Five key measures to prevent cyber attacks

You don’t need us to tell you the seriousness of cyber security. Findings from the NCSC’s UK Charity Sector report, produced in collaboration with Charity Digital, reveal that charities are largely very well-aware of the risk that cyber threats pose, with 98% of charities surveyed recognising cyber security as important.  

A third of organisations who said that their attitudes towards cyber security had changed since the pandemic attributed it to receiving more training. Nearly a fifth had taken the next step and said they had received one of many cyber security accreditations available to organisations hoping to improve their protection.  

Cyber security certifications such as Cyber Essentials  delivered by The IASME Consortium on behalf of the NCSC, are instrumental in reassuring both charities and their audiences. All parties can be sure that the correct cyber security measures are in place to defend against a cyber-attack.  

A certification can communicate your commitment to keeping your audience’s data safe. It can also be the catalyst to help you improve your cyber credentials as you need to meet the certificate criteria.  

Cyber Essentials involves just five core controls that organisations need to have in place to help them prevent the majority of cyber attacks. From 8 –12 November 2021, charities can apply for Cyber Essentials at a discounted rate.   

Since October is #CyberSecurityAwarenessMonth, we thought we would outline the cyber security essentials and show how charities can improve their effectiveness at combating cyber threats.

User Access Control 

User Access control is all about regulating who can view or use your resources at any given time. Research shows that more than a fifth of cyber-attacks come from people within an organisation, either through negligence or intent. By creating accounts with different levels of access, charities can limit both of those risks. 

An important way to minimise access to your most sensitive and important data is to only provide privileged access to people who need it for their roles, keep track of who has these accounts and regularly review these privileges.

Administrator accounts should only be used to install or modify settings and software, while regular accounts should be used for everything else day-to-day, regardless of job roles.

Secure configuration 

Secure configuration refers to the security measures that are installed and set up on computers and network devices. This includes the use of passwords, two-factor authentication, and the removal of software and accounts that you do not use.  

The code in each feature you do not use can potentially offer additional openings for cyber criminals to reach you. Passwords too are becoming easier for criminals to crack, so organisations should have a robust password policy to help employees avoid choosing obvious passwords (such as pet names, and personal information that would be easy to discover).  

Adding an extra layer of authentication, such as a code sent to your mobile phone or a fingerprint scan, will ensure that even if a criminal has acquired your password, they will be unable to access your information without the second source of authentication.

Malware protection 

Anti-virus or anti-malware software can help identify and deactivate viruses or other malicious software before they have a chance to cause harm. Malware typically consists of code developed by cyber attackers, designed to cause extensive damage to data and systems, or gain unauthorised access.  Malware can enter your system when you click on a link contained in a phishing email or from downloading software from untrusted sources. 

Charities can use anti-malware software to automatically scan web pages and files when downloaded or opened. Only approved applications should be used on each device and organisations should have a robust approval process that includes keeping a regular list of apps that are allowed.

Firewalls and Internet gateways 

Firewalls are like a security filter that protect users from cyber threats when they connect a device to the Internet. Firewalls check and monitor data in both directions as it moves through the network and can block or permit the data according to the predefined firewall rules. 

You must have a personal software firewall enabled on each device as well as the firewall switched on and correctly configured at the entrance or boundary to the network. The boundary firewall is usually in the router.  

Organisations can make their firewalls more secure by only allowing traffic from trusted web addresses listed in a safe-list. 

They can also disable remote administrative access or change default admin passwords, to prevent unauthorised administrative access to the internet. In fact, accessing the Internet from an admin account should only be enabled when there is multi-factor authentication in place, and there is a clear and documented reason for it.

In addition, remote access to the administration interface of the firewall over the Internet should be disabled unless there is a clear and documented business need and multi-factor authentication is in place.

Security update management 

Security update management or ‘patching’ is essential to correct faults or ‘vulnerabilities’ that are discovered in the lines of code that make up software. Vulnerabilities are like openings and can be exploited by criminals to gain access to your data and information.  

Within a piece of software’s functioning life span, as soon as an error or ‘vulnerability’ is discovered, the manufacturer creates a fix that will correct and close the opening. All modern software will need to ‘update’ on a regular basis as part of its maintenance, ensuring that vulnerabilities are patched within 14 days of the update, and other ‘bugs’ (faults) corrected.

When new vulnerabilities are discovered, they can be shared on the Internet like a cheat code for cyber criminals, this makes the timeliness of applying newly released updates absolutely critical. 

Remove apps that are no longer supported – this means they no longer receive security updates from the manufacturer – and replace devices that are no longer supported or are have reached ‘end of life’.