In response to Russia’s cyberattacks aimed at Ukraine as its invasion of the county continues, the UK’s National Cyber Security Centre (NCSC) is urging British organisations to enhance their cybersecurity measures, including ramping up their protective protocols for data.
Although the NCSC has confirmed that it is not currently aware of any specific cyber threats aimed at enterprises in the UK that are related to the Ukraine situation, a historical pattern exists of cyberattacks aimed at Ukraine having international implications.
In a recent statement, the NCSC has recommended that organisations follow its expert guidance on the key steps to take in scenarios where the potential for cyber threat is increased, as this will help reduce the possibility of them becoming a victim.
Protecting systems that hold private data from attacks
In its action plan for times of heightened cyber risk, the NCSC advises ensuring your firewall rules are correct and that your antivirus is up to date. All company devices, systems, software and firmware must also be updated, and security patches installed. Staff should be trained to identify phishing and social engineering attacks that may be used to bypass enterprise defences.
Assessing data access controls
From email accounts to secure online vaults, all enterprise passwords used for areas where data is stored must be strong, unique to systems and never used for accounts elsewhere. Multifactor authentication methods should be added to access points for extra protection. Privileges should be examined and those with the highest level of access carefully managed. All unused, old or suspicious admin access accounts should be deleted.
Being prepared in the event of an attack
Finally, the NCSC urges companies to ensure they are ready should the worst-case scenario comes to pass and they are hit with an attack. Firms should revise their incident response plan and make sure it is still effective and accessible. The plan and points of contact must both be available, even when systems are not. Data backups must also be up to date, with an additional copy kept offline so that companies can remain resilient and recover quickly with no data loss. Critical credentials like access tokens and private keys must also be backed up.
Best practices for data security when threats are heightened
On top of the advice offered by the NCSC, encrypting all electronic data is a wise move for organisations looking to reduce the risk of attack. Whether information is being emailed or shared, or stored on servers, backup drives or in the cloud, it should be safeguarded by end-to-end encryption software.
At Galaxkey, we offer a state-of-the art encryption solution. Approved by the NCSC, it has three-layer protection based on the US Government-recommended onion model. Additionally, our cutting-edge electronic signature solution can enable firms to validate users seeking access to sensitive areas of their systems where confidential data is held.
To keep your data as safe as possible in times of crisis, contact our team today for a free 14-day trial.