What to Consider?
The first element to consider is identifying which of your systems are likely to be targeted and identifying what level of protection is required. The protection may include enabling two level authentication processes, monitoring of all connections by your IT provider, ensuring all systems have all the latest patches. (Patches are when you receive a notification to update your software with the latest patch, many people ignore it, however it is best to have your IT provider to monitor this and carry out the patch updates at a time when nobody is at work. This way you have peace of mind – you will find Windows patches are monitored and updated in our Total Protection Plan – get in touch now for more details.)
Check to see what is visible to internet scanning tools. If its visible, then it becomes a potential target.
If you have Remote Desktop Protocol (RDP) connections, then either restrict those connections to authorised networks, or even better, disable all external RDP and make those users first connect via a VPN and then use RDP.
The Essential Eight
The following eight mitigation strategies have been identified by the Australian Govt Cyber Security Centre as being essential in minimising the risk to a business. If you’re a business relying on an external provider, then the monthly activities performed should include actions around the essential eight strategies to minimise risk.
- Application whitelisting, this is the practice of specifying an index of approved applications that are permitted to be present and active on a computer system. The aim is to protect the computer and the networks from harmful applications. Tasks are to identify and create the whitelist rules and then maintain it monthly.
- Patch Applications and Operating Systems is the process of updating your software applications with the latest updates from the supplier. Often these updates are addressing vulnerabilities that have been identified by the software developer. The most common patch you would be aware of is Microsoft when you shut down your system. The next most common is your anti-virus software updating its virus definitions database. Not all staff will update, and your external provider should always monitor and update where necessary, so all devices are up to date. All of this is monitored on our Total Protection Plan.
- Office Macros are programs that allow users to perform task much faster and efficiently. They are an excellent target for a hacker. They will often populate documents that appear normal but upon opening will run code inside the macro giving them control of your system. Mitigation involves only allowing the macros to run from documents in trusted locations with controlled write access.
- Restrict Administrative Privileges in effect only give access based on a user’s duties. This should be reviewed regularly and remove unnecessary system privileges. This also involves managing access to your networks and managing email access, password resets etc.
- Harden User Applications this is where you tightly control applications that can perform unwanted or potentially vulnerable actions. Examples are blocking flash applications, java plug ins etc.
- Multi Factor Authentication this is essentially the introduction of additional methods for verifying the user’s identity. They will not be given access if they cannot provide the second level of authentication. This is becoming increasingly popular and effective in managing access.
- Backup Daily this minimises the level of disruption to your business in the event of a system crash or a cyber-security incident. Plans between businesses will vary but as a minimum backup should be retained for three months and be disconnected to your system. Your IT provider should develop a backup process with you, and they should always be talking in terms of business continuity. There activity includes monitoring that the backup has occurred and ensuring the restoration process works. We can provide many backup solutions.
- How can your local Computer Troubleshooter help you?Firstly, they can provide an initial assessment of your current situation and based on that assessment recommend a solution that will involve a monthly fee based on the activities and the number of devices to be managed. To start the ball rolling call 08 8387 3889 and request that chat.
Sources for the article:
Australian Cyber Security Centre
Stay Smart Online