In 2018, cyber security threats are moving faster than ever before. The Essential Eight (EE) is a shortlist of critical data security strategies developed by the Australian Signals Directorate (ASD) that informed our White Paper, 6 Steps to Improve your Business Cyber Security, but here are some additional mitigation tactics for your corporate defences.
1. Protect Your Website Content Management System (CMS)
Good data security means protecting every access point to your network – for many businesses, that means protecting their external-facing CMS.
A compromised CMS can lead to attackers accessing other protected areas of your website, installing malware or enabling remote access for third parties (like bitcoin mining tools), or perhaps even sabotaging your reputation by publishing unsavory content on your website. Even if your website contains no private information, such a breach indicates website frailty and can damage trust with consumers.
You can mitigate threats here by:
- Using a managed CMS hosting platform, or work within the ASD’s certified list of cloud providers.
- Continuously maintain and patch your CMS to avoid publicly available frailties. This includes scripting environments, third party applications and custom code.
- Remove or disable unnecessary third-party plugins and detailed error messages that attackers can exploit.
- Employ change management in CMS deployment and file integrity monitoring.
2. Perfect your policies on social media
Social media: the Wild West of data security. Beyond the immediate risk of employees posting sensitive information on social media, staff who clearly identify as working for your organisation can do reputational damage with even a seemingly benign personal post.
The ASD warns that isolated incidences of information posted on social media, no matter how disparate, can be accrued by attackers and used for manipulation, targeted social engineering campaigns or exerting undue influence on the poster.
To mitigate risks in the social media environment, your policies must be comprehensive. They should cover:
- Whether staff can identify themselves as affiliated with the company on personal profiles.
- Training and explicit guidelines on the use of corporate social media accounts.
- When access to company social media accounts is given and revoked.
- How to recover accounts should they be hijacked and when to alert management of a potential breach.
- Password protocols – for example, to never have a browser remember account details.
Social media can be a minefield to navigate, as so much of your
security in this arena relies on basic common sense. Be as explicit as
you can in your policy about any potential threats,
and you can go a long way to protecting your business.
3. Learn to identify socially-engineered messages
Social-engineering messages are a critical part of spear-phishing campaigns, which the Australian Cyber Security Centre identified as a common threat to Australian corporates. The more education you can provide to staff on identifying these emails, the better-prepared your organisation will be in the future.
Most of the time, this can be straightforward. Teach staff to ask the following whenever they receive an email regarding sensitive information:
- Is the sender recognisable, and is their email address spelled correctly?
- Are they asking you to open a suspicious attachment or link?
- Are they requesting sensitive information or the transfer of funds?
- Is there a request for a specific activity (like enabling Microsoft Office macros)?
- Is the sender asking for information that they should not usually be able to access?
If any red flags arise, teach staff about what to do next. They should
not delete the message, they should forward it to their IT department or
other relevant body. Confirming details of
requests with the alleged sender over the phone or in person is also an
excellent way of identifying socially engineered messages. To learn
more about cyber threats through email, read
our article 5 Ways Your Business Can Prevent Email Compromise.
What to do next
It’s 2018, and extensive information about ourselves and our businesses is online. It’s important to take every step possible to protect that information, and prevent malicious attackers from exploiting it. Dive deeper into the identification and protection of cyber threats by downloading our 24 page cyber security eBook.
For expert advice on how to improve your data security, contact the Over the Wire team today or complete the form below and one of our friendly team members will be in touch with you shortly.