NCSC advises UK companies to prepare against cyber attacks
The National Cyber Security Centre (NCSC) is the UKs only technical authority for cyber incidents. It is an organisation of the government that forms part of the GCHQ and offers advice, monitors incidents and provides technical support to help make the UK a safe place to live and work online.
With the unfortunate events continuing in the Ukraine, the NCSC believes that there is a heightened risk of cyber threat to UK businesses and has called upon all companies to bolster their online defences immediately to reduce the risk of falling victim to an attack. They are clear that any protective measures you take must be relative to your organisation and the cost of defending yourself must be weighed against the overall risk to your business. It’s all about reducing your vulnerability to attack by making sure you have the fundamentals of cyber security in place and that you practice good cyber hygiene throughout your business. The recommendations that the NCSC have published are easy to implement and shouldn’t break the bank. These are the highlights:
Review who has access to your systems and their level of access. Make sure any accounts are disabled or deleted as soon as someone leaves your business. Enforce a strong password policy, we favour the 3 random words technique. Turn on Multi-Factor Authentication if it is available. Enforce password lockouts after a handful of incorrect attempts. Review what level of access any third parties may have to your systems. Operate on a minimum privilege model when determining who should have administrator access to your systems and make sure that any admin tasks are logged and can be reviewed.
Anti-Virus software is designed to detect, prevent and remove any malicious software on your devices. Make sure it is turned on and set to scan your system and update virus signatures regularly. If you can’t afford a good Anti-Virus software, Windows Defender can do a decent enough job – as long as it is enabled and your system has the latest updates.
Make sure that your operating system is updated to the latest version and that you install any security updates as soon as they are available. Where possible, set your operating system AND applications to update automatically. This applies to mobile devices as well as computers.
Make sure that you have a firewall configured to effectively shield you from outside attacks. If you don’t have a dedicated firewall you will probably still have one on your router, especially if it is provided by your ISP. Read your manual or perform a quick search on how to confirm that the firewall is enabled. Review any firewall rules that may be applied to ensure they are still required and remove them if not.
Backup your data
You may have a lot of your data stored in a cloud service and feel that makes it impenetrable – this is NOT the case. Most cloud providers only offer backups to ensure they are fulfilling their duty of availability to you, i.e., short retention periods, no protection from intentionally deleted items etc. Take our word on this, it’s worth spending a little on backups to make sure you can recover from any potential loss of data as a result of an attack. Once you have backups – TEST them! An untested backup is not a backup at all.
Have a Business Continuity Disaster Recover (BCDR) plan that includes a specific incident management plan. Determine exactly how you intend on recovering from an attack and again, test the plan.
Training and Awareness
Your staff are the way in for most hackers, intentionally or otherwise. Train them well, encourage a culture of security where people report phishing attempts and question anything suspicious. Make sure everyone knows what threats are out there and that they remain vigilant at all times.
With only a small amount of your time, you can implement these security fundamentals at little to no cost to your organisation.