Do you know where all your organisations data is? You don’t know what you don’t know

by | Jun 17, 2021 | Security

What is ‘Shadow IT’?

Shadow IT refers to the various web tools informally in use within most organisations. These tools are often chosen without reference to IT or to management in general.

They are often used for all the very best reasons. Your colleagues have work to do, and these tools help them, so they get used. You might know about some because there is a subscription charge, but others might be free.
These tools can be anything from simply keeping lists of tasks to do, sharing information or managing workflows, providing newsletter lists, or recruiting staff. Its endless.

There’s all sorts of web pages out there that your people will be finding useful and will be using.

The question is, do you know what is being used on your behalf?

Even more importantly, do you know who’s got access to them? As your staff come and go, do you know to change passwords or reset user accounts to make sure that no one who has left you (maybe even gone to a competitor) is still able to access your confidential data?

Shadow IT is one of the largest threats to data privacy in organisations today. It’s not necessarily because these sites are going to be hacked, although it’s always possible, but it’s because if you don’t know the tools are in use, then there is no way that you can manage them!

The first step to maintaining this data is to identify them, and that’s why you need new tools that are cloud focused.

If you’re still using the same old security tools that you used prior to the cloud, then you are simply not keeping up and we need to talk!

Here’s a story about what happens if you don’t have this under control: Why you need to know all the cloud services that your organisation uses – IT Solutions and Managed Services (kinetics.co.nz)

Tracking Shadow IT is part of our KARE for Security S2 plan.

 

MFA is important, but it is no silver-bullet.

MFA is important, but it is no silver-bullet.

There are no silver bullets. No one can guarantee you won’t be hacked, but we can make it harder. We can reduce your cyber-risk by taking reasonable steps to make it harder to hack you. The key is to have layers of security, and to keep reviewing the technology in use...

Disaster at Kinetics

Disaster at Kinetics

Sometimes, it feels like there is only bad news.    All businesses face challenges with suppliers, our own people and even some of our customers.  As managers, we work hard to get ahead of issues and create systems to mitigate problems, but there’s always something. ...

MS OFFICE ZERO DAY ATTACK – MAY 31st

MS OFFICE ZERO DAY ATTACK – MAY 31st

One of the scariest news items to wake up to is that there is a ‘zero-day’ vulnerability in a common piece of software. That means that the hacking community has found an opportunity to hack a bit of software and there is no update yet – ‘zero’ days to apply a fix....

Is MFA driving you mad?

Is MFA driving you mad?

Getting tired of having to open your phone for access? If so, you are not alone! But, its necessary. Hackers are counting on you suffering from an excess of having to reach for your phone to approve access, with something called “MFA Fatigue Attacks”.MFA Fatigue...

When QR codes go bad

When QR codes go bad

Thanks to Covid, we’re all familiar with QR codes. Of course, with Covid, we were using the official tracer app to scan them, but in normal use, you can just use your phone’s camera to open the link. It’s a great way to make it easy to visit a website without having...

Is nothing safe?  Fake logins!

Is nothing safe? Fake logins!

Every day, there is a new cyber-threat to watch out for, and to warn friends and colleagues about. I’m frequently stunned when talking to friends and colleagues that these threats are abstract and academic.   For the sake of absolute clarity, these cyber risks...

When hacking can help.

When hacking can help.

Ukraine is pretty well known for tech innovation. In fact it was worth $US6.8 Billion last year  Ukraine’s Booming Tech Outsourcing Sector at Risk After Russian Invasion - WSJ.   On top of that ‘legitimate’ work, Ukraine has also been home to some of the...