Call 01992 466877
Tips to minimise the risk of cyber attack

Tips to minimise the risk of cyber attack

The threat of cyber attacks has never been higher. Here are some practical steps you can take to reduce the risk to your business.

Balancing cyber risk and defence

The threat an organisation faces may vary over time. At any point, there is a need to strike a balance between the current threat, the measures needed to defend against it, the implications and cost of those defences and the overall risk this presents to the organisation.

There may be times when the cyber threat to an organisation is greater than usual. Moving to heightened alert can:

  • help prioritise necessary cyber security work
  • offer a temporary boost to defences
  • give organisations the best chance of preventing a cyber attack when it may be more likely, and recovering quickly if it happens

This guidance explains in what circumstances the cyber threat might change, and outlines the steps an organisation can take in response to a heightened cyber threat.

Factors affecting an organisation’s cyber risk

An organisation’s view of its cyber risk might change if new information emerges that the threat has heightened. This might be because of a temporary uplift in adversary capability, if for example there is a zero-day vulnerability in a widely used service that capable threat actors are actively exploiting. Or it could be more specific to a particular organisation, sector or even country, resulting from hacktivism or geopolitical tensions.

These diverse factors mean that organisations of all sizes must take steps to ensure they can respond to these events. It is rare for an organisation to be able to influence the threat level, so actions usually focus on reducing your vulnerability to attack in the first place and reducing the impact of a successful attack. Even the most sophisticated and determined attacker will use known vulnerabilities, misconfigurations or credential attacks (such as password spraying, attempting use of breached passwords or authentication token reuse) if they can. Removing their ability to use these techniques can reduce the cyber risk to your organisation.

Actions to take

The most important thing for organisations of all sizes is to make sure that the fundamentals of cyber security are in place to protect their devices, networks and systems. The actions below are about ensuring that basic cyber hygiene controls are in place and functioning correctly. This is important under all circumstances but critical during periods of heightened cyber threat.

An organisation is unlikely to be able to make widespread system changes quickly in response to a change in threat, but organisations should make every effort to implement these actions as a priority.

Check your system patching

  • Ensure your users’ desktops, laptops and mobile devices are all patched, including third party software such as browsers and office productivity suites. If possible, turn on automatic updates.
  • Check to make sure firmware on your organisation’s devices is also patched. Sometimes this is implemented in a different way to updating software.
  • Ensure your internet-facing services are patched for known security vulnerabilities. Internet-facing services with unpatched security vulnerabilities are an unmanageable risk.
  • Ensure, where possible, that your key business systems are all patched. Where there are unpatched vulnerabilities, ensure that other mitigations are in place.
  • Also review existing business cases for known unpatched systems in view of the heightened threat.

Verify access controls

  • Ask staff to ensure that their passwords are unique to your business systems and are not shared across other, non-business systems. Make sure passwords for your systems are strong and unique and that any which are not are changed immediately. See our guidance on what makes a good password.
  • Review user accounts and remove any old or unused accounts. If you have multi-factor authentication (MFA) enabled, check it is properly configured. Make sure it is enabled on systems and user accounts according to your policies.
  • Carefully review any accounts that have privileged or administrative access and remove old, unused or unrecognised accounts. Ensure that accounts that have privileged access or other rights are carefully managed and, where possible, use MFA. Privilege can refer to system administration, but also to access to sensitive resources or information, so ensure resources are also adequately protected.
  • Consider your overall system administration architecture to better understand your risk in this area.

Ensure defences are working

  • Ensure antivirus software is installed and regularly confirm that it is active on all systems and that signatures are updating correctly.
  • Check your firewall rules are as expected – specifically check for temporary rules that may have been left in place beyond their expected lifetime.
  • Ensure secure configuration of common desktops, laptops and mobile devices.

Logging and monitoring

  • Understand what logging you have in place, where logs are stored and for how long logs are retained.
  • Monitor key logs and at a minimum monitor antivirus logs. If possible, ensure that your logs are kept for at least one month.

Review your backups

  • Confirm that your backups are running correctly. Perform test restorations from your backups to ensure that the restoration process is understood and familiar.
  • Check that there is an offline copy of your backup – and that it is always recent enough to be useful if an attack results in loss of data or system configuration.
  • Ensure machine state and any critical external credentials (such as private keys, access tokens) are also backed up, not just data.

Phishing response

  • Ensure that staff know how to report phishing emails. Ensure you have a process in place to deal with any reported phishing emails.

Third party access

  • If third party organisations have access to your IT networks or estate, make sure you have a comprehensive understanding of what level of privilege is extended into your systems, and to whom.
  • Remove any access that is no longer required.
  • Ensure you understand the security practices of your third parties.

Should your business carry out all these actions?

In most cases, large organisations should carry out all the actions outlined above, to ensure that the most fundamental security measures are in place.

For small businesses, or those with limited resources, focus on as many of the actions as you can and if necessary source third party assistance from your IT company. Or if you need some help, contact us and we’d be happy to advise further.

