Data Leak Protection (DLP)
is the name of several policies in Office 365, setting up what data can, and can’t be, shared and with whom.
Imagine being able to automatically identify private information like passport numbers, Health IDs or bank account details and make sure that those are only being shared with people that are authorised to see them.
The good news is that you can do this with 365, provided you turn on the policies and set them up correctly, and monitor when data is shared.
Under the NZ Privacy Act, we’re all expected to take care of personal data entrusted to us and to make sure it’s only used for the purpose for which is being obtained.
With Office 365, there’s no excuse for that to be breached provided that we understand what data should be kept, what might be kept incorrectly, and how its being shared. With this we can set up rules to monitor your Office 365 system and report on how records are shared.
We include a basic set up of DLP in our KARE for Security S2 plan to get you started.
Why you need to know all the cloud services that your organisation uses – part 2 – (US DoD Nuclear Secrets!)
People are the weakest link This sounds like a nightmare too impossible to happen. US soldiers putting sensitive information online in non-secure third party websites. It defies belief, yet we’re reading that it happened. The story popped up on ‘Gizmodo’ It is alleged...
Why you need to know all the cloud services that your organisation uses
If you don't where it is, you can't protect it. Do you know where ALL your organisation's data is - not physically, but on which web and cloud services? Here's the problem. If you don't where it is, then you can't protect it. The secondary problem is finding out,...
Should it be illegal to pay ransomware in NZ?
The Trillion dollar industry At the time of writing, the Waikato DHB cyber-attack is ongoing. The government is refusing to pay the ransom as a point of principle, and it looks like every possible tool at their disposal is being used to try to recover the situation....
Stepping up your cybersecurity in 2021 – Watch the recording of our Webinar
Do I really need more cyber-security protection? What’s new in 2021?We’ve been warning about cyber-security risks for years and telling everyone that it’s getting more and more adverse. The protections that seemed excessive a year ago are now inadequate! What’s the...
Zero-Trust IT Security
'Zero-Trust' is a tough headline. Zero-trust in a world where we trust people all the time is an unpleasant concept. We trust that when we order a package online, that the vendor will take our order and not just our money, that our product will be passed to a courier...
HAFNIUM Microsoft Email Attack
Over the last few days, you may have read about a zero-day attack impacting Microsoft Exchange Servers. We became aware of this vulnerability on Wednesday last week (it was discovered on the 2nd in the USA so we were on to it immediately, allowing for time-zones) . ...
5 simple steps to stay cloud-cyber-secure
We’ve posted repeatedly about cyber-security and the need to be more vigilant and more careful, and we’ve shared real-world stories to reinforce the concern. It’s a concern then that we still see a number of organisations that remain reluctant to increase their...
Cyber-risk mitigation – why Multi-Factor Authentication (MFA) is vital, but NOT enough
We keep making the point that nothing can guarantee you won’t be hacked. But you can, and must, mitigate your cyber-risk. We think tools like Multi-Factor Authentication is crucial for protecting your IT systems – and MFA should be on EVERYTHING you use – your email...
The Worst Hack in US History
In the last week, we’ve seen two major successful attacks on critical US IT management and Cyber security tools. The first we learned about was on FireEye which is one of the leading and most trusted cyber security tools, used by much of the Fortune 500. ...
Look out for more ransomware in 2021
2020 saw a crazy amount of ransomware attacks. We've warned repeatedly of the increasing sophistication and organisation of these bad actors. Names like RangarLocker and Dharma are cyber-businesses or do it yourself cyber-crime kitsets designed to cause havoc for...