8 cybersecurity strategies to protect you and your business
Cybercrime is on the rise, and accounting cybersecurity is a concern across the profession, globally.
Cyber breach cases at large companies like Target and Sony Pictures, GPS Hijacking and Zero Days have led to massive costs and reputational damage. The risks are no different for accounting firms. The only question is, how best do you protect your business?
Join Keren Elazari, former hacker-turned-cybersecurity expert, on 8 November in the WCOA 2018 session titled Protecting against cybercrime – data and digital currencies risk. Find out about the major global trends in security, and learn practical ideas to prevent cyber attacks.
When the Australian Signals Directorate (ASD) published its first cybersecurity strategy guide in 2010, it became a reference for many information security professionals around the world. In a recent update, Strategies to Mitigate Cyber Security Incidents, the ASD outlined eight essentials that should be taken as the “cybersecurity baseline for all organisations”.
These protocols aim to prevent malware running, limit the extent of cybercrime incidents and recover data. It’s useful advice for those concerned with accounting cybersecurity
1. Application whitelisting
“A whitelist only allows selected software applications to run on computers. All other software applications are stopped, including malware,” the ASD explained.
This strategy is particularly important for larger organisations to ensure that IT teams install only approved and trusted applications.
It might be overkill for very small businesses, but if you don’t adopt whitelisting, it becomes even more critical to adhere to the fourth strategy – restricting administrative privileges to prevent unauthorised software from running.
2. Patch operating systems
“Adversaries will use known security vulnerabilities to target computers,” said the ASD. This is why individuals should always install OS updates when prompted, or automatically if the software offers this feature.
3. Patch applications
For organisations, this is a bit more involved. The second and third strategies require setting up IT processes that ensure operating systems and applications on all computers are updated in a systematic and timely manner.
4. Restrict administrative privileges
“Administrator privileges … should be restricted to only those that need them,” advised the ASD. This means that in Windows, for example, only trusted IT administrators should have administrator accounts; everyone else should have standard accounts, which have restrictions such as not being able to install or run new programs.
As the ASD observed: “Admin accounts are the ‘keys to the kingdom’ [and] adversaries use these accounts for full access to information and systems.”
5. Disable untrusted Microsoft Office macros
Microsoft Office macros are “increasingly being used to enable the download of malware,” according to the guide. So macros should be “secured or disabled” by configuring Office settings to “block macros from the internet, and only allow vetted macros.”
6. User application hardening
“Flash, Java and web ads have long been popular ways to deliver malware to infect computers,” the guide explains. Still, it’s interesting that the ASD said it’s essential to “block web browser access to Adobe Flash player (uninstall if possible), web advertisements and untrusted Java code on the internet.”
7. Multi-factor authentication
This means having more than a password for accounts, particularly when accessing important data or performing privileged actions, such as system administration. Additional log-in factors can include a passphrase or PIN; a physical token or software certificate; and/or biometric data such as a fingerprint scan.
8. Daily back-up of important data
Somewhat surprisingly, this wasn’t one of the original essentials, but it is now, possibly due to the rise of ransomware – a malicious software that blocks access to your computer system until a ransom is paid.
The ASD stressed the importance of securely storing daily back-ups “offline or otherwise disconnected from computers” because ransomware and other malware can “encrypt, corrupt or delete back-ups that are easily accessible”.
A security information and event management (SIEM) solution such as Splunk may not be essential, but it’s highly recommended by the ASD for “continuous incident detection and response”. A daily back-up is essential, but to mitigate against ransomware a back-up must be to a location that can be disconnected from the network.
Read the full article: 8 cybersecurity strategies to protect you and your business