Nexon Asia Pacific resident Cyber Security Specialist Dan Weis has put together this cyber security checklist for businesses and individuals in light of the recent cyber-attacks against the Australian government.
Prime Minister Scott Morrison announced to the nation that a large cyber-attack has been underway by a “sophisticated state-based cyber actor” and that they have been targeting a range of sectors including political organisations, education, health, government and essential services. This State Sponsored group has been using links to fake websites and malicious files as well as email tracking services as reported by the PM. By all means, this is nothing new, we constantly see attacks from State Sponsored threat actors and Cyber Criminal Gangs based in China, Russia and North Korea, (amongst others) regularly attacking internet facing services of our customers and pretty much any service that faces the internet. The sophistication of the attacks under way looks to be very similar to those used by other State-Sponsored threat actors.
Ransomware this year has been off the charts, we’ve had countless large scale data breaches and ransomware attacks taking out companies such as toll, Honda and Lion to name a few.
Even earlier this year Scott Morrison announced interference from foreign governments against the nation’s political parties with a large number of attacks in other countries meddling or interfering with elections, such as using disinformation campaigns.
We are hopeful these recent events help to bring cyber security to the forefront of business and people’s minds. It seems that almost daily we are assisting organisations who have suffered a data breach or Ransomware attack. These attacks are not going to stop anytime soon, and now more than ever, its important that your organisation, and of course, you as individuals, have done your due diligence and have put in place all the security measures you can to not become the next headline or the latest victim of cybercrime.
Business checklist
Firstly, you want to make sure that you have sufficiently budgeted for cybersecurity. Make sure you have allocated the funds, the staff/resources and the skills needed.
Secondly, you want to take a layered approach to protecting your organisation. Taking this approach means that if one layer fails, the next layer of protection should have you covered.
Your I.T. department needs to be sure they have in place the following:
- Suitable Backups and Recovery Plans
- Advanced Firewalls with web filtering and IPS Protection (what we call UTM capabilities)
- Enhanced email filtering such as APT, Proofpoint etc.
- Endpoint Protection (EDR) and Whitelisting, Locking down of workstations
- MFA (multifactor authentication) everywhere
- Cloud Security measures adopted such as Conditional Access, DLP, password filters, MFA etc.
- Detection and Response, is a SIEM in use and/or SOC/SOAR services to detect and allow you to quickly respond to attacks? Monitoring is a massive issue for most organisation’s I deal with, they just don’t know when they have been hacked, or they find out too late.
- Locking Down the environment, both network and infrastructure/assets
- If you use a MSP – how are they protecting your network? They should be able to provide a statement on all of the security measures in place and your security roadmap.
Moreover, you need to further your organisation’s security posture by asking the following:
Do you have an incident Response policy/process in place?
These days its not a matter of if, but when, which means its crucial you have incident response plan in place and that the plan is regularly tested through cyber-attack simulations. Your plan should encompass who are the SIRT team, responsibilities, how Legal, PR, IR firms, third parties and mandatory breach reporting is handled, and of course processes for maintaining evidence and collection during a breach.
Are you prepared for Mandatory Breach Reporting?
We’re all pretty comfortable now with the process and the Notifiable Data Breach Scheme and reporting to the OAIC, but if not, you can find the info here:
Are you cyber resilient? Can you quickly bounce back from a breach?
Now, more than ever before, organizations need to be what we call ‘cyber resilient’. This means having the processes, systems and technology in place to quickly bounce back from a cyber event. This could be how fast you you can restore your systems if hit by ransomware, how fast you kick your IR plan into play and how fast you can pull the noose on an attacker and bring the business back to normal operations.
Staff Awareness Training and Phishing
An absolute must is regular staff awareness, training and phishing. A lot of employers are hesitant to phish their staff, but its the best way to ensure that phishing is at the forefront of people’s minds. The awareness training should be engaging and it should educate your users on protecting the business as well as their personal devices.
Have you had a Penetration Test (Pentest) Performed?
Assurance, that’s what we all want. We want to ensure that the systems we have in place, our defenses, our people, our processes are as strong as they can be to minimise and reduce the effects from a cyberattack. The best way to accomplish this is through Penetration Testing. A pentest is where your users, systems, defenses and overall security posture are assessed using the same TTP’s (Tactics, techniques and Procedures) used by malicious attackers to breach networks. The pentest will provide you with all of the risks, threats, vulnerabilities and overall security profile your organisation and recommendations to improve your security posture.
