Securing the fort and reducing the risk of becoming the next cyber-attack victim

Cyber security and data breaches have been headline news throughout much of 2022, with an Australian based telco and health fund falling victim to cyber criminals.

The topic of cyber is certainly unnerving for many but the good news is that there are several things your organisation can ensure it is doing now to reduce the risk of a harmful cyber-attack impacting your operations, processes and technology, with a view to ultimately minimising interruption and costs to your business.

1. Mandate that only strong secure passwords are used for any user accounts. Every application should require different passwords. These passwords should be at least 12 characters in length, but longer is better. The passwords should include a combination of small letters, numbers, capital letters and special characters. This will reduce the chance that someone can guess or brute force the password. Also ensure passwords are regularly changed and that previous passwords cannot be used again.
2. Enable multifactor authentication on all accounts and applications, preferably using a hardware device such as a Yubikey or Nitrokey. Ideally, multifactor authentication should be required for every login without the ability for it to be disabled under any circumstances. This reduces the chance that malicious third parties can access your systems even if they have the username and password, as they will still need to get past multi-factor authentication.
3. Restrict usage of remote access methods (such as Windows remote desktop, AnyDesk and Teamviewer). This type of access should be locked down and, if installed or available, should be monitored and secured by your IT team. This will reduce the chance of malicious third parties gaining access to your system through those remote access methods.
4. Implement firewalls to limit access from offsite and, if access to any applications or servers needs to be done offsite, ensure that any access required going through a VPN, which has geo-blocking enabled. Further, access to the VPN should require a username, password and two-factor authentication.
5. Ensure access to company resources or applications can only be through company supplied hardware (such as laptops and phones). This hardware should be secured by your IT team and it should be kept up-to-date with the latest security patches. This is because new vulnerabilities are always being discovered, and patches are often released to combat these vulnerabilities.
6. Secure company hardware by encrypting it and locking it behind a secure password. This will reduce the chance that malicious third parties will be able to access the data even if they managed to get hold of the hardware.
7. Install effective monitoring tools on your servers which are checked regularly and provide real time alerts. These tools can help provide your IT team with a better understanding of what is happening on each server and their specific status. In addition, with real-time alerts, your IT team will be made aware of ongoing attacks so they can shut down systems appropriately.
8. Provide mandatory and regular training to all staff with respect to cyber risks and phishing scams. This will reduce the risk of malicious third parties gaining access to your systems through social engineering.
9. Ensure that access to USB drives is secured and must undergo a security prior to being used.
10. Implement processes that mean before data is taken off company systems, it must first go through proper channels for authorisation and that any data is encrypted and password protected.
11. Make investment in cyber security a serious priority for your company. Recognise cybersecurity as more than just an "IT problem" and consider seeking cybersecurity risk management reviews from specialists, as well as expanding your current information technology resources to include cybersecurity specialties.
    
12. Critically, have cyber incident response experts on speed dial, should the worst happen. It is always advisable to call in cyber experts without delay to minimse the impact on your business and meet any regulatory and/ or compliance obligations.

Need help?

Should you or your IT team require assistance with any of the above, we would be pleased to connect you with our panel of cyber security and or forensic IT specialists.

Much like the fact that cyber insurance has become a "must-have" purchase for businesses, if the worst happens, the next "must-have" purchase is expert-led cyber incident response services, like what we can assist with at Crawford.

In managing a successful response, our cyber team consists of incident response coordinators, loss adjusters, forensic accountants and lawyers. Crawford works with you to help project manage the entire response to a cyber incident when you are most vulnerable.

Our in-house expertise is combined with pre-approved, highly vetted vendors across IT forensics, dark web monitoring, extortion and more. Together, with Crawford and our panel of relevant experts, your total cyber incident response is covered.

All of the above is undertaken with a view to mitigating the impact of the incident, whilst controlling cost and spend from the outset.

Key Crawford Contacts:

This article is intended for informational use only and is not intended as formal advice. If you would like advice around cyber risk, please contact us.

Public link

Please use the above public link if you want to share this noodl on another website.