What should you do in periods of heightened cyber security risk?
In light of increasing political tensions, the National Cyber Security Centre has called for UK organisations to review and bolster their cyber defences where necessary due to a perceived increase in the current level of cyber threat.
While the NCSC and other security agencies have not been made aware of any direct threat to UK organisations, they are strongly encouraging businesses of all sizes to immediately review their current cyber security protocols and wider systems that are in place.
If you are unsure of how to carry this out, we have put together a comprehensive checklist to guide you through the process.
What is the current threat level?
In similar nature to financial markets and other areas of business operations, levels of risk naturally fluctuate due to the influence of external events. While a cyber-attack can take place at any moment, there may be times when the cyber threat to an organisation is greater than usual.
Concerning the nature of current events in Mainland Europe, it has widely been accepted that the risk of a cyber-attack against UK organisations has increased. Although there has been no formal threat made against UK businesses, it is expected that malicious actors will utilise the current instability in an attempt to undermine organisations’ cyber-security defences.
Due to the vast nature of the cyber security landscape, it is near on impossible to predict the exact threat to UK organisations. However, some of the most common forms of tactics utilised by hackers and scammers include:
- Ransomware and malware attacks
- Distributed Denial of Service attacks (DDoS)
- Email and messaging phishing attempts
What can you do in periods of increased risk?
In times of heightened cyber threat, it is vital to strike a balance between the threat level, the measures needed to defend against it and the impact of a potential attack. Moving to a heightened alert level can allow you to:
- Help prioritise necessary cyber security work
- Offer temporary boost to defences
- Give organisations the best chance of preventing a cyber attack
So what can you do?
Check your systems for updates and patching
One of the most common ways for a hacker or malicious actor to gain access to your systems is through outdated or unpatched networks, systems and tools. Although you should proactively check these vital parts of your business regularly, in times of increased threats, you should ensure:
- All devices are up to date, including those who run third-party software
- All internet-facing services are scanned and patched against any known security vulnerabilities
- All mission-critical databases, systems and networks are free of vulnerabilities; where vulnerabilities cannot be solved immediately, ensure mitigations are in place
Whilst it is often unintentional, the biggest cyber risk to a business is its employees. With this in mind, IT teams are encouraged to verify access control and encourage staff to ensure their logins are personal and unique to your business. Finally, review who has access to your systems and where necessary remove any inactive accounts. Other points to consider:
- Develop a password policy
- Enable multi-factor authentication
Ensure your defences are working
In instances of increased threat, it is vital to ensure your defences are working as intended. In doing such a task, you should examine every part of your current cyber security protocols including:
- Firewalls – specifically check temporary rules that have been left in place beyond their lifetime
- DDoS and traffic filtering systems
- Phishing and spam filters
- Ransomware attention
Review your backups
With ransomware attacks on the rise, malicious actors are constantly looking for new ways to render your mission-critical data useless.
To mitigate against such threats, it is imperative you ensure your backups are running correctly. Where necessary, perform test restorations from your backups to check data and files have been pulled correctly. Within this make sure your data is accessible in an offline environment.
In today’s service-based economy, working with third-party providers has become the norm. In the instances where external businesses have access to your systems, it is recommended you have a complete understanding of their operation and level of access to your system. Where access is no longer needed, it is vital, that you revoke their access immediately.
Brief your organisation
Often the greatest line of defence your business can implement is awareness training. Ensure your employees are aware of the current threat level, the most common tactics, what to do if you receive a suspicious email and how to report it.
Are you looking for some guidance with your cybersecurity or cloud strategy? Get in touch with our experts for a free consultation on 0800 612 2524 today or email email@example.com
- Reshaping the future of remote work
- Over 1/3 of UK consumers wouldn’t wait longer than 30 seconds on an unresponsive website before switching to a competitor
- High Availability vs Disaster Recovery: What’s the Difference?
- 5 ways to ensure the reliability of your IT infrastructure
- Exec Q&A with Jake Madders of Hyve Managed Hosting