And with that has come the questions all business owners want the answers to. How do we prevent these attacks to our business? What should I do if my business does fall victim to an attack?
While there are several places to go for the answers, one trusted source of reliable information would be the New Zealand Governments site CERTNZ (https://www.cert.govt.nz/).
The "Computer Emergency Response Team New Zealand" is a free resource for businesses. They provide regular updates and easy to follow articles offering tips and advice. Alerts on current cyber threats in New Zealand and common threats that can cause damage to your business.
Here are their "10 Critical Controls" that every business owner, company director and C-level executives should be aware of and make sure they either have them implemented or have a plan to do so soon.
- Patch your software and systems: Making sure all your updates are regularly carried out is a good first step to securing your business. These can be scheduled to automatically happen but always check that they have run.
- Implement multi-factor authentication & verification: MFA ads a layer of security when logging in to applications. When users log in to a site they will also receive a text or email before access is approved. Often a 6 digit number is sent to the user that they have to enter before they can get into the application.
- Implement & test backups: Offsite backups can reduce the harm a ransomware attack has on your business. It is also a safeguard should you be unable to access your building due to natural or man-made disaster. Backups can be set to run once a day or multiple times, depending on the how much your business can stand to lose. Its critical backups not only run but are also tested to make sure you can restore files.
- Implement application whitelisting: Whitelisting allows only trusted applications or executable files to be accessed by your staff. Malware is often downloaded when a user is tricked into downloading it from a seemingly legitimate site. Whitelisting protects computers from these types of attacks.
- Enforce the principal of least privilege: By allowing only the minimum access users need to do their job, users are prevented from accidentally (or intentionally) causing a security incident. This also reduces the risk of hackers gaining access to your system through a compromised employee account, device, or application.
- Configure centralised logging and analysis: This can assist the detection of security incidents in your network. Having notifications for unusual events such as a user logging in at an unusual time of day or disabling security features can help identify an attack and shut it down.
- Implement network segmentation: Network segmentation breaks the network into smaller sections that are isolated from each other. This is an effective way to stop the spread of attack across the entire network. It's better to deal with a breach in part of your network than across the entire business.
- Provide a password manager: Password Management tools allow staff to have complex passwords that they don’t have to remember, or leave lying around. Many of these tools tell users if they are reusing old passwords or using the same password across multiple applications.
- Secure internet-exposed services: Leaving unused services on your system can leave you vulnerable. The risk is increased when the device is connected to the internet and not patched. Either disable or segment them from the network so it's not exposed to attack.
- Set secure defaults for Macros: These are small programs that can run in software such as Microsoft Office. Attackers can use these as a way of accessing your business. If your business does not use macros, disable them. If you do use them, set them to run in sandbox environments. This reduces the risk and reach within your network.
One of the many areas that we often help businesses with is the setting up, monitoring and testing of offsite backups. We discuss with our clients the types of files they need backing up. How often they require this to happen during the day and file recovery options. We can run daily reports to make sure the backups are happening and do test file restorations. Often a business will set these up themselves but never check to see that they are running.
If you would like to know more about implementing these critical controls, or you want to talk to us about any other IT (Information Technology) related matter, please feel free to contact Rob McEwan, Louis Fourie or Greg Taylor at Baker Tilly Staples Rodway, New Plymouth on 06 757 3809.