Is Russia a threat to your business?
March 1st 2022
By Matthew Phillips
All we can feel for the Ukrainian people is sorrow and compassion with Putin invading his neighbour and destroying anything that gets in his way. We in the UK are lucky to be far away from the conflict, but with the internet connecting people around the world with near instant efficiency, how far away are we actually?
We all need to tighten our security.
There is no comparison between what we face in the UK and those of the innocent people having to fight for their country, or having to watch their fathers, sons and husbands take up arms to protect what they love. However, we need to be vigilant. Now is the time to check our doors are locked and our alarms are set.
Russia’s invasion of the Ukraine will, according to the NCSC (National Cyber Security Centre), increase the risk of cyber attacks in the UK and they are advising that we all strengthen our defences. In their article “Actions to take when the cyber threat is heightened” they give a list of simple actions to take.
These are some actions you can take now.
- Check updates – Patching of all desktops, laptops and mobile devices including installed applications and software. Any software that is not supported and updated by the developer should be removed from your devices.
- Verify user account controls – Ensure nobody is using an administrator account or an account with administrator privileges for their day-to-day business tasks. Check people are using complex and unique passwords and ensure there are no legacy admins (including old tech companies) who have access to your systems or data.
- Check your defences – Make sure your antivirus and firewalls are enabled, licenced and updated. Check for and remove any old rules or exceptions that are no longer required.
- Check your backups – We all have backups, but how often do you check them? Look at your backups and ensure you are covering all data sets that are needed, then test those backups. Make sure there is an airgap between your data and the backup, don’t store your backup on a device connected to your server or rely on the Office 365 retention policy alone.
- Check your partners – If other organisations have access to your systems, ensure you know who it is and why they have it. Remove any accounts that are no longer needed. Even if you trust your ex-employee, Bob, not to launch a cyber-attack on you, His account may be compromised and the details could be available to others.
- Enable MFA – Turn on Multi Factor Authentication on anything you can, we mentioned it in a previous blog and its so easy to do. I can not emphasise how much MFA can increase your safety. Think of it like deadlocking your doors when you are away from the house.
- Educate your staff – There are systems that you can purchase that will automate training and simulations, that test your staff’s knowledge and awareness. If you do nothing else, at least have a conversation around the risks. The “Take Five” guidance of Stop – Challenge – Protect is a really good starting point.
If you are concerned about your security and need any help or advice then please contact me here.
The cyberthreats to our businesses in the UK are serious, but the opportunity to reduce the risk is now. Our thoughts and prayers are with those in the Ukraine who had no option.