Anthony Green, CREST practitioner and CTO of FoxTech, has designed and implemented some of the most secure cybersecurity systems in the UK. Here he outlines how to protect your business from attack.

Worried about cyber warfare? You’re not alone. With the threat of imminent attack from overseas malware and state-sponsored hacks increasing, the National Cyber Security Centre (NCSC) is calling for UK businesses of all sizes to ‘strengthen their cyber resilience’ in response to the ongoing situation in Ukraine.

But what does cyber resilience mean, and what actionable steps can businesses take to bolster their defences?

“Intelligence suggests that cyber warfare will target critical infrastructure such as hospitals, schools, and energy supply chains. However, the real risk for the majority of businesses is collateral damage, and it’s never been more necessary for UK services and businesses to make cyber resilience an urgent priority.

“The goal of cyber resiliency actions is to give your organisation the best chance of preventing an attack and making a quick recovery if it does happen. Many organisations don’t even have basic cyber hygiene controls in place, which means that cyber education is vital and could have a potentially huge impact on the UK’s overall resiliency to cyber threats.”

Stay informed

Can your IT strategy be summed up with the phrase ‘ignorance is bliss’? Businesses who are not fully aware of the extent of the threat and the actions they need to take will be the most vulnerable to attack. So, it’s vital to get informed.

As part of the Government Communications Headquarters (GCHQ), the NCSC website is frequently updated with the latest guidance, making it one of the best resources for UK businesses to get accurate, up-to-date advice to protect their IT ecosystem from attack. Brief your wider team on the heightened threat to ensure that everyone is on board with the further security actions you may need to take.

Protect your devices

It’s vital to protect all devices that connect to your network, including those used remotely.

Ideally, make sure your employees are using company devices. If you do not provide company devices, ensure that all personal devices that connect to your network are secured

Ask employees not to conduct personal business on their company device

Ensure that all users’ laptops, desktops, and mobile devices have been tested and patched (patching is a process that repairs security vulnerabilities)

Turn on automatic updates and always install new updates as soon as possible

Practise password security

User accounts are a common entry point for attackers – make sure yours are not an easy target.

Install two factor authentication

Disable frequent password updates that encourage employees to write down their password as a reminder

Protect against password spraying by ensuring users choose uncommon passwords. The NCSC guidance recommends disabling complexity requirements which encourage password re-use, and instead use three random words, such as phoneradiuswhile or yelljamdistance

Secure your third-party software

All your third-party software needs to be secured and any vulnerabilities should be patched. If you don’t have the expertise to do this in-house, it is highly recommended that you consult cyber security experts who can conduct vulnerability scanning and implement remedial measures for you.

Check that any third-party software such as browsers, office productivity suites, firmware and cloud-based services are patched

Make sure your firewall, endpoint security and anti-virus is properly installed and correctly configured (if it’s configured incorrectly then you may not be protected)

Review what you’re showing the internet

It’s essential to review all your internet-facing data, as you might be displaying more than you realise.

Get a low-cost or free attack surface map to discover what you have exposed to the internet

Get an expert to conduct vulnerability scanning on your internet-connected services and patch any vulnerabilities

Secure your domain registration data by implementing a strong password on your registry account

Protect against phishing

Phishing emails are by far the most common form of attack, with 83% of UK businesses experiencing a phishing attempt every week.

Take advantage of the NCSC’s free cyber security training which has a useful module on spotting and reporting phishing emails – remember that employees are the first line of defence against phishing attempts

Instil a ‘no blame’ culture to encourage employees to report when they suspect they have clicked a phishing email

Only allow necessary access

Restrict access to your systems to only those who need it and ensure that all access is secured.

Delete any inactive accounts

Check your administrative access and ensure that only those who need to are enabled to access the network to make changes

Anyone not authorised to make changes should be set to view-only

Implement strong multi-factor authentication to all administrative accounts

Get a handle on any third-party organisations who have access to your IT estate. Understand what they do, who is allowed access and what privileges they have. Remove any access that is no longer required

Create an incident response plan

If the worst does happen, you need to have a comprehensive incident response plan in place. Only 31% of companies have an agreed cyber attack response plan set up, so this step will be an urgent action for many businesses.

If you don’t have a cyber security incident response plan, see the NCSC’s guidance on creating one

If you do have a plan in place, ensure all information (especially contact details) are correct

Make sure that your plan details who has the authority to make decisions, and what will happen if the attack occurs out of office hours

Ensure your plan includes information on how you will communicate if your normal systems are down

Make sure data is regularly and securely backed up in a safe place that is unconnected to your network

Contact cybersecurity consultants

If you don’t have cyber security expertise in-house, then consulting a cybersecurity expert can help you implement the steps above. They can also carry out more advanced actions to find and fix any other vulnerabilities that are particular to your organisation.

Get an expert security assessment to scan for any remaining vulnerabilities in your network, programmes, and cloud-based services

Join a security operations centre, which can constantly monitor your system and analyse any abnormalities against the latest threat intelligence to identify and block breaches before the attacker is able to steal anything.

Undergo penetration testing (also known as ethical hacking) to understand how an attacker is likely to gain access

Get a free CyberRisk score from FoxTech (it operates like a credit score for your cyber security) to get an immediate indication of your security posture.

The consequences of falling victim to a cyber attack can be dire, so in the current threat landscape, cyber security should be at the forefront of any business’ strategy for 2022.

Companies can find out their CyberRisk score for free from FoxTech here. Further NCSC resources are also available here.