Given the uptake of Office 365 by Australian businesses due to the majority of the workforce currently working from home, it is more important than ever to be talking with your local Computer Troubleshooter. This will ensure you are doing everything within your power to minimise the risk of an attack and disruption to your business.
The best form of defence against cyber-attack is to use a layered approach which means more than just having endpoint protection on your devices. Even with just Endpoint protection, too many employees and businesses do not have the latest viruses’ definitions or the latest software patches issued by the vendor.
The Computer Troubleshooters protection/managed service plans are designed to enable a business to minimise the risk and to have the confidence that all the basic mitigation strategies are deployed in your business.
No single mitigation strategy can prevent cyber-attack incidents. The Australian Cyber Security Centre located within the Australian Signals Directorate has developed eight mitigation strategies that are considered as the baseline -essential for all organisations to protect themselves against cyber incidents. Collectively this is known as the Essential Eight framework.
What other of the essential eight strategies need to be implemented?
Ensure that all executable files are restricted from being able to run. This includes ensuring this restriction applies to all servers and any workstation devices.
- Configure Microsoft 365 macro settings
Ensuring that only Microsoft office macros are allowed to deploy after the user is prompted for approval, that no security settings can be modified by a user, and that macros in documents sourced from the internet are blocked.
- User application hardening
Ensuring that web browsers are set up to block or disable support for content that uses Flash. Ensuring that web browsers are configured to block java from the internet and also to block web advertisements.
- Restrict administrative privileges
Ensuring that access to systems, applications and data repositories are validated when first requested by a privileged user. Broader Policy security controls are used to prevent privileged users from reading emails, browsing the web, and obtaining files via online services. This will include continued revalidation of users’ access at regular intervals as set by a system policy.
Ensure that information, software, and configuration settings are backed up monthly at a minimum .. Make sure that that all backups are stored for a nominated period of time between a month and three months, using multiple backups – both physical and cloud. Backups to be preserved in a non-rewritable and non-erasable manner, and restoration tested annually at the very least (though preferably on a more frequent basis). Tests to be conducted both in part and full.
Remove the stress! Be confident you have it covered.
No matter what the size of your business is, no business is safe from cyber attack unless you are proactively managing your risk in an ongoing manner. This is not something that you can ignore – it is a moving beast and your business needs to manage the risk. If you don’t have a dedicated IT department or an ongoing support department then you need to find out more about how your local Computer Troubleshooter can help. A Computer Troubleshooter will assess your risk and develop proactive managed plans of protection with you.
Sleep comfortably at night knowing your business is in safe hands. Call us on 08 8387 3889 or email email@example.com we are here to support you!