How to avert a cyber attack: The 8 essential areas to focus your efforts

South Australian Business News
Anthony Caldwell
Wednesday, February 1st 2023
Shutterstock 574552039

The terms data breach’ and cybersecurity’ have become commonplace in business conversations in recent times, with Australia experiencing two of the largest data breaches in our nation’s history in 2022.

The wide-scale theft of sensitive customer data from corporate giants Optus and Medibank has impacted millions of Australians, and undermined trust in two of our country’s most recognisable consumer brands. 

The question is: could it happen to your business?

The Optus and Medibank incidents, among a multitude of others, have brought into sharp focus the need for all businesses to improve their cybersecurity regimen. If large corporate enterprises can be hacked, then it stands to reason that smaller businesses, with thinner organisational resources and IT capabilities, are also vulnerable to attack.

Cyber attacks are really bad for business, often resulting in serious legal, financial, and reputational consequences — in some cases, cyber attacks can threaten the very existence of the business. Accordingly, it is incumbent on all business owners and operators to mitigate the risks of a cyber attack, and implement appropriate measures to secure their digital and information technology assets. 

One of the best frameworks for mitigating cyber threats is called the Essential Eight’ — a set of practical guidelines developed by the Australian Cyber Security Centre. In this article, we’ll introduce you to the Essential Eight’ and provide some advice about the actions you should take in each of the eight focus areas.

Focus area #1: Apply controls for your software applications.

Applications are the software programs that you use in your business every day to perform standard functions, tasks and actions — Microsoft Word, MYOB, Adobe Photoshop and Google Chrome are all applications’. Controlling who can access, install, and modify these programs on your computer networks is at the heart of application control. If a staff member can download a potentially-malicious executable file from the internet, and install it on the network without any processes or approvals, then this represents an application control’ issue for your business. It’s important that you have full control of the executable applications that reside on your networks and systems.

Your actions:

  • Check with your IT team/​provider to make sure that appropriate network settings and controls are in place so that activity is restricted to approved applications only. 

  • Create a whitelist’ of approved software applications for the business so that application use is documented and widely-understood.

  • Educate your staff about the dangers of introducing unauthorised applications to your computer networks

Focus area #2: Patch your software applications. 

These days, we’re all used to getting app updates on our mobile devices at regular intervals. Software applications on computer networks operate in much the same way with new versions, bug fixes, patches and enhancements released by the software vendor. Often these updates address security vulnerabilities in the software that can be exploited by hackers if they’re not patched’. For that reason, it’s important that new patches are applied in a timely fashion to avoid exploitation. Security holes discovered in internet-facing applications can be exploited by hackers within a matter of hours, so critical software updates should be applied immediately.

Your actions:

  • Check with your IT team/​provider to make sure they’re actively updating applications when patches become available (particularly critical’ updates)

  • Be cognisant of applications that are operating on older versions and make sure that you are aware of any security vulnerabilities that this may cause.

Focus area #3: Restrict administrative privileges.

Users who are granted administrative privileges for software applications and operating systems are typically able to make significant changes to the configuration and usage of the software. Hackers love to get their hands on admin’ accounts because they provide unfettered access to the system, allow them to elevate their own privileges, to hide their existence on the network, to obtain sensitive information, and to resist removal efforts. The bottom line is: the fewer admins’ there are, the fewer exploitation opportunities available to hackers.

Your actions:

  • Do an audit of users that have admin’ privileges for software on your network. Where possible, limit admin’ privileges to a small number of trusted users only.

  • Identify and remove any admin’ accounts that have shared access — it’s not good practice to have an admin’ account that can be accessed by multiple users, as it undermines accountability.

  • Make sure that departing staff members have their accounts disabled when they leave, particularly if they’re an admin’.

Focus area #4: Patch your operating systems. 

This focus area is similar to #2, but pertains specifically to the underlying operating systems’ (or OS) that power our computers and networks. Common operating systems include Microsoft Windows (the OS that powers PCs), MacOS (the OS that powers Apple Mac computers), Linux, Unix, and mobile device operating systems, Android and Apple iOS. Like applications, operating systems may have bugs’ and these can sometimes be exploited by a cyber attack, so make sure that they’re patched regularly.

Your actions:

  • Check with your IT team/​provider to make sure they’re actively updating operating systems when patches become available.

  • Ensure that operating system updates are centrally deployed across the network, rather than relying on individuals to manually update their own computers.

Focus area #5: Secure your Microsoft Office Macro settings.

