Is your business at risk of being hacked? Hacking and cybersecurity concerns have become so widespread-enough among small and medium-sized enterprises around Australia that an entire industry has sprung up around protecting them.
Australian government agency, the Australian Cyber Security Centre (ACSC), has put together a list of guidelines designed to help small and medium-sized business owners mitigate the risk of cyber security incidents. In an attempt to simplify an otherwise complex range of challenges facing SMEs today, it’s been branded ‘The Essential 8.’
These essential, fundamental guidelines have been created with the knowledge that there isn’t a single ‘magic button’, or mitigation strategy, which is guaranteed to prevent cyber security incidents. Instead, it’s the ACSC’s suggestion that employing these eight strategies will make it much harder for would-be hackers to compromise your system or your business’ livelihood.
Follow these important tips and take comfort in your business being better protected from online threats:
1. Do some application ‘whitelisting’
This is the practice of specifying a list of approved software applications which can be active on your computer system or network. The goal of whitelisting is to protect computers and networks from potentially harmful applications and malicious programs including .exe, DLL, and scripts. Apply a process of application whitelisting and all non-approved applications (including malicious code) will be prevented from up-ending your IT system.
2. Consider using ‘patch applications’
Patching, or patch management is process which involves acquiring, testing, and installing multiple code changes, or ‘patches’ to a computer system. Much like sewing a patch onto a pair of jeans to cover a hole, this process is more of a stop-gap solution. This set of changes to a software program will update, fix, or improve security vulnerabilities and other bugs. In the absence of a patch, a vulnerability in application security can be used as a way for malicious code to enter the system.
3. Configure Microsoft Office macro settings
It’s sometimes the case that Microsoft Office documents containing built-in macros can be dangerous. Macros are basically bits of computer code, and they have been vehicles for malware over time. Modern versions of Office contain security features to protect you from macros. By configuring the macro settings on your Microsoft Office platform to block internet macros, you’ll allow solely vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
4. Do some user application ‘hardening’
Flash, some online ads, and Java have often been popular ways for hackers to deliver malicious code to systems. By removing or limiting the permissions of internet plug-ins and programs, you’ll be adding a safeguard against these threats. Configure your web browsers to block Flash (in fact, it’s best practice uninstall it entirely), as well as ads and Java on the internet. Also, disable all the Microsoft Office features you don’t need; and do this with web browsers and PDF viewers, too.
5. Restrict administrative privileges
Administrative privileges give the user control to make significant changes, and enable them to bypass critical security settings and access sensitive information. By restricting these privileges to a select few in your organisation, you’re ensuring that the ways and means by which would-be hackers can infiltrate your system is reduced.
6. Use patch operating systems
As we mentioned with the second of our Essentially 8, the patching process is also important for your operating system, as well as your applications. Weaknesses in the security of your operating systems can be used to further your systems’ compromise. This is especially the case if your operating systems haven’t been kept up-to-date.
7. Make sure your system requires multi-factor authentication (MFA)
This is the practice or requiring two or more forms of identification to enter a system. Usually this is going to be at least two of the three key details: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). A lot of systems use various MFAs, including having users input passwords, as well as finger print IDs, entering security keys or PINs, and tokens or one-time passcodes, sent via SMS or apps.
8. Ensure you do daily backups
Backing up important new or changed data, as well as software and configuration settings, is an important IT security measure. As is making sure that you store that data in disconnected (that is, not linked) facilities for at least three months. You also need to be able to test if this data can be restored when you need it, so make sure you test this on a regular basis, as well as when IT infrastructure changes take place. You should be backing up your data at least daily, and if you process a lot of transactions in a day, even more frequently if possible.
You shouldn’t have to handle all of these processes and protocols on your own, so ensure you hire the services of an IT firm which can implement these sorts of security measures, so you can get back to the business of running your business, without worrying that you might be vulnerable to a cyber-attack.
