With current and intensifying tensions between Ukraine and Russia, including attacks on Ukraine’s digital infrastructure, it is understandable that concern is increasing in other parts of the world, especially where sanctions have been put in place which could mean retaliation via cyber. In this article, we will highlight what cyber security you can implement to protect you and your business.
What would this mean to your operation and what steps can you take to protect yourself and your business?
Due to the Geopolitical tensions, a higher cyber security threat could mean a greater risk of being attacked via:
- Zero-Day Vulnerability. If there is a known vulnerability in your system that hasn’t yet been fixed (patched) and a cyber attacker exploits the weakness to their advantage. This could also harm your business if a firm you rely on is attacked.
- Hacktivism. An attack on your system by an individual or organisation for a social or political reason.
When the threat of a cyber attack is high, there are steps you can take to prevent breaches to your systems and mitigate losses if they occur. The UK National Cyber Centre (NCSC) has produced guidance for small and medium businesses which can be found here.
- Are all laptops, mobile devices, third-party software, firmware, internet-facing services, and key systems are patched and updated? If possible, have you turned on automatic updates?
- Are all staff passwords unique to your business systems and not used on other non-business-related systems? Have you removed all old and unused accounts, ensuring privileged access is carefully managed and, if multi-factor authentication is enabled, make sure it’s configured correctly?
- Do you have antivirus software installed and is it active? Firewalls operating as expected? Do you regularly update temporary rules to make sure they are removed as soon as they are no longer needed?
- Are you reviewing what logs you have in place, where they are stored, how long for? If you can logs should be kept for at least a month?
- Are your back-ups running correctly? When did you last do a test restoration to make sure everything comes back as it should? Do you have a recent offline copy of your backup? Does this include important external credentials, private keys, and access tokens as well as data?
- Do you have an incident response plan and is it current including escalation routes and contact details? Is the plan clear enough to who is responsible for making key decisions outside of business hours? Would the plan still be available if your systems are not?
- Are the IP addresses used by your system along with the domain names you own up to date and registration data held securely? When did you last scan your while internet footprint to check all necessary patches have been applied?
- Does your staff know what a phishing email is? Are they able to identify one, and do they know how to report it? Have reporting procedures in place? Do third parties have access to your systems? When did you last check who has access and if they still need it?
- Is your CiSP (Cyber Security Information Sharing Partnership) membership up to date in order for you to report Cyberthreats? Have you considered registering for the Early Warning service so the NCSC can let you know of any malicious activity reported to them about your systems?
- Does everyone in your organisation understand the impact of a security threat and how important it is to mitigate it?
If the worst does happen and your organisation suffers a cyber attack, a robust Cyber Insurance Policy will help you get back up and running as quickly as possible and limit the impact on your business.
If you would like further guidance including a quote for cyber insurance, please visit our Quote page or give our expert team a call on 01242 898387.