Lessons from Cyber Essentials – Going Back to the Basics

Thursday, October 11, 2018

Andrew Avanessian

760f8b3ac86e3ac286c6e0d4bdd9a039

Whether it’s phishing attacks or zero-day exploits, businesses are facing an increasing number of cyber threats every day. And when these attacks are successful, businesses can face both reputational and monetary consequences. In fact, a 2018 report from Ponemon found that businesses have to fork out an average of $3.9 million when hit by a data breach. However, there are some simple steps that organisations can follow to achieve cyber resilience and understanding the UK Government’s Cyber Essentials scheme is a great start. 

Launched in 2014, the scheme sets out five simple and effective cyber security measures that businesses of all sizes can implement to reinforce their defences against malicious attacks. Four years on, these measures are just as relevant as ever.

Configure and monitor firewalls to secure your internet connections

Any device that protects the network edge of your organisation, such as a router or firewall, needs to be configured and kept up to date. As key points of access to the wider network, these can be easy targets for hackers if their settings are not adjusted from their factory defaults. Having a trained member of IT staff that can approve and document inbound traffic allowed by network rules, and remove any that are no longer needed, is a simple way to better secure your internet connections. 

Ensure security for your devices and prevent automatic software installation

Most Windows-based devices and operating systems will have a minimum level of basic security measures built in as standard. However, as these default settings are altered or third-party software is installed, the risk of these devices being targeted by hackers increases as the potential attack surface broadens. Again, this can be prevented by implementing simple best practices across an organisation. 

This includes the disabling of guest accounts, removal of unnecessary admin rights, and ensuring that all accounts are secured by robust passwords. It’s also important to disable the Autoplay function on Windows Operating Systems to ensure that software on removable media isn’t authorised to be installed automatically. 

Adobe Flash, Acrobat Reader and Java are some of the most prolific third-party software packages that pose a threat to Windows devices. Wherever possible, Java should be removed and it’s essential that Adobe applications are updated with the latest releases. One way to minimise the risk that third-party applications pose is to implement application control to prevent users from installing potentially damaging third-party software. 

Finally, many Windows PCs connect to public WiFis or untrusted networks, outside of the protection of a corporate system. As such, an endpoint firewall should be enabled on each device, adhering to the same rules as those applied to network-edge security devices. 

Control who has access to data and services 

Of the five goals set out by Cyber Essentials, ensuring that administrative accounts are not used on devices with internet access can be the hardest to achieve. This is because admin rights are often required to perform certain tasks when running legacy applications. 

Businesses can circumvent this difficulty by using a third-party privilege solution which can remove administrative privileges without affecting a user’s experience. This can help ensure that logged-in users retain standard user privileges while affording necessary additional rights to applications and processes. 

The Cyber Essentials scheme also advises the creation of uniquely named accounts for each user, limiting administrative accounts to a small number of trusted employees, and forbids the sharing of administrative logins. New user accounts should also be approved and documented with a business case. 

Following these guidelines can provide your organisation with the high-levels of security needed to protect your most valuable data and applications, and help meet the requirements of the Cyber Essentials scheme. 

Guarding against malware

To protect against malware strikes, it’s important to have several layers of security in place – the most important measure being whitelisting. This is simply a method of preventing users from installing and running applications that may be compromised with malware. 

To implement whitelisting, an administrator is first required to create a list of applications trusted to run and operate on a corporate device. Any application that tries to run that is not approved will instantly be prevented from doing so. 

This is a particularly strong prevention technique as it can still work even if the malware avoids detection. Application whitelisting is relatively easy and quick for any organisation to implement and maintain – all the while ensuring that they are protected.

However, it is important to remember that application whitelisting, along with firewalls, can be rendered ineffective if antivirus software is misconfigured. Therefore, it’s essential that any device connected to a wider corporate network, is reinforced through malware protection software.

Keep your software patched

It may seem simple, but it’s worth remembering that updating devices regularly will go a long way towards safeguarding your business and important data – for example, whenever a new patch or update is released by a manufacturer or developer. To make this easier, operating systems, programmes, devices and apps should be set to automatically update. Again, Cyber Essentials provides clear guidance on this, requiring that operating systems and third-party software are updated within thirty days of a patch being released. In the case of security patched, these must be installed within a fortnight of their release. 

The Cyber Essentials scheme provides some of the easiest ways to achieve cyber resilience. IT leaders across all organisations should be working to weave in these steps into the fabric of their businesses, to ensure that their company can evolve and face an ever-growing pool of threats with confidence.

About the author: Andrew has been a fundamental part of the Avecto story since its inception in 2008. As COO, Andrew is responsible for Avecto's end-to-end customer journey, leading the global consultancy divisions of pre-sales, post sales and training, as well as customer success, support and IT.

Possibly Related Articles:
33087
Budgets Enterprise Security
malware cybersecurity cyberattack Cyber Protection Cyber Essentials
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.