Basic cyber security precautions can help you prepare for and mitigate against the vast majority of modern cyber threats.
Microsoft’s Digital Defence Report 2022 identified five cyber hygiene practices that can have a major impact on reducing cyber threats. The vital five that can protect you from 98% of cyber attacks are:
- Enable multifactor authentication
- Apply least privilege access
- Keep software up to date
- Use anti-virus software
- Protect your data.
Jeff Gonlin, Emergence Insurance’s Head of Underwriting & Product Development, says the five steps are akin to simple measures we take in other areas to protect ourselves and our assets.
“We install alarms and sprinklers to protect property. We learn basic First Aid, we lock doors when we leave home, and we encourage safe driving techniques for friends and family,” he said.
“Likewise, these five simple steps can protect ourselves and our businesses against cyber crimes, which are now highly organised and rampant. Cyber Insurance is a last-step defence; we need to improve our cyber security to ensure coverage is even available.”
Jeff says the five low cost, yet highly effective steps are essential to reduce the rapidly increasing number of cyber crimes and their potentially devastating impacts on us personally and on our businesses and clients’ businesses.
Multifactor authentication (MFA) makes it harder for attackers to use stolen or phished credentials. Without the additional factor, attackers can’t access accounts or protected resources. Enable MFA on all accounts that support it, and ensure people understand not to approve an MFA request unless they were trying to log in or access a system. Some people automatically click to approve any pop-ups they receive.
Least privilege access
Prevent attackers from spreading across your network by applying least privilege access principles, which limit user access to just in time (JIT) and just enough access (JEA). JIT/JEA systems ensure users get only the access rights needed to perform specific tasks and only for as long as needed to complete them. Combine that with policies that deny access to resources if there is any doubt over the hygiene of an account or device.
Keep software up to date
Keep applications up to date and correctly configured to mitigate against the risk of software vulnerabilities. Implement a means of updating all software and applications on all machines and endpoints so you always have the latest updates and patches. Restrict devices missing critical patches from accessing sensitive resources. Same applies for cloud services – use cloud security posture management to ensure systems are configured correctly.
Use anti-virus software
Install and enable anti-virus solutions on endpoints and all devices to stop malware attacks from executing. Use cloud-connected anti-virus services for the most current and accurate detection capabilities.
Protect your data
Know where your sensitive data is stored and who can access it. If a breach occurs, it’s critical that security teams know where the most sensitive data is stored and accessed. As we increasingly collaborate and share data, we must ensure we understand what data we have, classify it accurately, and apply sensitivity labels where appropriate. That enables us to use information protection and data loss prevention technologies to protect data with greater confidence.
Read more on Cyber Insurance and Cyber Risks on the Insurance Council of Australia (ICA) website here or to discuss your Cyber Security needs and get a quote for Cyber Insurance contact us here.