Modern businesses are being transformed by digital advancements like mobile devices, remote cloud support and more, but unfortunately, these technologies can serve as unintended entry points for hackers, phishing, malware, and other cyberattacks. The following eight strategies, developed by the Australian Cyber Security Centre (ACSC), are the most effective methods of increasing your business’ cyber resilience.
Application whitelisting
Having a set of pre-approved apps prevents execution of non-approved applications, including malicious code, so only allow trusted/approved programs to run on your network.
Patching applications
Security vulnerabilities in popular applications (web browsers, Microsoft Office, PDF viewers, etc.) can be taken advantage of and used to execute/spread malicious code. To protect yourself, update unsupported/old versions of software to the newest versions, and determine and apply whatever patches are required for frequently used applications.
Patching operating systems
As above, unsupported/outdated operating systems may have security flaws, so always use the latest OS versions and apply new updates/patches ASAP.
Configuring Microsoft Office macro settings
Macros are commands that automate tasks like formatting documents, but they can also be programmed to run malicious code. It is therefore best practice to enable only macros from trusted/certified sources and block macros from unfamiliar/unapproved locations.
User application hardening
Ads, plugins, and ‘extra features’ in popular applications are common methods of delivering malware. Disabling/uninstalling them will fortify your apps against unauthorised/malicious code.
Restricting administrative privileges
Admin accounts are master keys to your business’ IT assets, so follow a principle of least privilege. Only provide necessary permissions to employees who require them and review access privileges at least once annually.
Multi-factor authentication
Using multiple authentication factors (single-use passwords/tokens, biometrics, etc.) makes gaining access to your systems harder for cybercriminals, even if they know a password.
Daily backups
If you suffer a cyberattack, retrieving data, software, and configuration settings is easier if you’ve saved backups on safe local, USB, and cloud storage.
Each of these strategies has three Maturity Levels as follows:
ML1: partly aligned with the intent of the mitigation strategy
ML2: mostly aligned with the intent of the mitigation strategy
ML3: fully aligned with the intent of the mitigation strategy
ML3 is the ACSC’s recommended baseline for organisations, and Platform 24 is proud to hold ML3 status. If you’d like to implement these cybersecurity strategies for your business, contact us or call 1300 602 480 for professional IT service.
