Protecting against Cyber attack - part 2
In our previous post we covered some basic steps that everyone can and should be taking to help protect your organisation against a cyber attack.
In this, the second post in the series, we cover some more technical steps to help protect your organisation.
Limit Office Macros
A common method of delivering malware is by getting users to inadvertently run a Microsoft Word or Excel Macro. By default, modern versions of Microsoft Office block macros, but allow the user to remove the block, either just once, or permanently in the settings. Older versions do not have this protection though.
IT teams and service providers can disable macros across the business using group policy, but some job roles, often in finance teams, need macros because they automate complex or time consuming tasks, so you can also use group policy selectively allow them just for the staff whose job role needs them.
Limit use of USB drives
USB drives can carry malware and attack your computer automatically when they're inserted into a USB port.
The most common way for this to happen is via the AutoRun feature in Microsoft Windows (which also works with CD and DVD disks). You can prevent this by disabling autorun (either manually on a single PC, or via Group Policy). Disabling this feature is a requirement of the Cyber Essentials certification.
It's also possible for USB drives to carry malware within their firmware. This can be much more dangerous and difficult to detect or prevent, and once active
USB drives you receive at conferences, in promotional material or in the postal system are all a risk, and present other risks in terms of encryption and data security. Some businesses now disable USB drive access altogether, in favour of transferring data electronically, where it can be scanned by network-level protection systems.
Limit Administrator or high level account priveliges
Using priveliged accounts (such as "administrator" accounts on Windows systems) for day to day tasks such as web browsing or checking e-mail presents a security risk, because malware which runs as a priveliged user will have more scope to cause damage.
Consider using separate accounts with admin priveliges removed for day to day operations. Only use priveliged accounts when you need to undertake specific system administration tasks which require elevated privs. Controlling administrator account access is a requirement of the Cyber Essentials certification.
Even in 2017, some Windows based software applications (especially those from industry-specific application vendors) still claim to need standard users to run them with local administrator permissions to their PC. Consider talking to your application vendors about this - it's a significant security risk which modern, well designed software really shouldn't need.
For more information on cyber security, please visit our website, or talk to one of our technical advisors firstname.lastname@example.org