1. Check your patching is up to date
Ensure servers, PCs, laptops and mobile devices are patched and up to date. This should include all applications. Utilise a patch management solution and turn on automatic updates where possible.
Web-facing services that remain unpatched can represent a very high risk and are likely to be targeted by attackers.
2. Check access controls and password policy
Make sure all users are using unique passwords which are not used on other, personal accounts. Ask users to check that their passwords are strong and get them to immediately change any which are not.
Password managers can maintain strong and unique passwords. If multi-factor authentication (MFA) is available, make sure it is enabled.
Review accounts that have privileged or administrative access and remove old, unused or unrecognised accounts.
3. Check your defences
Ensure antivirus software is installed on all PCs and laptops, and regularly check that it is active on all systems and that signatures are up to date.
Check firewall rules are as you would expect. In particular, check for temporary rules that may have been left in place beyond their expected use.
4. Check logging and monitoring
Review logs, check how logs are protected and how long they are retained - they should be held for a minimum of one month.
For the period of increased risk, consider increasing the frequency with which you check security logs on servers and network devices. A log management solution or SIEM can help.
5. Check your backup and recovery strategy
Confirm backups are running correctly and that you have a documented recovery plan. Check that a recovery test has been carried out recently so that you can be confident you will recover from a system loss.
6. Check your incident response plan
Review your incident response plan and check it is up to date. Double check that escalation plans and corresponding contact details are all correct.
Make sure it is clear who has the authority to make key decisions both during and outside of normal business hours if these individuals are different.
7. Check your internet connections
Check that records of your internet connections are up to date. This should include factors such as which IP addresses your systems use on the web and which domain names belong to your organisation.
Domain registration data should be held securely. Your domain registry account should have a strong password and MFA, if available.
8. Check you phishing response capability
Educating users on how to recognise likely phishing attempts and other forms of social engineering should be a part of your security awareness training plan.
Make sure that staff know how to report phishing emails and that you have a process in place to deal with any security incidents that are reported.
9. Check third party access
If you need to let third-party organisations have access to your systems, make sure you have a clear understanding of what level of privilege is extended into your systems, and who controls it.
During a time of increased cyber risk, you should be sure to remove any access that is no longer required.
Before allowing connection, you should review the security practices of the third parties in question. Supply chain attacks have been a rapidly increasing threat vector in recent times.
10. Check sources of threat intelligence
Staying up to date with relevant threats during a period of increased cyber risk is critical to avoiding and responding to security risks.
Comments