even MORE secure than the levels of encryption previously seen. Microsoft are saying that you need it if: You want to ensure that only you can ever decrypt...
How does a ransomware attack start?
When you read about the ransomware attacks, such as those on Honda, Garmin, Toll, Fisher and Paykel and Lion, it’s easy to think these attacks only target large enterprises. Unfortunately, that would be a mistaken view. The reality is that all businesses are under...
International eSecurity Compliance
It feels it's like a daily occurrence for one of our clients to be asking for assistance with a security compliance questionnaire from their client. Most of these are being driven by corporates with international footprints. This becomes complex as each jurisdiction...
3,102 reported cyber-security incidents in NZ for first half 2020.
The numbers are staggering. We always get a few clients saying "My organisation is too small, cyber-criminals won't attack us". We can state with absolute certainty that this is a fallacy. Cyber Criminals are targeting every sized organisation Remember that not...
Is “Deathstalker” coming for you?
Cyber-Crime is big business. The criminals are organised and sophisticated. Imagine if they put their ingenuity to things that are good? But alas, that's not reality. Instead we have to brace ourselves to deal with another wave of crime. Deathstalker is a such a...
Privacy Act 2020 – Are you ready for Dec 1st?
Parliament recently passed the new Privacy Act, which comes into effect on 1 December 2020. This introduces stricter measures around the storing, sharing and breach of personal information and gives the Privacy Commissioner more powers. Every organisation should have...
Is Cyber Security important at work? What about Working from Home (WFH)?
The best way that security can be managed when Working From Home (WFH) is to ensure the WFH devices are known to be patched, have AV, and are monitored. There is always going to be a risk if the device is not monitored as you won’t know what the patch/AV status is,...
Webinar : Protect your business from cyber attacks
Since Covid-19, there has been a surge in ransomware and cyber-attacks in New Zealand. For almost 25 years, Kinetics has specialised in providing comprehensive cyber security solutions and staff training to a broad cross section of the business community. Learn...