Multi-factor authentication (MFA) is a method of controlling computer access in which a user is only granted access after ' successfully presenting several separate pieces of evidence to prove that they are who they say they are — typically at least two of the following categories of authentication information are provided: something they know — for example a password, something they have — for example a PIN code sent via SMS to a phone, and something they are — for example a fingerprint.
Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an attacker from gaining access to a device or network. When implemented correctly, multi-factor authentication can make it significantly more difficult for an attacker to steal legitimate credentials to facilitate further malicious activities on a network.
Extend the rollout of MFA to any system that is publicly available and to any system that requires a higher level of access control:
- Remote VPN access
- Webmail Access
- Third Party Apps
- Website access
- Administrator level access to key systems
- Implement a RADIUS server on-premise to allow local systems to integrate with the Azure MFA service
Extend Security Awareness and Training Training employees to understand and avoid common security threats can greatly reduce a companies risk of a security incident. It is therefore vital that an organisation has a security awareness program in place to ensure employees are aware of the importance of protecting sensitive information, what they should do to handle information securely, and the risks of mishandling information.
Implement security awareness training for new starters. expand its security awareness efforts by implementing a security training platform.
Implement an integrated Security Awareness Training and Simulated Phishing platform such as Knowbe4. https://www.knowbe4.com/about-us/
Hard Disk Encryption
Hard disk encryption prevents any information stored on disk from being read or accessed. Data that is encrypted may only be decrypted and read if the encryption key or password is known.
If a computer is lost or stolen, the information stored on the computer will be protected from unauthorised access.
You can upgrade the version of Windows in use to Windows 10 Enterprise to take advantage of Bitlocker. Bittocker is a Windows feature that allows hard drives to be encrypted. Bitkocker provides the most protection when used with a Trusted Platform Module (1-13M) version 1.2 or later. The TI)M is a hardware component installed in many newer computer by the computer manufacturers.
Cyber insurance policies
- Third Party Claims - covers the Insured's liability to third parties from a failure to keep data secure, such as claims for compensation by third parties, investigations, defence costs and fines and penalties from breaching the Privacy Act.
- First Party Costs - reimburses the Insured for the costs they would incur to respond to a breach, such as IT Forensic Costs, Credit Monitoring Costs, Public Relations Expenses and Cyber Extortion Costs (including ransom payments to hackers).
- Business Interruption - this section provides reimbursement for the Insured's loss of profits resulting from the breach, as well as any additional necessary expenses it may need to incur to continue business as usual.