Beyond the Essential Eight: Extra Business Cyber Security Tips

In 2018, cyber security threats are moving faster than ever before. The Essential Eight (EE) is a shortlist of critical data security strategies developed by the Australian Signals Directorate (ASD) that informed our White Paper, 6 Steps to Improve your Business Cyber Security, but here are some additional mitigation tactics for your corporate defences.

1. Protect Your Website Content Management System (CMS)

Good data security means protecting every access point to your network – for many businesses, that means protecting their external-facing CMS.

A compromised CMS can lead to attackers accessing other protected areas of your website, installing malware or enabling remote access for third parties (like bitcoin mining tools), or perhaps even sabotaging your reputation by publishing unsavory content on your website. Even if your website contains no private information, such a breach indicates website frailty and can damage trust with consumers.

You can mitigate threats here by:

  • Using a managed CMS hosting platform, or work within the ASD’s certified list of cloud providers.
  • Continuously maintain and patch your CMS to avoid publicly available frailties. This includes scripting environments, third party applications and custom code.
  • Remove or disable unnecessary third-party plugins and detailed error messages that attackers can exploit.
  • Employ change management in CMS deployment and file integrity monitoring.

2. Perfect your policies on social media

Social media: the Wild West of data security. Beyond the immediate risk of employees posting sensitive information on social media, staff who clearly identify as working for your organisation can do reputational damage with even a seemingly benign personal post.

The ASD warns that isolated incidences of information posted on social media, no matter how disparate, can be accrued by attackers and used for manipulation, targeted social engineering campaigns or exerting undue influence on the poster.

To mitigate risks in the social media environment, your policies must be comprehensive. They should cover:

  • Whether staff can identify themselves as affiliated with the company on personal profiles.
  • Training and explicit guidelines on the use of corporate social media accounts.
  • When access to company social media accounts is given and revoked.
  • How to recover accounts should they be hijacked and when to alert management of a potential breach.
  • Password protocols – for example, to never have a browser remember account details.

Social media can be a minefield to navigate, as so much of your security in this arena relies on basic common sense. Be as explicit as you can in your policy about any potential threats, and you can go a long way to protecting your business.

3. Learn to identify socially-engineered messages

Social-engineering messages are a critical part of spear-phishing campaigns, which the Australian Cyber Security Centre identified as a common threat to Australian corporates. The more education you can provide to staff on identifying these emails, the better-prepared your organisation will be in the future.

Most of the time, this can be straightforward. Teach staff to ask the following whenever they receive an email regarding sensitive information:

  • Is the sender recognisable, and is their email address spelled correctly?
  • Are they asking you to open a suspicious attachment or link?
  • Are they requesting sensitive information or the transfer of funds?
  • Is there a request for a specific activity (like enabling Microsoft Office macros)?
  • Is the sender asking for information that they should not usually be able to access?

If any red flags arise, teach staff about what to do next. They should not delete the message, they should forward it to their IT department or other relevant body. Confirming details of requests with the alleged sender over the phone or in person is also an excellent way of identifying socially engineered messages. To learn more about cyber threats through email, read our article 5 Ways Your Business Can Prevent Email Compromise.

What to do next

It’s 2018, and extensive information about ourselves and our businesses is online. It’s important to take every step possible to protect that information, and prevent malicious attackers from exploiting it. Dive deeper into the identification and protection of cyber threats by downloading our 24 page cyber security eBook.

For expert advice on how to improve your data security, contact the Over the Wire team today or complete the form below and one of our friendly team members will be in touch with you shortly.

Contact Us

You can reach us by phone on 1300 689 689, or mail our sales team using the form below. For other enquiries, reach out to us here.