The US National Counterintelligence and Security Center (NCSC) recently offered advice to individuals on protecting themselves from cyberattacks, and the UK’s National Cyber Security Centre (also NCSC!) has now done the same for businesses …
The advice the US NCSC offered to consumers was pretty basic, while that offered to businesses by the UK NCSC is a little more sophisticated.
It hints that there may be a heightened risk of cyberattacks at present.
The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation.
There may be times when the cyber threat to an organisation is greater than usual.
The NCSC provides an 11-point checklist:
- Check your system patching
- Verify access controls
- Ensure defenses are working
- Logging and monitoring
- Review your backups
- Incident plan
- Check your internet footprint
- Phishing response
- Third-party access
- NSC services
- Brief your wider organization
For each, it then expands these into additional bullets. For example, for Review your backups it says that businesses should:
- Confirm that your backups are running correctly. Perform test restorations from your backups to ensure that the restoration process is understood and familiar.
- Check that there is an offline copy of your backup and that it is always recent enough to be useful if an attack results in loss of data or system configuration.
- Ensure machine state and any critical external credentials (such as private keys, access tokens) are also backed up, not just data.
Many of these steps also make sense for more tech-savvy individuals, of course.
FTC: We use income earning auto affiliate links. More.