A Tutorial of Cyber Security Strategies: The 8 Essentials
What is Cyber Security?
When talked about cyber security, it always refers to as information technology security. Also, it may be referred to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. As of now, people and systems become increasingly interconnected, hence the quantity and value of online information have increased tremendously, so do efforts to exploit that information. In other words, cyberspace and the opportunities it offers, is under threat.
The cyber security strategies by the Australian Signals Directorate (ASD) in 2010 have soon become the reference for many IT professionals. Comprehensive and easy-to-understand, the guide has mapped out strategies to defense against cyber crime. The updated version in 2017, Strategies to Mitigate Cyber Security, has been viewed as “cyber security baseline for all organisations” with its eight essential cyber security strategies. Aimed to enhance cyber security, the eight essentials consist of strategies to prevent malware running, to recover data as well as to defense against cyber crime.
The Essential Cyber Security Strategies
1. Application Whitelisting
Application Whitelisting is one of the effective strategies in the Australian Signals Directorate’s (ASD) Strategies. Designed to prevent the execution and spread of malicious code, Application Whitelisting is a security approach that ensures only authorised applications (eg, programs, software libraries, scripts and installers) can be executed.
The mechanism of Application Whitelisting takes the opposite approach than traditional antivirus blacklisting approaches. It will deny the execution of any application that has not previously been explicitly approved as “not malicious” by default. The “default deny” approach can prevent attacks from malicious code that has never been seen before while the antivirus blacklist databases will not recognize the malicious code. As such, the strategy is particularly important for larger companies where it ensures the right, approved and trusted applications are installed in the company’s computer.
2. Patch Applications and 3. Operating Systems
Patch applications and operating systems are used to safeguard computer from virus and intrusion attacks. In this regard, regular patches and updates of software are vital to prevent network security breaches. In fact, system updates perform a myriad of tasks where these updates will deliver revisions to a computer or system, such as removing outdated features, adding new features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered. As such, many companies and organisations start to realize that software updates not only ensure the best performance from your computers but also protect you from cyber-attacks.
4. Restrict administrative privileges
Restricting administrative privileges is one of the top strategies in the ASD Strategies to Mitigate Cyber Security Incidents. As the name goes, restrict administrative privileges is an environment where administrative privileges are restricted and it is more stable, easier and predictable to administer and support. With the administrative privileges for operating systems and applications, users are granted permission to make significant changes to their configuration and operation, critical security settings and they are able to access sensitive information. In other words, only trusted IT administrators will have the administrator accounts for full access to information and systems. According to ASD, the admin accounts are like the kings of the kingdom, keeping the network and systems clean and secure.
5. Disabled Untrusted Microsoft Office macros
As of now, macro-based malware is on the rise and it is a frustrating experience for everyone, including companies and organisations. As the name goes, a macro virus is a virus that takes advantage of macros that run in Microsoft Office applications such as the Microsoft Word, PowerPoint or Excel. Many cyber criminals use it to send out the macro-infested file via email with the subject line that could deceive users or provokes them into opening the document. Consequently, a macro runs to execute whatever the task the criminal wants when user opens the document. The good news is, Microsoft has disabled the Macro functioning by default. With the default settings in Office to disable all macros with notification, no macro would run in the Microsoft Word until you allow it to run.
6. User Application Hardening
Hardening is defined as “rendering the material more strong and resistant“ in IT security. Hardening means to make a system, a network or an application more strong and resistant to external attack. According to ASD, Flash, Java and Web ads have been implicated in delivering malware. In fact, blocking browser access to Adobe Flash player, web ads and Java applets will safeguard computers and systems from malware attacks.
7. Multi-factor Authentication
Nowadays, passwords have become one important part of our life. However, passwords are the weakest link in our security because they might be inadequate to safeguard our systems from cyber-attacks, data breaches and fraud. As such, security with multi-factor authentication (MFA) like having more than one password for accounts, having additional login factors like a pin, security question, one-time passcode and so on will add another layer of security against the leading cause of data breach.
8. Daily back up of Important Data
Having a back-up plan, or duplicate copies, of your most important information is one of the essential strategies in cyber security. In other words, regularly back up data will ensure your important information are safe in case anything goes terribly wrong with your computer.
In this digital era, tech innovation has become a key criteria for businesses to grow, to boost its competitiveness as well as to allocate resources more effectively. However, this necessarily involves risk. The question is how can we protect our business from cyber-attack? One of the best protections is to implement plans and procedures. Moreover, the best way is to perform and implement the protection plans with the assistance from IT professionals. If you are serious about the cyber security of your company, IT Solution can help to increase and enhance the cyber security of your company. Talk to us and let’s work out the best protection plan for your business!