10 steps to make your company cyber-secure: the RHC guide.

Olivia Terragni : 29 July 2025 16:07

In recent weeks, cyber activity on the internet – due to the Russia-Ukraine conflict – has increased significantly. In recent years, ransomware attacks have pushed Italy to third place among the countries most attacked by cybercriminals, but it is also true that threats vary over time and often in completely unexpected ways.

For this reason, we must learn to protect our organization and our systems. 

As we have seen, a series of DDoS (Distributed Denial of Service) attacks on the Ukrainian government – starting on February 15 – have continued over time, also hitting banking institutions. On February 23, the new malware HermeticWiper was discovered, and finally the malicious activities also involved the defacement of websites.

Several governments – including Italy – are warning their citizens through various recommendations to prepare for cyber attacks that could interrupt, disable or destroy critical infrastructure, and retaliatory attacks due to political measures against the ongoing war.

We are therefore in a state of ever-increasing alert, where we must prepare ourselves to react proactively to any problem that may arise, which is ultimately the right behavior we should always adopt due to increasing crime on the web. How?

• prioritizing implementations that concern cyber security;
• increasing the level of cyber security;
• using the best tools to prevent a cyber attack;
• managing a cyber attack in the best way if it occurs.

To help you, we have prepared a step-by-step guide step, to guide you in the defense of your systems and data of your companies and organizations of all sizes and in all sectors.  

The factors that condition and influence your cyber risk

The geopolitical tensions of these days, the hacktivism that has increased exponentially and the continuous presence of criminals who act only for their own benefit, are the basis from which to start to understand how it is necessary to protect yourself and respond proactively respond to these events.

While cyber threats are a constant struggle, they can be prevented by gaining awareness of the various types of protocols, exploits, tools, and resources used by malicious actors. For example: is there a zero-day vulnerability in a widely used service that attackers are exploiting?

It is rare for an organization to be able to influence the level or risk of the threat itself, or understand what type of attack it will be or where it will come from, so it is necessary to act precisely on reducing the space of exposure and reducing vulnerability first and second, on reducing the impact of a successful attack. 

Even the most sophisticated and determined attackers use known vulnerabilities, misconfigurations or credential attacks (such as attempting to use breached passwords or reusing authentication tokens).

Reducing the ability of attackers to use well-known techniques can reduce the cyber risk for your organization.

The 10 actions and routine rules for your security

The first thing to do is make sure that your security systems are up to date and functioning so that they can protect your devices, networks, and systems. Second, take regular good cyber hygiene actions to keep your hardware and software secure: update operating systems, software, and antivirus software, and regularly back up your data to offline hard drives and cloud storage.

Check system patches

• Make sure your servers, desktops, laptops, and mobile devices are all patched, including third-party software like browsers and office productivity suites. If possible, enable automatic updates.
• Ensure that the firmware on your organization’s devices is also patched. Sometimes this is implemented in a different way than updating the software.
• Ensure that your internet-facing services are updated with the latest security patches. Internet-facing services—or applications connected to the internet rather than just through an internal network—with unpatched security vulnerabilities are an unmanageable risk. These include firewalls, web applications, VPN gateways, cloud application delivery platforms, and so on.
• Ensure, where possible, that your key business systems are all patched. If there are unpatched vulnerabilities, ensure other mitigations are in place.

Check access controls

• Ask staff to ensure their passwords are unique to your company systems and not shared with other non-company systems. Ensure that passwords for your systems are strong and unique, and that any that are not are changed immediately.
• Review and audit user accounts, removing old or unused ones. If you have enabled multi-factor authentication (MFA), check that it is configured correctly. Ensure it is enabled on systems and user accounts according to your security policies.
• Carefully review all accounts that have privileged or administrative access and remove any that are old, unused, or unrecognized. Ensure that accounts with privileged access or other rights are carefully managed and, where possible, use Multi-Factor Authentication (MFA). Privilege can refer to system administration, but also to access to sensitive resources or information, so ensure those resources are also adequately protected.
• Review your overall system administration architecture to better understand your risk in this area.

