Cyber Security 4 Small Business is a set of resources to help small business owners understand different cyber attacks in Australia today and how small businesses can defend their network in the most cost-effective way possible.
We believe that 95% of Cyber Security and Cyber Resilience can be achieved through good systems administration and good processes, without all the expense of engaging cyber security experts.
In this episode, we provide you a quick rundown of some of the questions most cyber insurance companies in Australia are asking on their Cyber Insurance Applications Forms. The questions that these insurance companies are asking are important for them to ask since they are the ones who are paying out every time there is a security breach. With their knowledge on keeping people secure, these cyber insurance companies have listed risk scenarios–in these questionnaires–that companies should be aware of, along with a few best practices organizations can follow to conduct their business in a safe and secure manner.
Some Online Risk Scenarios in Businesses Today
Here are the following risk scenarios, some cyber insurance companies in Australia identified, that you may be currently running in your business, that you should be aware of.
1. Running Systems on Admin Accounts on Unsafe Environments or Stations
Using Admin privilege accounts for everyday tasks is dangerous and puts the domain and everyone in it at risk.
A good way to lessen potential losses is to separate key groups to isolate the cyber-attacks only within that group.
2. Escalation of non-admin accounts to admin status for nefarious purposes
Through the use exploits, an attacker could compromise a normal user account by escalating themselves to admin-level status to do their dirty business.
A good way to protect such network infrastructure is by using an infranet. An infranet is a terminal that has privilege access within the domain but most importantly, disconnected from the internet.
3. You are running Microsoft 365 without MFA
Firms also ask if the business uses Microsoft 365. Since a lot of business email compromises came from Microsoft 365. Multi-factor authentication is a must when using Microsoft 365.
4. Your company does not have an effective patch deployment process
Most of the time, patches are rolled out on a schedule. However, some cases and incidents have the company put out an out-of-band patch which is distributed outside of the regular schedule to hopefully counter hacks such as zero-day hacks.
Insurance companies assess how fast your organization implements the necessary patches to mitigate vulnerabilities.
Good communication with the managed services provider is crucial depending on if the vulnerability is critical or not since patches could potentially throw a wrench in the works of other systems so proper implementation is a must.
5. You do not have an adequate response to the early stages of a cyber attack
The time it takes to isolate or effectively control an ongoing attack on a workstation is critical. Some of the applications that could help contain or prevent attacks often flags potential threats without taking any actions. So, remaining vigilant and constant monitoring is best.
Knowing common hacking practices such as attacks being carried out usually on Friday evenings due to it giving them 48 hours to rummage around the system for longer if undetected.
How to Protect Your Business Online Against Cyber Attacks
If you think your organization is running a few, or all, of the risk scenarios mentioned above, here are a few recommendations on how to keep your business safe and secure from online attacks.
1. Having MFA (Multi-factor Authentication) enabled on all possible applications and accounts
Whether or not the software your organization has supports multi-factor authentication.
Keyloggers, applications that take every keystroke and records it for use of the hacker would make short work for applications if they do not have MFA.
2. Ensure you have an effective RTO
Having a realistic and effective RTO (Restore Time Objective) is essential in getting back lost information or prevent further data loss.
Multiple factors could hamper the restoration process such as if the backup abroad which means it is affected by the internet speeds locally, AND remotely. Even the nodes the data takes which as well is well beyond reasonable grasp.
Some questions that are good to ask regarding RTO are:
● How long can you afford to be down?
● What are the processes that you are supporting that you will be restoring?
● How critical are they to the organization?
● Do you have an alternative way of doing it or can you fall back to a paper-based system?
3. Have Quarantine Servers for suspicious emails
Having quarantine servers that can potentially detect and catch harmful and suspicious emails is necessary to protect against such attacks that use that vector. Manage Protect is a good service that is highly recommended.
4. Regularly conduct simulated phishing attacks
Conducting regular simulations of phishing attacks is vital in the recognition of attempts made by hackers. It not only trains people to spot them easily and early, but also familiarize new people in the organization to what they would look like.
5. Monitor the performance and storage capacity issues on machines
Some hacks or malicious programs take up noticeable amounts of disk space or memory. Although some services alert users of this issue, being aware and alert of these changes is important
6. Run scheduled vulnerability scans
Running vulnerability scans can help you identify potential vulnerabilities in your network. Doing so allows for early detection of various intrusion attempts such as privilege escalations.
7. Conduct regular penetration tests
Penetration tests are controlled attacks against your organization’s systems to potentially highlight holes or other vulnerabilities that were left unchecked and to check the response of the company. They are usually carried out by cyber security firms.
8. Enable Remote Desktop Protocol
This protocol serves as a way for users to remotely control a computer over considerable distance. Although it is convenient, it also raises potential risks and intrusions. Hackers used to favor this method but have moved on to business email compromises via email services like Microsoft 365.
9. Use a VPN
VPNs (Virtual Private Networks) enable a much safer way of traversing the internet and a lot of VPNs have popped up over the years and are now very common.
10. Set up RDP Honeypots
RDP Honeypots are simulated remote desktops that attract attacks for logging purposes.
Most of the response work to an attack occurs before an actual attack takes place. So, preparation is vital. In order to keep your organization safe, it is important to regularly–and effectively–implement and develop appropriate safeguards to your systems. Some of these include:
● Having a decent firewall
● Activating MFA on all systems and accounts
● Keeping your applications and/or services regularly patched
If you have questions on how to keep your business safe online, you can reach out to us anytime. We can help organizations understand everything there is to know about cyber insurance companies in Australia: from the cost, the process and even up to setting up the necessary systems needed to protect your business online.
Cyber Security 4 Small Business is a set of resources to help small business owners understand different cyber attacks in Australia today and how small businesses can defend their network in the most cost-effective way possible.