Five basic security steps to mitigate against cyber attacks

Five basic security steps to mitigate against cyber attacks

Basic security precautions can help you and your business prepare for and mitigate against the vast majority of modern cyber threats.

Microsoft’s latest Digital Defence Report has identified five cyber hygiene practices that can have a major impact on reducing threats. The vital five that can protect you from 98% of cyber attacks are:

1. Enable multi-factor authentication
2. Apply least privilege access
3. Keep software up to date
4. Use anti-virus software
5. Protect your data.

Jeff Gonlin, Emergence Insurance’s Head of Underwriting & Product Development, says the five steps are akin to simple measures we take in other areas to protect ourselves and our assets.

“We install alarms and sprinklers to protect property. We learn basic First Aid, we lock doors when we leave home, and we encourage safe driving techniques for friends and family,” he said.

“Likewise, these five simple steps can protect ourselves and our businesses against cyber crimes, which are now highly organised and rampant. Cyber insurance is a last-step defence; we need to improve our cyber security to ensure coverage is even available.”

Jeff says the five low cost yet highly effective steps are essential to reduce the rapidly increasing number of cyber crimes and their potentially devastating impacts on us personally and on our businesses and clients’ businesses.

Multi-factor authentication

Multi-factor authentication (MFA) makes it harder for attackers to use stolen or phished credentials. Without the additional factor, attackers can’t access accounts or protected resources. Enable MFA on all accounts that support it, and ensure people understand not to approve an MFA request unless they were trying to log in or access a system. Some people automatically click to approve any pop-ups they receive.

Least privilege access

Prevent attackers from spreading across your network by applying least privilege access principles, which limit user access to just in time (JIT) and just enough access (JEA). JIT/JEA systems ensure users get only the access rights needed to perform specific tasks and only for as long as needed to complete them. Combine that with policies that deny access to resources if there is any doubt over the hygiene of an account or device.

Keep up to date

Keep applications up to date and correctly configured to mitigate against the risk of software vulnerabilities. Implement a means of updating all software and applications on all machines and endpoints so you always have the latest updates and patches. Restrict devices missing critical patches from accessing sensitive resources. Same applies for cloud services – use cloud security posture management to ensure systems are configured correctly.

Use anti-virus software

Install and enable anti-virus solutions on endpoints and all devices to stop malware attacks from executing. Use cloud-connected anti-virus services for the most current and accurate detection capabilities.

Protect your data

Know where your sensitive data is stored and who can access it. If a breach occurs, it’s critical that security teams know where the most sensitive data is stored and accessed. As we increasingly collaborate and share data, we must ensure we understand what data we have, classify it accurately, and apply sensitivity labels where appropriate. That enables us to use information protection and data loss prevention technologies to protect data with greater confidence.


This article was provided by Emergence and republished with their permission. Emergence is an award-winning underwriting agency, exclusively focused on providing flexible, innovative cyber insurance solutions to help protect all Australians, including businesses ranging from SMEs to ASX-listed companies, and individuals and families.


Important Notice

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of CRM Brokers.