Microsoft’s latest Digital Defence Report has identified five cyber hygiene practices that can have a major impact on reducing threats. The vital five that can protect you from 98% of cyber-attacks are:

  1. Enable multi-factor authentication
  2. Apply least privilege access
  3. Keep software up to date
  4. Use anti-virus software
  5. Protect your data

Jeff Gonlin, Emergence Insurance’s Head of Underwriting & Product Development, says the five steps are akin to simple measures we take in other areas to protect ourselves and our assets.

“We install alarms and sprinklers to protect property. We learn basic First Aid, we lock doors when we leave home, and we encourage safe driving techniques for friends and family,” he said.

“Likewise, these five simple steps can protect ourselves and our businesses against cyber crimes, which are now highly organised and rampant. Cyber insurance is a last-step defence; we need to improve our cyber security to ensure coverage is even available.”

Jeff says the five low cost yet highly effective steps are essential to reduce the rapidly increasing number of cyber crimes and their potentially devastating impacts on us personally and on our businesses and clients’ businesses.

Multi-factor authentication

Multi-factor authentication (MFA) makes it harder for attackers to use stolen or phished credentials. Without the additional factor, attackers can’t access accounts or protected resources. Enable MFA on all accounts that support it, and ensure people understand not to approve an MFA request unless they were trying to log in or access a system. Some people automatically click to approve any pop-ups they receive.

Least privilege access

Prevent attackers from spreading across your network by applying the least privilege access principles, which limit user access to just in time (JIT) and just enough access (JEA). JIT/JEA systems ensure users get only the access rights needed to perform specific tasks and only for as long as needed to complete them. Combine that with policies that deny access to resources if there is any doubt over the hygiene of an account or device.

Keep up to date

Keep applications up to date and correctly configured to mitigate against the risk of software vulnerabilities. Implement a means of updating all software and applications on all machines and endpoints so you always have the latest updates and patches. Restrict devices missing critical patches from accessing sensitive resources. The same applies to cloud services – use cloud security posture management to ensure systems are configured correctly.

Use anti-virus software

Install and enable anti-virus solutions on endpoints and all devices to stop malware attacks from executing. Use cloud-connected anti-virus services for the most current and accurate detection capabilities.

Protect your data

Know where your sensitive data is stored and who can access it. If a breach occurs, it’s critical that security teams know where the most sensitive data is stored and accessed. As we increasingly collaborate and share data, we must ensure we understand what data we have, classify it accurately, and apply sensitivity labels where appropriate. That enables us to use information protection and data loss prevention technologies to protect data with greater confidence.

Does your IT department (that might be you) have all of these risk recommendations in place?

Who can I contact for further advice?

AFTA’s partnership with Network Insurance Group, a leading Australian-owned insurance broker, provides insurance and risk advice to AFTA members. They are able to review members’ risks and often secure cover at a reduced cost for members.

To arrange Cyber Insurance or review all your insurance needs, please contact: or call 1300 856 657