The Estonian Association of Information Technology and Telecommunications encourages businesses and individuals to think about the basics of cybersecurity.
Attacks and confusion in Estonian cyberspace have increased in connection with what is happening in Ukraine. The risk of companies falling victim to cyber attacks has also increased. In order to reduce this risk, the Estonian Association of Information Technology and Telecommunications recommends the following:
- If necessary, ask for help from the service support
- Ask your IT development or service support partner to install the latest security patches on all of your applications and servers.
- Turn on two- or multi-factor authentication for all business-critical software solutions (Microsoft and Google services, business applications).
- Software updates
- When updating software, make sure that: automatic software updates for computers, servers, and phones are implemented on all devices of the company. Automatic updates should be avoided and it should be ensured that the update is necessary and authorised by the manufacturer;
- Anti-virus and anti-malware software is installed and updated;
- The necessary data is backed up weekly to an external hard drive that is not connected to the Internet.
- NB! Particular attention should be paid to software updates originating in Ukraine, Russia, and Belarus.
- Opt out of convenient access
- Avoid password-free access to your office computer or your personal phone, do not use shared accounts with a simple password.
- Where possible, introduce biometrics-based access mechanisms by equipment manufacturers.
- Where possible, use Smart-ID, ID-card, or Mobile-ID for personal identification (Estonian systems).
- The above rules apply regardless of the owner of the tool and are based on whether the device can access company data (including emails, invoices, and orders sent on behalf of the company). Exceptions may apply for servers for which specialists have justified not setting this up.
- Using Wi-Fi in public areas
- Whenever possible, do not use Wi-Fi networks that are accessible to anyone without a password.
- It is safer to use mobile data at airports, cafés, and other public places. However, that is not completely safe either – you can only trust your mobile service provider, not a random Wi-Fi network.
- Do not leave your device unattended
- Our high-tech gadgets are still vulnerable to a threat that no firewall or cryptographic solution can protect us from: human eyes! Pay attention to what information is displayed on your screen when strangers are nearby. Peeking and spying via cameras has caused data leaks in the past – be sure to lock the screen when leaving the device, not only in a public place but also in the office.
- Never leave your device unattended in a public place – an attacker could use this time to connect a USB flash drive to perform malicious actions.
- Check your automated electrical, communications, and smart connections
- As cyberspace is an increasingly important part of our daily lives, we recommend checking the electrical, communication, and smart connections of the ICT solutions around us. Many buildings and parts of the infrastructure are automated using smart solutions designed for peacetime use. If the electrical or communication connection is lost, the barrier or the lock on the front door of the building, for example, may stop working. For such cases, we recommend that you have procedures in place to handle them manually.
- Most automation in modern buildings, including heating, also depends on the performance of the base connections.
- When communication and navigation systems fail, you must know how to use a paper map.
- Behave safely and sensibly
- Tell company employees that written orders sent through any channel that do not seem reasonable may NOT be executed without a reasonable explanation. Ask questions!
- Avoid making new discoveries online: stick to service providers and news channels you are familiar with and avoid downloading ‘interesting’ videos, pictures, and documents – limit yourself to what is available online.
If you have any questions, feel free to contact your IT and communications company.