It’s a reality that councils could be targets for cyber-attacks because of their role in managing critical infrastructure, public services and community data. Which is why CivicRisk is always working to help our members protect their information and infrastructure against cyber security threats. With the right tools and support, Councils can take steps to mitigate these risks.
The Essential Eight
The Australia Cyber Security Centre (ACSC) has developed a list of eight essential mitigation strategies for organisations to implement as a baseline and make it harder for cyber-criminals to launch successful attacks. These strategies include:
- Application Control: This involves restricting what applications can be installed on a computer and monitoring activity, which helps to ensure malicious software is not allowed to run.
- Patch Applications: This is the process of approving and installing software updates in order to keep applications up-to-date. Patching can prevent vulnerabilities from being exploited by hackers.
- Configure Microsoft Office Macro Settings: Cybercriminals often use Microsoft Office macro features to deliver and execute malware. So, members should configure the settings so that their users are prompted before they can open documents containing macros.
- User Application Hardening: It’s important to ensure that users don’t install software or applications on their computers that they have not been authorised to use. It also helps if users are only allowed to access the applications they need and these are only used for their intended purposes.
- Restrict Administrative Privileges: Members can reduce the risk of malicious code being executed on computers by restricting the number of users who have administrative privileges. This means that there are fewer people who can install software, modify system settings and make other changes to the computer environment.
- Multi-Factor Authentication: Multi-factor authentication is a method of verifying the identity of users by using two or more factors before granting access to sensitive information. This can be implemented in many ways, such as through the use of security tokens that generate random numbers used as passwords, facial recognition or by sending a code to the user’s device.
- Patch Operating Systems: Similarly to applications, out-of-date operating systems are a common source of vulnerabilities. It’s recommended that members set up automatic updates or ensure users update their operating systems manually as soon as a new version is released — which will guarantee that the latest security patches are applied to the system.
- Daily Backups: Data should be stored in multiple locations and in a format that can be restored, such as by backing up to a secure cloud service. This ensures that even if the data is lost or stolen, it can be restored quickly and easily.
When implementing the Essential Eight, members should identify and plan for a target maturity level. This process will involve incremental steps toward full implementation of each individual target until full compliance is reached.
Be Proactive With CivicRisk Mutual
While CivicRisk is committed to helping and supporting our members through a protection program, along with training, education and collaboration with other government agencies, every council is responsible for managing its cyber risks. We encourage members to take steps now to secure their data, whether that means having a cyber security expert audit your system or implementing the above strategies.
If you need additional funding to make these improvements, please enquire about our grant program with your risk manager. And for any further guidance regarding this topic, please don’t hesitate to contact us — our priority is to keep communities safe. Let’s work together!