Balancing cyber risk and defence
The threat to an organisation can vary over time, however, it’s important at all times to create a balance between the current threat, the measures needed to defend against it, and the overall risk the threat poses to the organisation.
In the event that a cyber threat to an organisation is greater than usual, moving to a heightened alert can:
Help prioritise necessary cyber security work
Offer a temporary boost to defences
Give organisations the best leverage for preventing a cyber attack when it may be likely, and recovering quickly when it happens.
Check your system patching
Make sure your user’s laptops, desktops and mobile devices are all patched. This also includes third-party software such as browsers and office productivity suites. Ensure your internet-facing services are patched for known security vulnerabilities, as internet-facing services with unpatched security vulnerabilities are an unmanageable risk.
Verify access controls
It’s a good idea to ask staff to ensure that their passwords are unique to your business systems and are not to be shared across other non-business or personal systems. Make it a regular habit to review all user accounts and disable any old or unused accounts. It’s also important to check over any accounts that have privileged or administrative access and ensure that they’re carefully managed, as these accounts have access to sensitive recourses and confidential information which will need to be adequately protected.
Ensure defences are working
Ensure antivirus software is installed and complete regular checks to confirm that it is active on all systems and that signatures are updating correctly. Firewall rules will also need regular checks, as temporary rules can expire and be left in place beyond their expected lifetime.
Review your backups
Perform test restorations from your backups to ensure that they are running correctly and that the restoration process is familiar to you and your colleagues. Make sure there is an offline copy of your backup, and that it is always recent enough to be used if an attack results in loss of data or system configuration.
Incident plan
Your incident response plan should be up to date and contains clarity on who has the authority to make key decisions, including outside of office hours. The incident response plan should be available at all times, even if your business systems are not.
Check your internet footprint
Check that the records of your internet-facing footprint are up-to-date and correct, this includes IP addresses your systems use while browsing, or which domain names belong to your company. Ensure that domain registration data is held securely and that any delegations are as expected. You can also perform an external vulnerability scan on your entire internet footprint to check that everything that needs to be patched has been patched.