The more action you take, the lower the risk to your business. However no technology service or system is entirely risk free and mature organisations take balanced and informed risk-based decisions.

When the threat is heightened, organisations should revisit any decisions made and validate whether the organisation is willing to continue to tolerate those risks or whether it is better to take further steps to protect the business.

Thanks to NCSC for these tips to minimise the risk of cyber attack - a great source of cybersecurity advice from the Government at ncsc.gov.uk. Crown Copyright, content reproduced under license

Did you like this article?

Please help to share it on social media

LinkedIn
Facebook
Twitter
Email
WhatsApp
Picture of Jeremy Tilson

Jeremy Tilson

More articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for further information?

Here’s some related content from our knowledge hub that you may find useful

What is cloud technology?

What is Cloud Technology?

If you’ve ever wondered, “What is cloud technology?” you’re not alone. It’s a term that gets used a lot in business and everyday life, but it can feel like one of those techy concepts that’s hard to pin down.

Don’t worry – we’re here to break it down into plain English and show you how cloud technology can make life easier for your business.

Read More
Boost Your Content Creation Using AI Copywriting Tools

Boost Your Content Creation Using AI Copywriting Tools

Creating engaging and high-quality content consistently can be a challenge for many businesses and individuals. Fortunately, generative AI tools such as ChatGPT, Google Gemini and Microsoft Copilot have emerged as powerful solutions to streamline the content creation process.

Read More
Best practices for Outlook mailbox size

Best practices for Outlook mailbox size

Efficient email management is crucial for maintaining productivity. A large, unorganised Outlook mailbox can significantly hinder workflow and potentially lead to data loss. To ensure optimal performance and avoid these issues, it is essential to implement effective strategies for managing mailbox size.

Read More
Steps after a data breach

Steps after a data breach

A data breach can feel like a devastating blow. It’s a breach of trust, a loss of control, and a potential Pandora’s Box of problems. But knowledge is power. Understanding what a data breach is, and more importantly, knowing the crucial steps to take in its aftermath, can equip you to navigate this turbulent situation and emerge stronger on the other side.

Read More

What our customers say about us

I appreciate your responsiveness

Whenever we have had a serious IT issue I have always (for many years) been able to rely on you to understand the issue, to react promptly and get us back working quickly. Resolution to issues like this are crucial to our business and I appreciate your responsiveness.

Tony Meyer
Director

Friendly and very helpful

As always AlphaFirst find a fast and effective way of getting my PC back up and running with minimum fuss. The Alpha team are always friendly and very helpful.

John Branch
MTEC Fine Art

Friendly, knowledgeable and quick to respond

I am a small business owner in Broxbourne and have been using Alphafirst to support my IT for over 5 years. They are friendly, knowledgeable and quick to respond and are keeping my systems future proof and running smoothly. I would recommend them to anyone.

Tim Pedlar
Hopkins Falshaw

Honest, friendly & reliable, highly recommend!

Christine Burke
Christine Lynne Burke Photography

Transformational to the business

Your bespoke software for Claim and Collect really was transformational to the business so thank you again for that. Will  certainly be in touch should we need similar again.

Ben Ross
High Oak Business Centres

Very patient

Leslie and Nick are always pleasant to deal with when any unexpected IT problems pop up. They have been very patient during our office upgrade this year!

Kat Kizzle
Ware Priory

Innovative and cost effective

Reliable, personable, flexible, innovative, accurate and cost effective – what more could you ask for?

Michael Shane
CEO

Very happy

Our request was handled very quickly and easily so very happy with the service provided!

Matt Bourn
Energy Facilities

All was good

Prompt delivery and set up as usual.

Chris Wells
MTEC Fine Art

Professional and friendly

London Hire - Accessible Vehicle Rental

Have recently switched our IT services to AlphaFirst and have been extremely impressed at how professional and friendly the team have been. Very responsive and they have quickly resolved any minor issues we have had. Happy to recommend their service to others

Richard Gerard-Sharp
London Hire Ltd

Every firm needs a Nick

Domenico Padalino BSc ArchDip ( HONS ) Arch RIBA MFPWS
DPA (London) Ltd

Flexible and intelligent approach

With a flexible and intelligent approach to resolving complex problems, and a can-do attitude, your recent development of our Finance Budgets application has been a great success and was delivered at great value compared to other possible solutions

Colin Hooker
Finance Planning & Analysis Manager

You’re a genius!

Just thought I would let you know that the staff here think you’re a genius!

Ben Ross
Director

Just what we were looking for!

Chloe Norris
Dogs About Town

Quick to respond

AlphaFirst are always quick to respond, reliable, helpful and friendly. Excellent customer service

Shella Turner
Ware Priory

Support we got was excellent

We chose to work with AlphaFirst two years ago as we were not happy with our current IT partner. We are a small organisation with independent consultants contracting to us on a wide number of projects. Our contact at AF talked me through what we were looking for and explained the various levels of support. We decided to go with a reduced support package due to our size and the support we got with this was excellent, we still have this support now.

