Calling Organisations in North Yorkshire…

by PCSO Andy Smith
Published: Last Updated on

by PCSO Andy Smith 5520

Following Russia’s unprovoked, premeditated attack on Ukraine, the National Cyber Security Centre continues to call upon organisations in the UK to bolster their online defences.

While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been a historical pattern of cyber attacks on Ukraine with international consequences. The most important thing for organisations of all sizes is to make sure that the fundamentals of cyber security are in place to protect their devices, networks and systems.

There are some actions below that you can follow to make sure that basic cyber hygiene controls are in place and functioning correctly:

Check your system patching

• Ensure your users’ desktops, laptops and mobile devices are all patched, including third-party software such as browsers and office productivity suites. Turn on automatic updates.
• Check to make sure firmware on your organisation’s devices is also patched.
• Where there are unpatched vulnerabilities, ensure that other mitigations are in place.

Verify access controls

• Ask staff to ensure that their passwords are unique to your business systems and are not shared across other non-business systems. Make sure passwords are strong and unique.
• Remove any old or unused accounts. If you have multi-factor authentication (MFA) enabled, check it is properly configured.
• Carefully review any accounts that have privileged or administrative access and remove old, unused or unrecognised accounts.
• Ensure antivirus software is installed and regularly confirm that it is active on all systems.
• Check your firewall rules are as expected—check for temporary rules that may have been left in place beyond their expected lifetime.

Logging and monitoring

• Understand what logging you have in place, where logs are stored and for how long logs are retained.

Review your backups

• Confirm that your backups are running correctly and perform test restorations from your backups.
• Check that there is an offline copy of your backup and that it is always recent enough to be useful.
• Ensure machine state and any critical external credentials (such as private keys, access tokens) are also backed up, not just data.

Incident plan

• Check your incident response plan is up to date. • Confirm that escalation routes and contact details are all up to date.
• Ensure that the incident response plan contains clarity on who has the authority to make key decisions, especially out of normal office hours.

Check your internet footprint

• Check that records of your external internet-facing footprint are correct and up to date. This includes things like which IP addresses you use or which domain names belong to your organisation. Ensure that domain registration data is held securely (check your password on your registry account, for example).
• Perform an external vulnerability scan of your whole internet footprint and check that everything you need to patch has been patched.

Phishing response

• Ensure that staff know how to report phishing emails. Ensure you have a process in place to deal with any reported phishing emails.

Third party access

• If third party organisations have access to your IT networks, make sure you have a comprehensive understanding of what level of privilege is extended into your systems, and to whom. Ensure you understand the security practices of your third parties.

NCSC services

• Check your CiSP account works so you can access and share information about the threat with other organisations and see updates from the NCSC.
• Register for the Early Warning service so that the NCSC can quickly inform you of any malicious activity regarding your systems.

Brief your wider organisation

• Ensure that other teams understand the situation and the heightened threat.
• Ensure colleagues in other areas understand the possible impact on their teams’ workloads and tasking. Make sure everyone knows how to report suspected security events and why reporting during a period of heightened threat is so important.

For more information, guidance and report incidents, visit https://www.ncsc.gov.uk/.

Latest posts by PCSO Andy Smith (see all)

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Cookies Read More