Anthony Green, CREST practitioner and CTO of FoxTech, has designed and implemented some of the most secure cybersecurity systems in the UK. Here he outlines how to protect your business from attack.
Worried about cyber warfare? You’re not alone. With the threat of imminent attack from overseas malware and state-sponsored hacks increasing, the National Cyber Security Centre (NCSC) is calling for UK businesses of all sizes to ‘strengthen their cyber resilience’ in response to the ongoing situation in Ukraine.
But what does cyber resilience mean, and what actionable steps can businesses take to bolster their defences?
“Intelligence suggests that cyber warfare will target critical infrastructure such as hospitals, schools, and energy supply chains. However, the real risk for the majority of businesses is collateral damage, and it’s never been more necessary for UK services and businesses to make cyber resilience an urgent priority.
“The goal of cyber resiliency actions is to give your organisation the best chance of preventing an attack and making a quick recovery if it does happen. Many organisations don’t even have basic cyber hygiene controls in place, which means that cyber education is vital and could have a potentially huge impact on the UK’s overall resiliency to cyber threats.”
Can your IT strategy be summed up with the phrase ‘ignorance is bliss’? Businesses who are not fully aware of the extent of the threat and the actions they need to take will be the most vulnerable to attack. So, it’s vital to get informed.
As part of the Government Communications Headquarters (GCHQ), the NCSC website is frequently updated with the latest guidance, making it one of the best resources for UK businesses to get accurate, up-to-date advice to protect their IT ecosystem from attack. Brief your wider team on the heightened threat to ensure that everyone is on board with the further security actions you may need to take.
Protect your devices
It’s vital to protect all devices that connect to your network, including those used remotely.
Ideally, make sure your employees are using company devices. If you do not provide company devices, ensure that all personal devices that connect to your network are secured
Ask employees not to conduct personal business on their company device
Ensure that all users’ laptops, desktops, and mobile devices have been tested and patched (patching is a process that repairs security vulnerabilities)
Turn on automatic updates and always install new updates as soon as possible
Practise password security
User accounts are a common entry point for attackers – make sure yours are not an easy target.
Install two factor authentication
Disable frequent password updates that encourage employees to write down their password as a reminder
Protect against password spraying by ensuring users choose uncommon passwords. The NCSC guidance recommends disabling complexity requirements which encourage password re-use, and instead use three random words, such as phoneradiuswhile or yelljamdistance
Secure your third-party software
All your third-party software needs to be secured and any vulnerabilities should be patched. If you don’t have the expertise to do this in-house, it is highly recommended that you consult cyber security experts who can conduct vulnerability scanning and implement remedial measures for you.
Check that any third-party software such as browsers, office productivity suites, firmware and cloud-based services are patched
Make sure your firewall, endpoint security and anti-virus is properly installed and correctly configured (if it’s configured incorrectly then you may not be protected)
Review what you’re showing the internet
It’s essential to review all your internet-facing data, as you might be displaying more than you realise.
Get a low-cost or free attack surface map to discover what you have exposed to the internet
Get an expert to conduct vulnerability scanning on your internet-connected services and patch any vulnerabilities
Secure your domain registration data by implementing a strong password on your registry account
Protect against phishing
Phishing emails are by far the most common form of attack, with 83% of UK businesses experiencing a phishing attempt every week.
Take advantage of the NCSC’s free cyber security training which has a useful module on spotting and reporting phishing emails – remember that employees are the first line of defence against phishing attempts
Instil a ‘no blame’ culture to encourage employees to report when they suspect they have clicked a phishing email
Only allow necessary access
Restrict access to your systems to only those who need it and ensure that all access is secured.
Delete any inactive accounts
Check your administrative access and ensure that only those who need to are enabled to access the network to make changes
Anyone not authorised to make changes should be set to view-only
Implement strong multi-factor authentication to all administrative accounts
Get a handle on any third-party organisations who have access to your IT estate. Understand what they do, who is allowed access and what privileges they have. Remove any access that is no longer required
Create an incident response plan
If the worst does happen, you need to have a comprehensive incident response plan in place. Only 31% of companies have an agreed cyber attack response plan set up, so this step will be an urgent action for many businesses.
If you don’t have a cyber security incident response plan, see the NCSC’s guidance on creating one
If you do have a plan in place, ensure all information (especially contact details) are correct
Make sure that your plan details who has the authority to make decisions, and what will happen if the attack occurs out of office hours
Ensure your plan includes information on how you will communicate if your normal systems are down
Make sure data is regularly and securely backed up in a safe place that is unconnected to your network
Contact cybersecurity consultants
If you don’t have cyber security expertise in-house, then consulting a cybersecurity expert can help you implement the steps above. They can also carry out more advanced actions to find and fix any other vulnerabilities that are particular to your organisation.
Get an expert security assessment to scan for any remaining vulnerabilities in your network, programmes, and cloud-based services
Join a security operations centre, which can constantly monitor your system and analyse any abnormalities against the latest threat intelligence to identify and block breaches before the attacker is able to steal anything.
Undergo penetration testing (also known as ethical hacking) to understand how an attacker is likely to gain access
Get a free CyberRisk score from FoxTech (it operates like a credit score for your cyber security) to get an immediate indication of your security posture.
The consequences of falling victim to a cyber attack can be dire, so in the current threat landscape, cyber security should be at the forefront of any business’ strategy for 2022.
Companies can find out their CyberRisk score for free from FoxTech here. Further NCSC resources are also available here.