The National Cyber Security Centre (NCSC) has advised business owners to take action following Russia’s invasion of the Ukraine. With the cyber threat heightened, the NCSC has said that organisations should act on improving their resilience and bolster their online defences.
Whilst the NCSC – which is part of GCHQ - is not aware of any current specific threats to UK organisations, there has been an historical pattern of cyber-attacks on Ukraine with international consequences.
The most important thing for organisations of all sizes to do is to make sure that the fundamentals of cyber security are in place to protect devices, networks, and systems, with suggested actions to take as follows:
Check your system patching
Ensure your users’ desktops, laptops and mobile devices are all patched, including third party software such as browsers and office productivity suites. If possible, turn on automatic updates.
Verify access controls
Who has access to your systems and how, passwords, multi-factor authentication, old or unused accounts etc?
Ensure defences are working
Anti-virus software, firewalls etc
Logging and monitoring
Ensure systems are up to date
Review your backups
Are all running correctly, do you have an offline back up?
Incident plan
Make sure you have one and it’s up to date.
Check your internet footprint
Ensure that records of your external internet-facing footprint are correct and up to date.
Phishing response
Are processes in place for staff to report phishing emails?
Third party access
Remove any access that is no longer required and ensure you understand the security practices of your third parties.
NCSC services
Check your CiSP account works to share information of threats and register for the Early Warning service.
Brief your wider organisation
It is essential that the wider business understands the situation and that they are on the lookout for and understand how to report anything suspicious.
Whilst the above provides a broad overview of the actions you can take to help protect your business these shouldn’t just be actioned when the threat level increases as cyberattacks can happen at any time. Our Client Technology partners always advise that you should carry out a yearly cyber ‘health check’ or ‘MOT’ of your systems to ensure the best protection.
If you’d like to learn more about protecting your business from cyber threat, Armstrong Watson will be hosting a free webinar on Wednesday 9th April at 9.15am visit awwebinars.co.uk to register, or to speak with our Client Technology team email help@armstrongwatson.co.uk or call 0808 144 5575
If you’d like to discuss your business technology solutions and are looking for help or advice, please get in touch.
