This increased vulnerability means large and small plumbing businesses are now turning to cyber security strategies to strengthen their data, their finances and ultimately, their livelihoods.
In a PwC survey of more than 3000 technology and business executives, 96 per cent said they would adjust their cyber security strategy due to COVID-19 and half are more likely now to consider cyber security in every business decision.
One strategy businesses can consider is the Australian Cyber Security Centre’s Essential Eight - a list of eight essential mitigation steps businesses can adapt to stave off cyber security incidents.
In a recent webinar, Peter Fraser, sales engineer at WatchGuard Technologies, outlined the risks presented by remote working and how the Essential Eight is designed to help.
“The landscape has changed rapidly, so with COVID-19 and what that’s forced us to do from an IT perspective, your business operations have needed to change and adjust accordingly as we work from home,” he said.
“We now have these landscapes where we talk about the attack surface and the attack surface has increased - we’ve got devices everywhere, we’ve got home routers that may or may not be up to scratch when it comes to security, we’ve got businesses opening entry points and it’s ultimately led to this concept of zero trust.
“Zero trust is the new way in the cyber security industry we’re starting to talk about building these networks in that everyone must establish who they are, where they’re coming from and why they are needing access to certain pieces of network before that data is released.
“We’re dealing with organisations overseas that are trying to disrupt our businesses. So the Essential Eight’s charter is to protect you, your families and your business and make Australia the safest place to connect online.”
The Essential Eight, explained below, aims to prevent malware (malicious software), cyber security incidents and make it easier to recover data and system availability.
- Application control This is basically keeping a closer eye on the apps running on your networks. Ensure only applications approved by a business or administrator are allowed to run.
- Patch applications Update your software to prevent bugs in code, which can be manipulated to gain entry or deliver an attack to a network.
- Configure Microsoft Office macro settings to block macros from the internet Block macros, which are applications with an office document, from the internet. Fraser advises only allowing screened macros either in trusted locations with limited write access or digitally signed with a trusted certificate.
- User application hardening Configure web browsers to block Flash, or ideally uninstall it, along with ads and Java on the internet. Disable unneeded features in Microsoft office, web browsers and PDF viewers to prevent against dodgy code that may leave your business exposed.
- Restrict administrative privileges This is an easy step many businesses are likely to already have in place. Know who is an administrator to your network and restrict the number of administrators. Regularly revalidate the need for privileges.
- Patch operating systems Whether your business runs Apple, Microsoft or Linux, it’s vital to ensure your operating system is up to date. “Make sure when you get those pesky update notifications for windows that you do update because they do contain security fixes,” Fraser said. “If they find a security issue, a security vulnerability or buggy code, they can be used to compromise your system, so you keep it up to date. It’s very important to patch your operating system.”
- Multi-factor authentication It’s likely you’re familiar with multi-factor authentication through the use of cloud-based email or banking systems. In addition to one piece of evidence to gain access to a website or application, such as a password, you are asked for two or more and this could be a phone number or answer to a personal question.
“Multi-factor authentication can’t be understated,” Fraser said.
“If you’re not currently exploring the roll out or already have the multifactor authentication, you are leaving your business open to an unacceptable risk. Multi-factor authentication is the biggest security thing you can have in my opinion to protect people walking through the front door and making attacks easy.”
- Daily backups Another easy step most businesses are performing daily. However, for many busy business owners, they can put this to the wayside. Daily backups can guard against the loss of a company’s digital assets including the loss of private information.
In addition to daily backups, businesses need to regularly test the backups are working. It may seem overwhelming, but developing your cyber security strategy can be broken down into simple steps your business can come to grips with over time.
It may be a 12-month strategy your business tackles on its own or with the help of a third party. Either way, securing your business against cyber-attacks can no longer be ignored.
For more information on the Essential Eight and how to implement it, visit www.cyber.gov.au/acsc/view-all-content/essential-eight
