Simplified Cyber Attack Defence Checklist

The cyber threat landscape is always evolving. Organisations need to stay aware of these changes to ensure their key security measures work well during high-risk periods for a cyber attack. Although many smaller organisations incorrectly assume they are not targets for a cyber attack, all organisations, no matter their size, are vulnerable. SME’s in particular are often targeted for cyber attacks due to weaker security, valuable data, supply chain vulnerabilities, and a lack of employee awareness. By recognising and understanding the threats of a cyber attack and reacting to them, organisations can strengthen their defences, focus on key cybersecurity tasks, and ultimately reduce the risk and impact of a potential cyber attack.

Factors that influence threat levels

Several factors can contribute to an increased threat levels, these include;

  • Worsening geopolitical conditions
  • Extensive exploitation of known vulnerabilities
  • Advancement of cybercriminal capabilities
  • An overall increase in malicious cyber attacks.

Its essential for organisations to understand what actions they can take during a heightened threat to reduce vulnerabilities and the risk of a cyber attack.

The cyber vitals checklist produced by the NCSC to help organisations ensure their critical cyber controls are implemented and functioning properly. We have created a simplified version of this checklist to allow you to take actionable steps to improve your cyber attack defences.

Simplified Cyber Attack Defence Checklist

Access Control

  • Use multi-factor authentication (MFA) across the network. This is particularly important for for privileged accounts and remote access. Always use MFA for services with sensitive or private data.
  • Disable old accounts, especially privileged accounts. Check that you have implemented role-based access control (RBAC) and the principle of least privilege on all users/services.
  • Ensure all users have strong, complex passwords. Remind them that these passwords should be unique to your business systems and not used for personal accounts.
  • Check existing privileges for external contractors. Ensure the privilege is at the minimum level required, and update/remove where needed.

Network Defences

  • Properly segment your network. Verify that your firewall rules are current and effective in blocking unauthorised access and malicious content.
  • Confirm that you have anti-virus software installed and signatures are up-to-date. For larger organisations, consider using a more comprehensive endpoint detection and response (EDR) solution.
  • Check that all sensitive data is encrypted during both transfer and storage.
  • Confirm that your Intrusion Detection System (IDS) and/or Intrusion Protection System (IPS) are working well and that alerts are being monitored.
  • Implement Domain-based Message Authentication Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) to protected against fraudulent emails.

Vulnerability Management

  • Have a complete inventory of all assets, especially internet-facing applications.
  • Verify the date of your last vulnerability scan and ensure all hardware and software, especially edge devices, are updated with the latest security patches. Focus on patching known exploited vulnerabilities first.
  • If possible, turn on automatic updates.

Backups

  • Ensure your organisation backs up critical systems and data (like Active Directory) and that the backup process operates effectively.
  • Follow the 3-2-1 rule: keep 3 copies of your data on 2 different systems and 1 copy stored offline.
  • Verify the last time your organisation tested restoring from backup and ensure the test was successful.

Incident Response Plan

  • Ensure your incident response plan is up-to-date, detailing key actions, escalation paths, and contact information for external support, including the National Cyber Security Centre.
  • Check the last time this plan was reviewed and tested.
  • Make sure this incident response plan and its communication methods are accessible even when systems are down.

Monitoring and Logging

  • Review your logging and monitoring tools to ensure they provide adequate coverage and retention.
  • Confirm that critical logs, like those from antivirus software, are monitored and that alerts are addressed.

Raise Employee Awareness

  • Inform key staff in order to increase their awareness of any heightened threats.
  • Remind employees to report any suspicious activity they notice and how they can report it.
  • Distribute password policies throughout the organisation to encourage the use of strong passwords and enhance account security.
  • Ensure staff have received adequate security awareness training to recognise phishing emails and avoid visiting malicious websites or opening suspicious emails.

Remember!

If you are the victim of cybercrime, you should report it to your local Garda Station. You can also report cybersecurity incidents to the National Cyber Security Centre.

Need help with your cyber attack defences?

Our technology experts can help! Contact us today to schedule a chat.

To stay up-to-date with the latest tech news and solutions, subscribe to our newsletter.