Want to boost your cybersecurity? Here are 10 steps to improve your defences now

Ukraine was being hit by cyberattacks well before Russia launched its invasion. DDoS attacks and wiper malware were among the cyber threats that targeted Ukrainian government ministries, banks, media and other services, but there are also other examples from recent history.

Ukraine Crisis

Russia has been accused of being behind attacks that took down Ukrainian power grids in December 2015, and it's thought that the Russian military was also behind the widespread and disruptive NotPetya malware attack of June 2017. NotPetya was designed to target organisations in the Ukrainian financial, energy and government sectors, but the impact quickly spread to organisations around the world. 

SEE: Cybersecurity: Let's get tactical (ZDNet special report)

And as the conflict continues, firms far from that geography have been urged to check their security posture. As NCSC CEO Lindy Cameron commented just a few days ago, "Cyberattacks do not respect geographic boundaries", warning that these incidents have international consequences – intentional or not. 

The NCSC has urged organisations to take action to secure their networks. And there are steps that can be taken – some of which are relatively simple – that can increase resilience against cyberattacks. 

1. Apply patches and security updates 

Applying patches and security updates to operating systems and software is the best way to close vulnerabilities in networks. Many cyberattacks actively look to exploit unpatched software as an easy backdoor into networks. Devices and software with known security vulnerabilities should be patched immediately. 

2. Use strong passwords  

A common way for cyber attackers to breach networks is to simply guess usernames and passwords – particularly if the organisation uses cloud services such as Microsoft Office 365 or Google Workspace. Users should be urged not to use common, easy-to-guess passwords and instead use a password manager. Any devices on the network with default passwords should be changed. 

3. Use multi-factor authentication 

Multi-factor authentication (MFA) provides an additional barrier to cyberattacks and should be applied to all users. The benefit of multi-factor authentication is that, even if a username and password has been stolen or correctly guessed, it's still very difficult for attackers to access the account. If MFA is correctly configured, the user will be alerted to any attempts to log in to their account – and if they are alerted to an attempt to access an account and it wasn't them, they should be encouraged to report it to the information security team. 

4. Teach phishing awareness 

Many cyberattacks start with phishing emails and staff should be trained in how to identify some of the most common techniques cyber attackers use, as well as how to report phishing emails for further investigation. Some phishing attacks are more sophisticated and harder to identify, but even in those cases, if a user thinks they've fallen victim to a phishing attack, they should be encouraged to come forward – without repercussions – in order to help identify and detect the attack to remove the intruders and secure accounts. 

5. Use antivirus software and ensure that it works 

Antivirus software and firewalls can help to detect suspicious links, malware and other threats distributed by cyberattacks and they should be installed on every device. Like other software, it's important to confirm that antivirus software is up to date with the latest updates and that it's active and working correctly. 

6. Know your network

You can't defend your network if you don't know what's on it, so information security teams should actively be able to identify all devices and users on the network – as well as being able to detect potentially suspicious activity. If a device or user account is acting unusually by accessing files they don't need for their job or moving to parts of the network that are irrelevant to them, it could be an indication that their account has been compromised by cyber criminals attempting to plant malware. Keep logging activity for at least month, so older activity can be traced to identify how a breach happened. 

7. Backup your network – and regularly test backups 

Backups are a vital component to ensuring cyber resilience and they can play a big role in minimizing disruption in the event of a cyberattack, particularly ransomware or wiper malware. Backups should be made at regular intervals, a copy of the backups should be stored offline and they should be regularly tested to make sure they work. 

8. Be mindful of third-party access to your network and supply chains 

Managing IT networks can be complex and that sometimes requires organisations to bring in outside help, providing non-regular users with high-level access. Organisations should have a comprehensive grasp on what access outside users can have and be mindful of removing security controls. 

Any access that's no longer required should be removed. Organisations should also attempt to understand the security practices of businesses in their supply chain – it's possible that if one of those organisations is breached, their network could be used as a gateway to the larger target. 

9. Have an incident response plan 

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

Even if organisations have followed all of the relevant advice, they should still draw up a plan of how to react in the event of a cyberattack. For example, if the network is down, how will they communicate a response? Thinking about different scenarios, as plannning ahead and running training exercises can reduce the impact of a successful cyberattack. 

"Organisations should recognise the risk that cyber presents to their operations and ensure that they have strong cyber resilience and an ability to detect, respond and remediate threats, and make sure plans are in place to counter any disruptive attacks," says Stuart McKenzie, SVP of consulting at Mandiant. 

10. Brief the wider organisation about cyber threats 

It's the job of information security to know about cyberattacks and how to deal with them, but outside the cybersecurity team, it's unlikely to be common knowledge. Staff from the boardroom to the shopfloor should be aware of the importance of cybersecurity and be made aware of how to report suspected security events. In order for a business to be secure, it's crucial  everyone plays a part. 

MORE ON CYBERSECURITY

You May Like Also

  • iPhone SE 5G: Expect this
  • Best portable jump starters
  • Python courses: Learn to code
  • Top network-attached storage devices
  • Business Management Software
  • Business & Management
  • See all Home & Office
  • Office Hardware & Appliances
  • iPhone SE 5G: Expect this
  • Best portable jump starters
  • Python courses: Learn to code
  • Top network-attached storage devices
  • Business Management Software
  • Business & Management
  • Office Hardware & Appliances
  • See all Home & Office
  • that targeted Ukrainian government ministries, banks, media and other services
  • Microsoft suspends all new sales of products and services in Russia
  • Ukraine is building an 'IT army' of volunteers
  • Airbnbs are being booked in grassroots campaign to support Ukraine locals
  • ICANN rejects Ukraine's request to block Russia from the internet
  • Ukrainian cities hit with blackouts after attacks on energy infrastructure
  • Elon Musk warns to use Starlink 'with caution'
  • Ukraine calls for corporate support as Oracle suspends Russian operations
  • 10 steps to improve your defenses right now
  • took down Ukrainian power grids in December 2015
  • NCSC CEO Lindy Cameron commented
  • NCSC has urged organisations to take action to secure their networks
  • Applying patches and security updates to operating systems and software is the best way to close vulnerabilities in networks
  • cloud services such as Microsoft Office 365 or Google Workspace
  • use common, easy-to-guess passwords
  • Multi-factor authentication
  • The best antivirus software and apps
  • identify all devices and users on the network
  • it could be an indication that their account has been compromised by cyber criminals
  • Backups are a vital component to ensuring cyber resilience
  • understand the security practices of businesses in their supply chain
  • plannning ahead and running training exercises
  • Bosses are reluctant to spend money on cybersecurity. Then they get hacked
  • Ukraine crisis: Russian cyberattacks could affect organisations around the world, so take action now
  • Cybersecurity: Many managers just don't want to understand the risks
  • UK security centre urges companies to boost their defences after cyberattacks on Ukraine
  • CISA warns - upgrade your cybersecurity now to defend against "potential critical threats"
  • Ukraine is building an 'IT army' of volunteers, something that's never been tried before
  • Security researchers spot another form of wiper malware that was used against Ukraine's networks
  • Twitch to ban users who persistently share 'harmful misinformation'
  • Report: Ransomware attacks fall but new threats appear
  • Viasat says 'cyber event' is causing broadband outages across Europe
  • How to avoid being unwillingly drafted as a cyber combatant in the Russia-Ukraine war
  • Russia blocks access to Facebook
  • NVIDIA says employee credentials, proprietary information stolen during cyberattack
  • Flight tracker Flightradar24 crash caused by 'international interest' in Ukraine, Russia conflict
  • See All
  • See All