Cyber Insurance Coverage
You should also ensure you have some cyber insurance coverage in place. Typically companies think that their $1 Million management liability cover will cover them for cyber, but typically this is not the case and/or there are lots of caveats, but mainly the amount provided is insufficient. Your best bet is to take out a dedicated Cyber Insurance Policy to assist you with the funds and services required to call on specialists in the event of a cyber attack.
Cyber Security as an Individual – As an individual you are responsible for not only protecting your organisation, but also your own cyber safety and that of your family.
Here’s your checklist:
Have you enabled MFA on all your online accounts?
MFA (or Multi-Factor Authentication) is the concept of something that you know (your password) and something that you have, such as a PIN code, SMS, token etc. Its the best way to mitigate password attacks and should be applied to all of your accounts. Some good products include Microsoft Authenticator & Google Authenticator. Most online services such as Facebook, LinkedIn, Google etc. all have documented guides on enabling this, its typically found within your account settings.
Do you have Endpoint Protection (Antivirus) on all computers and mobile devices?
You should be treating your phone like a computer, it requires endpoint protection as does all the devices in your home. Windows Defender does a good job, but for an extra layer of protection, go with a product like Bitdefender which can be installed on any device.
Are you using different passwords across your accounts and a password manager?
You should be making sure you use different passwords across all of your accounts and using a password manager. A password manager is an app you use to store all of your passwords so that you only need to remember one master password, it automatically fills in your websites and apps automatically and will generate complex passwords. A great product I recommend is LastPass, but there are other good products out there like 1Password. Whichever product you use, just make sure you turn on MFA! When it comes to passwords, generate complex passwords using the password manager and for the passwords you need to remember like your master password, use length over complexity, you can use spaces or a sentence, but when it comes to passwords make sure its nothing identifiable to you, like family names, dog names, days of the week, months of the year, seasons etc.
Are you thinking before you click?
Next up please make sure you take a breath and think before clicking that link in an email. If it doesn’t seem legit, it probably isn’t, and always verify who the email is coming from, if its from ANZ asking for some details, call them and confirm, or Paypal etc.
Are you protecting your kids’ devices? Have you had the cyber safety talk with them?
Are you monitoring your kids devices and imposing device limits? You should utilise a product like Qustudio or NetNanny to monitor and apply limits to the devices in use by your kids. You also need to have the cyber safety talk with them if you haven’t already. There are some great resources available from the E-Safety commissioner here: but they should be aware of what to and what to not place online, what cyber bullying is all about, grooming etc.
Be aware of scams.
You should leverage sites like scamwatch, Staysmartonline, cyber.gov.au and the E-Safety Commissioner to stay abreast of the latest scams and attacks targeting Australians.
Know what to do if your identity is stolen or accounts hacked.
If you are hacked or your identity stolen, don’t panic but reach out to IDCare. They are an awesome government funded service whose job is basically to help people who have been hacked, scammed or had their identities stolen, they do some fantastic work. You should also keep a close eye on your accounts for any suspicious activities and be shredding all mail correspondence.
Backing up your important Data
Its important that you are backing up your important data to the cloud. Most providers like OneDrive, Google and Dropbox provide free tiers for storage, or you could leverage a service like JustCloud. You want to ensure that your photos, videos and other important data is backed up in the cloud, so that way if your device is stolen/lost or hit by Ransomware, that you can still recover your data.
Think before you post and limit your Social Media visibility
Always be cautious of the information you are posting online and never post any sensitive information or what we call Personally Identifiable Information (PII), such as your address, date of birth, phone number etc. Even posting to Facebook while on holiday can alert would be thieves that you are not at home. You should restrict your visibility to only friends or connections and keep your profiles limited to these people, never post to ‘everyone’ when it comes to Social Media platforms unless you are sharing relevant business information for example. Remember, anything you put online is there forever!
Avoiding Public/Open WiFi and charging stations and use a VPN.
A common one, but avoid free, open or public WiFi (unless you are using a VPN) and avoid those built in charging stations at the airports or restaurants. If your phone is one one of those that runs out in a few hours, buy and take your own battery with you. A good VPN solution for protecting yourself online is NordVPN
For more information on Nexon’s Cyber Security services, visit our webpage here