This is a seemingly obscure focus area, but one which is very important if you use Microsoft Office in your business. A macro is a sequential batch of commands that can be set up within Microsoft Office files — eg. Word, Excel, Powerpoint — to automate repetitive tasks. A macro can be recorded’ and then played’ over and over to complete a series of actions in sequence — it’s much easier than doing these actions manually with individual mouse clicks. Macros can be really powerful productivity tools and they’re quite easy for novice users to create. The problem is that an adversary can create malicious macros to gain unauthorised access to information and systems.

Your actions:

  • Check with your IT team/​provider to see how macros are handled on your network. 

  • If you’re not using macros in your business, then disable them completely. Simple!

  • If you are using macros, the aim is to disable untrusted macros and to selectively trust those macros that are useful.

  • For your trusted macros, ask your IT team/​provider to have them digitally signed’ for authentication.

Focus area #6: Harden’ your software applications against exploitation.

There are a multitude of things that you can do to harden’ (the equivalent of putting a suit of armour on) your applications so that they cannot be exploited by hackers. Eliminate default usernames and passwords, enforce password complexity (nobody should have password1’ as their password), remove anonymous access to applications, eliminate shared accounts, uninstall unused components, modules and plug-ins, and lock down unused network ports, among other things.

Your actions:

  • Check with your IT team/​provider to ensure that password policies are strong and cannot be exploited. 

  • Make sure your organisational firewall is configured correctly. Firewalls are critical to secure your network perimeter and block unauthorised access.

  • Make sure you have appropriate anti-virus software in place. This software is essential to protect against malware and viruses that can compromise the security of your systems.

  • Remove any old user accounts from your software applications — particularly those people who may no longer be at your organisation!

  • Consider a commercially-available vulnerability scanning tool to identify potential security holes.

Focus area #7: Use multi-factor authentication as standard.

Multi-factor authentication is commonplace today and we’ve all used it with our Google, Apple and Facebook accounts. It’s when you are sent a code via SMS or email to authenticate your identity when logging in to a system: your username/​password is the first factor’, and the SMS/​email code is the second factor’. The multiple layers of authentication (think of it like a bank’s 100-point identity check) greatly reduces the prospect of somebody getting unauthorised access to your accounts. Most modern, internet-facing software applications have multi-factor authentication as standard. Sometimes it is optional’ and needs to be turned on by an administrator. Multi-factor authentication now also routinely incorporates biometric checks — fingerprints, retina scans and facial recognition.

Your actions:

  • Turn on multi-factor authentication as standard for ALL internet-facing applications

  • If you use applications that are connected to the internet, but they do not have a multi-factor authentication capability, consider the security ramifications if a username/​password is compromised.

Focus area #8: Make regular backups and store them securely.

This is not a new thing. Backing up your data is paramount, because there will invariably come a time when you need to rely on that backed-up data — servers crash, hard disks fail, laptops get lost, and humans make errors. Backups are also extremely important should your business fall victim to a ransomware’ attack — this is when a cyber attacker steals your data and requires the payment of a ransom to give it back. Whether it’s a cyber attack by a nefarious actor, or the accidental mass deletion of files by a staff member, the fact remains that you MUST have a backup copy of your important data. There are no excuses.

Your actions:

  • Speak to your IT team/​provider about your data backup regimen. Make sure that all important data is backed up regularly in an appropriate location (eg. an offsite data centre is better than on a ZIP drive in your top drawer)

  • Document your backup/​recovery plan including the processes required to get your business back up and running should data be lost.

  • Consider encryption for sensitive data that is held in the cloud.

Don’t be like Optus and Medibank.

In 2023, all businesses — irrespective of size — need to mitigate the risks associated with a cyber attack, and implement measures to secure their digital and information technology assets. 

The Essential Eight’ provides a practical framework that business owners can follow to protect their systems and data. By following these guidelines, businesses can reduce their risk of cyber attacks and protect their sensitive data from falling into the wrong hands. 

Don’t be like Optus and Medibank.

Author

Anthony Caldwell

Manager, Marketing, Media, Communications
Recent Articles
Understanding Finance
3 Oct 2024
Are you a professional looking to enhance your understanding of finance?
National Cyber Security Awareness Month
3 Oct 2024
National Cyber Security Month
Small business grants
3 Oct 2024
Are you eligible for a small business energy grant?
Andrew Journal
3 Oct 2024
Don't waste a crisis
Right to disconnect
3 Oct 2024
Workers’ compensation claims and the new right to disconnect legislation
Showcase2024
26 Sep 2024
The Chamber Networking - Member Showcase, Hilton Adelaide Hotel, 25 September 2024