To prevent malware from running across your organisation, the ACSC recommends these actions.
A whitelist only allows selected software applications to run on computers. When implemented, all other software applications are stopped, including malware making it harder for your organisation to be breached.
CONFIGURE MICROSOFT OFFICE MACRO SETTINGS
To block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
Adversaries will use known vulnerabilities to target users computers, but this is made more difficult when you harden your software applications by implementing patch fixes in your software applications.
USER APPLICATION HARDENING
Flash, Java and web ads have long been popular ways to deliver malware to infect computers. By blocking web browser access to Adobe Flash Player (uninstall if possible), web ads and untrusted Java code on the Internet will help reduce malware penetration.
REDUCE RISK & RECOVER DATA
To reduce the number of incidents and ensure you can recover your data, the ACSC recommends taking these actions.
RESTRICT ADMINISTRATED PRIVILEGES
Admin accounts are the ‘keys to the kingdom’, adversaries use these accounts for full access to information and systems, which is why you should only use administrator privileges for managing systems, installing legitimate software, and applying software patches. These should be restricted to only those that need them.
PATCH OPERATING SYSTEMS
We already know that adversaries will target computers due to their known security vulnerabilities which is why regular patching helps to fix these vulnerabilities in operating systems.
Having multiple levels of authentication makes it a lot harder for adversaries to access your information. Therefore, its recommended that you implement an MFA that will only grant the user access after successfully presenting multiple, separate pieces of evidence. Typically, something you know, like a passphrase; something you have, like a physical token; and/or something you are, like biometric data.
DAILY BACKUP OF YOUR CRITICAL DATA
If you do suffer cybersecurity incident, you will still be able to access your critical data if you are regularly backing up your data and storing it securely offline.