With the political unrest in and around Ukraine, the National Cyber Security Centre have released a press release encouraging “UK organisations to take action in response to the current situation”.
Of course, cyber security should always be front of mind – but we know all too well that it often slips. But when the cyber threat is increased, it’s time to put it back to the top of any list that might be going.
It can help to get in the mindset of a ‘heightened alert’. We can’t type this quickly enough…this is not intended to panic – that’s just not how we roll. But, a sense of urgency can really help to pull teams and strategies together, quickly and efficiently.
We know there’s often a long list of things that need to be updated, reconfigured, added or removed – this is the time to prioritise the workload, allocate your resources – and, in the first instance, get those high priority items nailed.
→ We've even put together a free guide to cloud identity and access management so you can get clued up on security features like multi-factor authentication, single sign on and self service password reset.
Nine nifty tips from the NCSC to protect your business in the cloud
The NCSC have put together a list of actions for businesses to ensure that the fundamentals of cloud security are in place to protect businesses, their data, devices, networks, and systems.
1. Check your system patching Across all devices including third party software such as browsers. Turning on automatic updates will help manage this for you.
2. Verify access controls Staff should use unique passphrases and enable multi-factor authentication. Review user accounts and access privileges – remove old, unused, or unrecognised accounts – and carefully review privilege or administration rights.
3. Ensure defences are working Regularly monitor antivirus software and firewall configuration – specifically check for temporary rules that may have been left in place beyond their lifetime.
4. Logging and monitoring Sounds easy enough, but the first thing is knowing what logging is in place and where the logs are stored. Are they still fit for purpose?
5. Review your backups They’re great to have in place but… can the files actually be restored? Regularly test – it’s a belts and braces kinda scenario. And, if your cloud backups fail, it’s a good idea to have an offline one, too – y’know, just in case (the key here is to make sure it’s backed up regularly enough that the data is recent enough for it to be useful).
6. Robust incident plan Something you hope you’ll never need…but man, having one feels pretty damn good. A well-planned, well-tested response plan should cover disaster recovery, business continuity and crisis management.
7. Phishing response The hype is real. Phishing attacks are taking the cybersecurity world by storm. Making sure staff know how to spot and report phishing emails is going to be really useful over the coming months. Consider adding it to staff training and new starter inductions.
8. Third party access Quite often third-party organisations have access to your network. This is the time review who has access to what – and decide if they're still worthy of their privileges.
9. Brief your wider organisation What you really need for any successful project is buy-in from the business; from entry level to the board. Listen to your colleagues, communicate the project’s objectives and milestones/timelines clearly, and give regular, easy-to-digest updates to the wider project team (in a way that can easily be transferred to the rest of the organisation). We have also found that a supply of baked goods can help…
Don’t panic, Mr Mainwaring
If current affairs and the publishing of this press release by the National Cyber Security Centre has struck a chord of fear or despair in you, firstly, don’t panic. If you’re here, you’re taking the first step… be reassured that things can change, and, in the right hands, pretty quickly, too (Microsoft Secure Score, anyone?).
Download our free guide to cloud security.