Jon Luckhurst
DG International

If I could give 6 Stars and more, I would

In short Jeremy and his team at AlphaFirst are absolutely brilliant.

I don’t really do reviews but something happened today that I need to tell you about. My company produces Online Video content which our customers access through software that AlphaFirst created. We have thousands of videos and hundreds of customers.

This morning we began receiving calls from our customers telling us that there was a problem with the software and when we checked, we were experiencing the same problem too. We immediately reached out to AlphaFirst for help. Now to cap this we had an online presentation to a Global Customer that was scheduled for 20 minutes after making the support call to AlphaFirst. Their response was amazing, we sent them a video via their support system of what was happening and they got to it. Our meeting started on time and they had fixed the problem so that we could demonstrate our software to our customer.

I should mention that it turned out that the only reason why the software failed was due to human error on our side when backing up the system the night before but at the end of the day it doesn’t really matter because AlphaFirst’s response was just simply amazing and if you’re looking to work with a company that cares and gets things done when you need it most, then you only have one thing to do – Call AlphaFirst, you can’t go wrong.

Michael Shane
Mi-Crow Courses

Calm common sense and expertise

Many thanks for your support yesterday. I’ll admit I was panicking – your calm common sense and expertise saved at least some of the hair I was tearing out.

Vernon Halsey
IT Manager

Fast efficient service

Erika Kiss
MTEC Fine Art

Sorted it out in a flash

After one of those days when you’re tempted to throw your laptop off a tall building, Mark from AlphaFirst came to the rescue. He was quick to respond, accessed remotely and sorted it out in a flash. Stress levels now reduced, I’m very grateful!

Heidi Pateman
Ware Town Council

Always quick to respond

Absolutely fabulous service from a local IT support company. Nothing is too much trouble. AlphaFirst believe in the old fashioned values of courtesy and integrity. Always quick to respond. Thank you

Janet Reeve
Knight & Day

Very happy with the service

This is the second time we have used your company and Nick and Tony have been very helpful.

Andy Wing
Golden Boy Coaches

Excellent Service

Beverley Packford
Packford Opticians

Nothing has been too much trouble

Absolutely fabulous service. Really friendly, very knowledgeable and nothing has been too much trouble. Thank you!

Johanna Till
Dogs About Town

A very personal and helpful service

My experiences since around 11 years ago when I first signed up with you have been very good. In those early days you had a messaging service and I always got called back but now you have direct contact it’s much better, really good. It’s a very personal and helpful service, particularly from Nick (and then from Philip, after Nick introduced me to help with the Mac).

Supplying my new iMac and iPads was efficient and competitive too.

 

 

Lester Bennett
Design Consultant

A*

We use AlphaFirst as our external IT Team, they are great, always quick and ready to respond A*

Dawn Anderson
DPA (London) Ltd

Nick never ceases to amaze me

Nick never ceases to amaze me with his knowledge of windows and technology in general. He brings out the inner geek in me too!

Tim Pedlar
Hopkins Falshaw

Really enjoyed working with you

I’ve really enjoyed working with you … great to work with people who just get stuff done!

Alex Rammal
Former Head of IT

Very happy with the service provided

We were very happy with the service provided.
Looking forward to having our computer system finally working as it should!!

Jody Piggott
M&M Welding & Fabrications Ltd

Absolutely Fantastic!!!!

In times passed writing was done with a quill & a pen-knife was an essential piece of equipment. AlphaFirst is the sharpest computer-pen-knife I have ever come across! Thank you very much guys for your prompt & efficient service. Regards,

Roy Holt
Granville Forbes Architects ltd

Very impressed

Nick does go above and beyond I must say. He was very efficient and got us all sorted.

Maxine Padalino
DPA (London) Ltd

Partners and Certifications

We're Microsoft Partners
We're Dell Partners
cyber essentials certified
Draytek Authorised Dealer
Malwarebytes Registered Partner
avast and avg reseller
Microsoft Small Business Specialists
Member of Herts Chamber
Proud to be part of Love Hoddesdon
alphafirst_logoBLACK_Transparent_Large_No_Tagline.png
Terms and conditions
Cookie Policy
Privacy Policy
Press & Media

Visit Us

  • The Old Well House, 1 Bell Lane
  • Hoddesdon, Herts EN11 8HW
  • Tel: 01992 466877
  • Email: webcontact@alphafirst.net

OPENING HOURS

  • Monday - Friday:
  • 9:00AM - 5:00PM
  • + other times on request

Join Our Tribe!

Get updates on events, new articles and special offers

Copyright 2020. AlphaFirst Ltd. Registered in the UK No. 4012380

All offers are subject to pre-qualification, maximum one per customer unless stated, and are not valid in combination with any other deal or offer. Terms and conditions apply, and telephone calls may be recorded for training and monitoring purposes. All prices exclude VAT