As our technological capabilities continue to advance, the risk associated from trojans, viruses or ransomware attacks become more likely to occur to businesses and organisations across the globe.
Recently, Lincoln College in Illinois fell victim to a ransomware attack, which blocked access to its systems for recruitment, retention and fundraising campaigns for three months. Despite surviving the 1918 influenza pandemic, multiple recessions and two World Wars, a large scale cyber-attack, combined with financial challenges faced from the pandemic, forced Lincoln College to close its doors permanently.
With the threat of a cyber-attack ever present to organisations large and small, now is the perfect time to conduct a health check on your current security applications to ensure your organisation stays well protected.
Ransomware, trojans, viruses, or any category of cyber-attack rely on the vulnerabilities within an organisation’s security processes and systems. The good news is that many of these vulnerabilities can be easily avoided or addressed quickly.
So, how can you protect your organisation?
Use our useful checklist below to review your security and get the information you need for a robust cyber security strategy.
1. Make sure your device operating systems (laptops, desktops, mobiles etc.) are regularly updated and automatic security updates are enabled. The older your device, the more susceptible these can be to virus and malware attacks as they will not have the same level of automatic security features as newer systems.
2. Install modern anti-virus and anti-malware software on all your devices to ensure maximum security. For example, Microsoft Defender that is built-in to Windows will ensure that your devices are fully protected with enhanced versions of the Microsoft Defender for Endpoint product available on subscription.
3. Ensure your devices are protected with firewalls and only have the minimum amount of incoming and outgoing ports open that are required i.e. essential services only. This helps reduce the attack surface and minimise the opportunity for even the smallest of attacks.
4. Back up all critical files and resources to an offsite location e.g. cloud storage, and make sure that recovery processes are regularly tested and updated. This will help to maintain a strong process for recovering data and will keep your files safe. Cloud based backup and recovery options including Azure Backup and Recovery Services can help with this.
5. Ensure there is an advanced anti-virus/anti-malware/anti-spam/anti-phishing protection system in place for every mailbox, to reduce the risk of users opening an email that they shouldn’t. Cloud based services such as Microsoft Defender for Office 365 can provide this additional level of protection.
6. Always have more than one offsite location and more than one back up of your data including data you may already have in the cloud e.g. Microsoft 365 services such as Exchange Online, SharePoint and Teams. This will ensure any sensitive or business critical data is safely protected and can be accessed from multiple locations if any issues arise.
7. Organisational admin accounts must have different log ins from the day-to-day accounts used to log in to your devices, to ensure privileged access is only enabled for a short period and to minimise the risk of privileged attacks. All admin and normal user accounts should have multi-factor authentication enabled. This helps mitigate cyber security threats by providing an additional level of security by requiring your password (something you know) and a physical device to approve authentication (something you have).
8. Macros are a small program that is written to automate repetitive tasks in Microsoft Office applications. They were the main source of malware attacks in the early days of malware attacks and are often overlooked today. Modern Microsoft Office applications detect macros and prompt the user if they want to run them. Make sure you know what the macros are doing before you agree to run them. Do not run macros from an untrusted source.
9. Try to use a modern web browser on your device such as Microsoft Edge (Chromium). This browser has built in features that enable ad blockers, prevent unwanted ads and block legacy web technologies by default that are deemed to be insecure.
10. Make sure all employees understand that opening emails, downloading attachments or clicking on links in emails from unrecognised senders can increases the risk of attacks. Support staff by creating mandatory training requirements e.g. Cyber Security awareness training and factor this into onboarding plans for new employees. There are great online training platforms available now with ready-made content that can quickly and easily be pushed out to employees. Incremental use one of these platforms, as do many of our customers.
By following these steps, you can be confident that your organisation’s threat of falling victim to a cyber-attack will be greatly reduced.
To find out more about how Telefónica Tech can help you improve your cyber-security, please get in touch to arrange a conversation with one of our experts.