People are the weakest link
This sounds like a nightmare too impossible to happen. US soldiers putting sensitive information online in non-secure third party websites. It defies belief, yet we’re reading that it happened. The story popped up on ‘Gizmodo’
It is alleged that US Soldiers were saving sensitive information on a couple of common flashcard sites, presumably of things they were trying to memorise and learn. Even worse, their settings were on ‘public’ not ‘private’
It’s a classic warning about the risk of people, however well intentioned, saving critical data online in places the organisation is unaware of, and can’t control. That’s why our new KARE for Security S2 plan helps identify use of these sites in your organisation.
US Soldiers Accidentally Leaked Nuclear Weapons Secrets: Report (gizmodo.com)
Shadow IT
Shadow IT is one of the largest threats to data privacy in organisations today.
It’s not necessarily because these sites are going to be hacked, although that’s always possible, but just because if you don’t know the tools are in use, then there is no way that you can manage them!
The first step to maintaining this data is to identify it! That’s why you need new tools that are cloud focused. If you’re still using the same old security tools that you used to use prior to the cloud, then you are not keeping up and we need to talk!
DDOS – Distributed Denial of Service Attack (aka what went wrong at the NZ Stock Exchange)
Denial of Service (aka what went wrong at the NZX?) In September the NZ Stock Exchange was the victim of an attempted extortion via a DDOS attack. The attack took them offline serval times over a number of days. Many business are now asking, what is DDOS and could...
Keeping our Security tools up to speed
Cyber-crime is estimated to earn criminals US$7 Trillion a year That sort of money buys cyber criminals a lot of resources. It’s no surprise then that cybercrime has its own support industries. You don’t need to access the "Darknet" to purchase hacker tools. Many...
GOOD PROCESS WASN’T GOOD ENOUGH – SCAMMERS STILL WON
In August we all heard about Team NZ falling prey to a $2.8 million invoice payment fraud. It was the now-familiar story of a fake or hacked email, asking for payment to go to a different bank account. We should all be familiar with these tales by now. I’m sure that...
What is Double Key Encryption and why should you care?
Double Key Encryption (DKE) is coming soon to Microsoft 365 (E5 plans required) Like the name suggests, this is even MORE secure than the levels of encryption previously seen. Microsoft are saying that you need it if: You want to ensure that only you can ever decrypt...
How does a ransomware attack start?
When you read about the ransomware attacks, such as those on Honda, Garmin, Toll, Fisher and Paykel and Lion, it’s easy to think these attacks only target large enterprises. Unfortunately, that would be a mistaken view. The reality is that all businesses are under...
International eSecurity Compliance
It feels it's like a daily occurrence for one of our clients to be asking for assistance with a security compliance questionnaire from their client. Most of these are being driven by corporates with international footprints. This becomes complex as each jurisdiction...
3,102 reported cyber-security incidents in NZ for first half 2020.
The numbers are staggering. We always get a few clients saying "My organisation is too small, cyber-criminals won't attack us". We can state with absolute certainty that this is a fallacy. Cyber Criminals are targeting every sized organisation Remember that not...
Is “Deathstalker” coming for you?
Cyber-Crime is big business. The criminals are organised and sophisticated. Imagine if they put their ingenuity to things that are good? But alas, that's not reality. Instead we have to brace ourselves to deal with another wave of crime. Deathstalker is a such a...
Privacy Act 2020 – Are you ready for Dec 1st?
Parliament recently passed the new Privacy Act, which comes into effect on 1 December 2020. This introduces stricter measures around the storing, sharing and breach of personal information and gives the Privacy Commissioner more powers. Every organisation should have...
Is Cyber Security important at work? What about Working from Home (WFH)?
The best way that security can be managed when Working From Home (WFH) is to ensure the WFH devices are known to be patched, have AV, and are monitored. There is always going to be a risk if the device is not monitored as you won’t know what the patch/AV status is,...