When it comes to shadow IT, the enterprise has three choices: It can accept it, fight it or ignore it. All too often, however, organizations choose the third option, which in most cases not only fails to satisfy individual or organizational needs but can place systems and data at risk.
Fortunately, new practices and new technologies are making it easier to accommodate shadow IT, and even use it to gain an advantage in today’s digital economy.
According to a recent report by cloud security expert Netskope, shadow IT can creep into the enterprise even when service deployment and usage policies are in place to prevent it. In its latest quarterly assessment, the company reports that half of all Box and Dropbox users maintain personal instances on these platforms along with the sanctioned presences established by their employer. This makes it extremely difficult to detect and mitigate practices like data exfiltration and file sharing between the enterprise and private instances. At the same time, the company says that upwards of 95 percent of services employed in the cloud are not enterprise-ready, with particular deficiencies when it comes to compliance with government mandates like the EU’s General Data Protection Regulation.
Wordfence researchers are warning of a new and unusually effective phishing scam designed to steal login credentials from Gmail users, though it's also been seen targeting users of other services (h/t The Register).
An email is sent to a target's Gmail account, often from someone they know whose account has been hacked using the same technique, including an image of an attachment the recipient will likely recognize from the sender.
"You click on the image, expecting Gmail to give you a preview of the attachment," Wordfence CEO Mark Maunder explains in a blog post describing the attack. "You glance at the location bar and see you accounts.google.com in there."
Do you know how to actually execute a recovery using your defined disaster recovery strategy, or will your team have to figure it out? We’ve discussed developing a disaster recovery strategy at length, but what happens when it’s time to execute your strategy?
In his poem, To a Mouse, Robert Burns provides a well-known and insightful thought, “the best-laid plans of mice and men sometimes go awry.” We’ve seen how true this can be when we must perform an actual recovery that doesn’t go as smoothly as we might have hoped, even with all of our planning and document development.
Here are some ideas on providing training and validation of the execution of your DR strategy and plans.
Buying a system that provides built-in intelligence reduces both deployment time and total cost of ownership. This results in a program that aligns with proven best practices, industry standards, and governing regulations to exceed your program’s resiliency goals.
Why try to reinvent the wheel? Why spend your time building an untested, unproven solution? The smart answer is to embrace the built-in intelligence of a tested software product. Spend your valuable time elevating your Business Continuity/Disaster Recovery (BCDR) program instead. Unlike software that you build from scratch with your vendor over the course of months or years, ResilienceONE® from Strategic BCP® provides a Business Continuity Management (BCM) solution that is ready right out of the box and instantly provides users with the following:
The Business Continuity & Disaster Recovery Manager will be responsible for ensuring the completeness, regular review, and appropriate testing of office and firm level business continuity and disaster recovery plans. This includes participating in the evaluation, design, documentation, implementation, maintenance and testing of these plans. The Manager will be responsible for reporting, analysis, risk analysis and mitigation.
How to Apply: