Cybersecurity is a hot topic right now. Businesses are facing attacks from sophisticated cybercriminals targeting money, data and identity.
97% of Australian businesses, about 2 million of them, are small businesses.
In late 2019 the Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) surveyed small businesses (read the report here) and used the data to put together a Cybersecurity Guide for Small Business which you should get here and review against what you are doing currently.
ASCS receives one report of cybercrime every ten minutes and estimates $300 million in annual losses due to cybercrime in Australia.
As a minimum, ASCS suggests that a baseline of the following eight mitigation strategies be implemented to make it harder for cybercriminals to get into systems and wreak havoc.
Mitigation Strategies to Prevent Malware Delivery and Execution
Application control or whitelisting: to prevent the execution of unapproved/malicious programs, including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
Why: All non-approved applications (including malicious code) are prevented from executing.
Patch applications: e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of the applications.
Why: Application security vulnerabilities can be used to execute malicious code on systems.
Configure Microsoft Office macro settings: in the Trust Centre to block macros from the internet and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
User application hardening: Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
Mitigation Strategies to Limit the Extent of Cyber Security Incidents
Restrict administrative privileges: to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading emails and web browsing.
Why: Admin accounts are the ‘keys to the kingdom. Adversaries use these accounts to gain full access to information and systems.
Patch operating systems: Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.
Why: Security vulnerabilities in operating systems can be used to further compromise systems.
Multi-factor authentication: including for VPNs, RDP, SSH and other remote access, and all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
Mitigation Strategies to Recover Data and System Availability
Daily backups: important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.
Why: To ensure information can be accessed following a cybersecurity incident (e.g. a ransomware incident).