Microsoft’s latest Digital Defence Report identifies five cyber basic practices that can have a major impact on reducing the risk of a cyber attack. The most essential first line of cyber defence in any business is cyber security awareness training. According to the Australian Cyber Security Centre, an organisation should ensure that cyber security awareness training is provided to all personnel in order to assist them in understanding their security responsibilities. Furthermore, the content of cyber security awareness training should be tailored to the needs of specific groups of personnel. For example, personnel with responsibilities beyond that of a normal user will require tailored privileged user training.
The vital five Microsoft say can protect you from cyber attacks
Enable multifactor authentication
Apply least privilege access
Keep software up to date
Use anti-virus software
Protect your data.
These five low cost, yet highly effective steps are essential to reduce the rapidly increasing number of cyber attacks and their potentially devastating impacts on us personally and on our businesses. We use alarms, CCTV and fire sprinklers to protect property. We learn basic First Aid, lock doors when we leave home and we encourage safe driving techniques with our family and friends. All these simple measures help protect you and your assets.
Multifactor authentication (MFA) makes it harder for attackers to use stolen or phished credentials. Without the additional factor, attackers can’t access accounts or protected resources. Enable MFA on all accounts that support it, and ensure people understand not to approve an MFA request unless they were trying to log in or access a system. Some people automatically click to approve any pop-ups they receive.
Least privilege access
Prevent attackers from spreading across your network by applying least privilege access principles, which limit user access to just in time (JIT) and just enough access (JEA). JIT/JEA systems ensure users get only the access rights needed to perform specific tasks and only for as long as needed to complete them. Combine that with policies that deny access to resources if there is any doubt over the hygiene of an account or device.
Keep up to date
Keep applications up to date and correctly configured to mitigate against the risk of software vulnerabilities. Implement a means of updating all software and applications on all machines and endpoints so you always have the latest updates and patches. Restrict devices missing critical patches from accessing sensitive resources. Same applies for cloud services – use cloud security posture management to ensure systems are configured correctly.
Use anti-virus software
Install and enable anti-virus solutions on endpoints and all devices to stop malware attacks from executing. Use cloud-connected anti-virus services for the most current and accurate detection capabilities.
Protect your data
Know where your sensitive data is stored and who can access it. If a cyber attack or breach occurs, it’s critical that security teams know where the most sensitive data is stored and accessed. As we increasingly collaborate and share data, we must ensure we understand what data we have, classify it accurately, and apply sensitivity labels where appropriate. That enables us to use information protection and data loss prevention technologies to protect data with greater confidence.
Data from the Office of the Australian Information Commissioner’s Notifiable Data Breach Scheme continues to show the key drivers of data breaches are malicious or criminal attacks and human error.
Businesses need to:
• Understand their information assets and data • Assess their material risk and vulnerabilities • Update business critical systems and test data backups • Classify information assets and third-party arrangements • Test and update incident and breach response plans • Ensure logs capture useful information for incident investigations • Establish rigorous oversight of outsourced services and third-party risks • Implement continuous cyber security awareness training programs.
We provide Cyber Insurance solutions to assist with your business cyber protection. To discuss ways to protect your business and some risk management steps you can take, contact us today. We’re here to help protect what’s important to you.
Starting a small business in Australia requires careful planning and adherence to legal requirements. For any business insurance needs, speak first to a qualified practicing insurance broker to understand the products that are right for you and your business. Our experts will work with you to ensure your business has the right cover, should the unexpected happen.