Prime Minister Scott Morrison and his government are so concerned about the rise in the volume of Cyber-attacks that a specific press conference was held on Friday June 20th declaring Australia under attack.
This is warning Australian businesses to be proactive in defending themselves against a potential attack.
The Australian Cyber Security Centre (www.cyber.gov.au) (ACSC) has identified that the threat actor is utilising various spearphishing techniques. These have taken the form of:
- links to credential harvesting websites
- emails with links to malicious files, or with the malicious file directly attached
- links prompting users to grant Office 365 OAuth tokens to the actor
- use of email tracking services to identify the email opening and lure click-through events.
Given the uptake of Office 365 by Australian businesses due to the majority of the workforce currently working from home, it is more important than ever to be talking with your local Computer Troubleshooter. This will ensure you are doing everything within your power to minimise the risk of an attack and disruption to your business.
The best form of defence against cyber-attack is to use a layered approach which means more than just having endpoint protection on your devices. Even with just Endpoint protection, too many employees and businesses do not have the latest viruses’ definitions or the latest software patches issued by the vendor.
The Computer Troubleshooters protection/managed service plans are designed to enable a business to minimise the risk and to have the confidence that all the basic mitigation strategies are deployed in your business.
No single mitigation strategy can prevent cyber-attack incidents. The Australian Cyber Security Centre located within the Australian Signals Directorate has developed eight mitigation strategies that are considered as the baseline -essential for all organisations to protect themselves against cyber incidents. Collectively this is known as the Essential Eight framework.
Given the current threat environment the following detection and mitigation strategies are highly recommended by the ACSC.
Prompt patching of internet-facing software, operating systems, and devices
This means all businesses should ensure that security patches or mitigations are applied to internet facing infrastructure immediately. If you are not sure what this means then talk to your local Computer Troubleshooter by calling 1300 28 28 78.
This includes ensuring all software and operating systems are using the latest versions. A CT Business protection/managed services plan includes the automatic patching of all your systems.
Use of multi-factor authentication across all remote access services
Are you using web and cloud-based email applications (Office 365, Xero accounting), collaboration platforms (Teams) a virtual private network connection or Remote desktop services? Then you should have Multi-factor authentication implemented. This gives you a much higher degree of security against fraudulent access to your systems.
What other of the essential eight strategies need to be implemented?
- Application control. Ensure that all executable files are restricted from being able to run. This includes ensuring this restriction applies to all servers and any workstation devices.
- Configure Microsoft 365 macro settings. Ensuring that only Microsoft office macros are allowed to deploy after the user is prompted for approval, that no security settings can be modified by a user, and that macros in documents sourced from the internet are blocked.
- User application hardening. Ensuring that web browsers are set up to block or disable support for content that uses Flash. Ensuring that web browsers are configured to block java from the internet and also to block web advertisements.
- Restrict administrative privileges. Ensuring that access to systems, applications and data repositories are validated when first requested by a privileged user. Broader Policy security controls are used to prevent privileged users from reading emails, browsing the web, and obtaining files via online services. This will include continued revalidation of users’ access at regular intervals as set by a system policy.
- Daily backups. Ensure that information, software, and configuration settings are backed up monthly at a minimum .. Make sure that that all backups are stored for a nominated period of time between a month and three months, using multiple backups – both physical and cloud. Backups to be preserved in a non-rewritable and non-erasable manner, and restoration tested annually at the very least (though preferably on a more frequent basis). Tests to be conducted both in part and full.
Remove the stress! Be confident you have it covered.
No matter what the size of your business is, no business is safe from cyber-attack unless you are proactively managing your risk in an ongoing manner. This is not something that you can ignore – it is a moving beast and your business needs to manage the risk. If you don’t have a dedicated IT department or an ongoing support department then you need to find out more about how your local Computer Troubleshooter can help. A Computer Troubleshooter will assess your risk and develop proactive managed plans of protection with you. Sleep comfortably at night knowing your business is in safe hands. Call 1300 28 28 78 or visit our website at computertroubleshooters.com.au