Conduct regular training and awareness with your workforce to highlight the risks of social engineering and phishing. Specifically, have robust controls over new account requests or password resets and always know who you are talking to.
Always operate strong authentication. Use a long, complex and unique password and Multi Factor Authentication for accessing any online system. The password advice offered by NCSC is Three Random Words.
Do not re-use passwords or share access to accounts with colleagues. Attackers play on the fact that some people re-use passwords so attempts can and will be made to access systems through credential stuffing attacks to brute force access via a re-used password. Regularly reviewing and removing unused or dormant user accounts also helps reduce this risk.
| Protect all of your laptops and servers with Anti-virus and Endpoint detection and response technology. Capture all security logs and monitor for unusual activity. Investigate any suspicious events. |
Comments are closed.