October is National Cyber Security Awareness Month, an initiative designed to share up-to-date best practice for online security.
For the last 17 years the month has been used to promote cyber security and the importance of staying safe online. The idea originated in the United States and has now become a movement across the world.
Phishing attacks are on the rise, always be on the lookout!
Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website.
These types of attacks have come in different formats as of late, from SMS text messages to job adverts on LinkedIn. This only reinforces the behaviour to always ‘think before you link’.
The Centre for the Protection of National Infrastructure have launched a new app to help businesses and the public protect themselves from potential espionage. Find out more here.
Review your in-house policies
Having policies and procedures in place is great but be sure to conduct regular reviews of these policies to ensure they reflect reality.
Regularly reviewing policy documents will not only help with compliance accreditation but also ensure your business is practicing what it preaches.
Data Sensitivity Classification
Establishing a data sensitivity classification and labelling procedure is imperative to assist you with compliance and data governance across many different standards and accreditations.
Consider disabling macros
Macro enabled attachments are a popular entry point of attack. Consider disabling macros by default and provide training to staff so they are aware to not enable macros on untrusted documents.
Working to remove Shadow IT
Shadow IT is the unauthorised use of any digital service or device that is not formally approved of and supported by an organisation’s IT department. Examples of shadow IT include: Creating cloud workloads using personal accounts or credentials.
Working to remove shadow IT can help to control your assets and understand your attack surface, especially in today’s Software as a Service (SaaS) driven market.
Be event aware
Be on the lookout for cyber criminals targeting high profile events and using recent news as their topic of motivation. Always think before you click.
If Multi-factor Authentication (MFA) is used in your environment ensure it is protecting your users to its best ability, consider protection mechanisms to stop MFA fatigue. This could be via lockouts after so many MFA requests or forcing additional verification such as ‘number matching’ to help users spot fraudulent requests.
Disaster Recovery Plan
Ensure you have Disaster Recovery plans in place and playbooks to use in case of a breach. These procedures should be tested frequently to make sure you can rely on them when the time comes.
CND have been helping to protect the UK’s military networks, businesses and organisations both at home and abroad for the last 18 years. The company has a strong network of cyber security consultants across the world with members of the team in the US, Canada and the Isle of Man. To find out more visit: www.cndltd.com