Do you know where all your organisations data is? You don’t know what you don’t know

17 Jun 2021 | Security

What is ‘Shadow IT’?

Shadow IT refers to the various web tools informally in use within most organisations. These tools are often chosen without reference to IT or to management in general.

They are often used for all the very best reasons. Your colleagues have work to do, and these tools help them, so they get used. You might know about some because there is a subscription charge, but others might be free.
These tools can be anything from simply keeping lists of tasks to do, sharing information or managing workflows, providing newsletter lists, or recruiting staff. Its endless.

There’s all sorts of web pages out there that your people will be finding useful and will be using.

The question is, do you know what is being used on your behalf?

Even more importantly, do you know who’s got access to them? As your staff come and go, do you know to change passwords or reset user accounts to make sure that no one who has left you (maybe even gone to a competitor) is still able to access your confidential data?

Shadow IT is one of the largest threats to data privacy in organisations today. It’s not necessarily because these sites are going to be hacked, although it’s always possible, but it’s because if you don’t know the tools are in use, then there is no way that you can manage them!

The first step to maintaining this data is to identify them, and that’s why you need new tools that are cloud focused.

If you’re still using the same old security tools that you used prior to the cloud, then you are simply not keeping up and we need to talk!

Here’s a story about what happens if you don’t have this under control: Why you need to know all the cloud services that your organisation uses – IT Solutions and Managed Services (kinetics.co.nz)

Tracking Shadow IT is part of our KARE for Security S2 plan.

 

2021 Trend Reports confirms cyber-security advice

2021 Trend Reports confirms cyber-security advice

How many people DON’T report ransomware attacks? It’s too early to see the Q42021 results from CertNZ but their Q3 report tells there were 2,072 incidents that they responded to in Q3 and fraud/scam’s were up 25%. Their report confirms that the very risks we have been...

Hackers Caught!  Millions Seized

Hackers Caught! Millions Seized

Crime doesn’t always pay. The FSB reports (if you can read Russian) that they have taken down the “Revil” band of hackers. These are the people that have caused absolute havoc, from disrupting the US oil pipelines, to the Kaseya attack that took out businesses all...

What’s worse than having to pay Ransomware?

What’s worse than having to pay Ransomware?

The answer : Having to pay it twice - (or even more). Your Cyber-Security is under more pressure than ever. According to Infosecurity magazine, "double" extortion ransomware victims are up a massive 935% - thats a ten-fold increase year-on-year. This is driven by the...

“Phishmas” – its not that punny

“Phishmas” – its not that punny

Whatever it takes to draw your attention to Cyber Security is worth it. Just because we take time off at Christmas doesn't mean the hackers do. They have taken a lot of heart from the way we have all embraced home-delivery for our shopping and are doubling down with...

Is your Fingerprint effective security?

Is your Fingerprint effective security?

Straight out of the movies We are all used to the idea of using our fingerprints to log into our cell phones and, for some of us, our laptops. We’ve been told fingerprints are secure, and effective for ‘biometric authentication’ In the movies, we see finger prints...

Have you been vished?

Have you been vished?

What is vishing? Vishing is scamming via phone calls,  effectively "phishing" by voice, hence the name,  Voice phishing - Wikipedia  Unfortunately, like many other cyber-attacks, incidents are on the rise. Because the damage is done over a phone call, they are even...

Does the new Chinese PIPL law apply to you?

Does the new Chinese PIPL law apply to you?

If you do business in China, you need to know about the “PIPL” It’s the Chinese equivalent of the GDPR from the EU – and your responsibility to protect the data privacy of the Chinese. The law came into being relatively quickly and has already taken effect as at...

Security Training and Awareness offer

Security Training and Awareness offer

We are deploying some new tools for our KARE for Security clients. For a limited time we can share these with all our clients to give you and your colleagues some great e-security awareness training. The holiday season is targeted by scammers, they know that employees...

Helping you with Cyber Insurance Audit Forms

Helping you with Cyber Insurance Audit Forms

Cyber Security Audits are increasingly common. One cause is that we're seeing more boards ask about cyber security posture, and frankly every board needs to be asking about that. The other major prompt we see is when our clients are applying for cyber security...