Make sure your defenses are up and running

• Make sure your anti-virus software is installed and regularly check that it is active on all systems and that signatures are updating correctly;
• Check that your firewall rules are correct – especially check any temporary rules that may have been left in effect beyond their expected lifespan;
• Maintain perimeter protections, especially if you have Intrusion Prevention systems and Web Application firewalls that are active, functioning, and up-to-date.

Logs and monitoring

• Try to understand what type of logging is active, where the logs are stored, and how long they are kept;
• Monitor the main logs and monitor the antivirus logs. If possible, make sure your logs are kept for at least a month;
• On web applications exposed to the internet, if the system allows it, enable verbose logging that allows you to analyze the request payload.

Checking backups

• Check that your backups are working correctly. Perform test restores from your backups to ensure the restore process is working properly.
• Make sure there is an offline copy of your backup – and that it is always recent enough to be useful if an attack causes data or configuration loss on your system.
• Make sure the state of the machine and any critical external credentials (such as private keys, access tokens) are also backed up, so not just the data.

Cyber Incident Plan

• Check that your incident response plan is up to date;
• Check that escalation paths and contact details are all up to date;
• Make sure your incident response plan is clear and highlights who has the authority to make key decisions, especially outside of normal working hours;
• Make sure your incident response plan and the communication mechanisms it uses are available, even if your business systems don’t have it. are.

• Ensure that your records of your digital footprints on the Internet are accurate and up-to-date. This includes information such as the IP addresses your systems use on the Internet or which domain names belong to your organization. Make sure your domain registration details are kept secure (check your service provider account password, for example) and that all delegations are as expected;
• Run an external vulnerability scan of all digital footprints on the internet and check that everything that needs to be patched has been patched. Internet-connected services with unpatched security vulnerabilities are an unmanageable risk.
• Carry out regular Vulnerability Assessments on all external surfaces exposed to the Internet, both infrastructural and application-related, and penetration testing on critical resources to verify resilience to a potential cyber attack;
• Disable all administrative access from the Internet. If necessary, it will be necessary to consider the use of a specific VPN.

Response to phishing

• Make sure staff know how to report phishing emails. Ensure you have a process in place to handle any reported phishing emails;
• Conduct periodic risk awareness assessments of your organization’s staff.

Third-Party Access

• If third-party organizations have access to your networks or IT property, ensure you have a complete understanding of what level of privilege is extended to your systems and to whom.
• Remove any access you no longer need. Also make sure you understand the security practices used by your third parties;
• Make sure you exercise the right (where applicable) to carry out security audits on the infrastructure provided by the third party to support your organization.

Inform all staff of the increased cyber threat

• Make sure other teams in your organization understand the situation and the increased cyber threat. Getting buy-in from the rest of the company is essential to completing the actions described here;
• Make sure colleagues in other areas understand the potential impact on their teams’ workloads and tasks. Make sure everyone knows how to report suspicious security events and why reporting during a period of heightened threat is so important;
• Make sure everyone in your organization does their best to mitigate the risks of a cyber threat as the weakest link in the chain is always the user.

Further actions to reduce vulnerabilities and the impact of a successful attack

To protect you, your business, your systems and your users, these ten points listed are essential to ensure that the most fundamental security measures are in place.

If in addition to these routine rules you are concerned about increased exposure to threats, there are other advanced actions you can take:

1. If you have plans in place to make cybersecurity improvements, you should review whether to accelerate the implementation of key mitigation measures, which in turn will likely require reprioritization of resources or investments;
2. No technology service or system is completely risk-free and therefore balanced and informed decisions based on risk should be made. As the threat escalates, organizations should review key risk-based decisions and validate whether they are willing to tolerate any risks or whether it is better to invest in remediation or accept risk mitigation.
3. Some system functions, such as data exchange over untrusted networks, can inherently carry a greater level of cyber risk. Therefore, consider temporarily reducing functionality to reduce exposure to the threat and, if necessary, implement a zero trust approach.
4. Larger organizations will have mechanisms to evaluate, test, and patch software at scale. When the threat is strongest, organizations may want to take a more aggressive approach to patching security vulnerabilities, but be aware that this could impact the service itself.
5. During this period, consider delaying any significant non-security-related system changes.
6. If you have an operational security team or a Security Operations Center (SOC) providing you with cybersecurity services, it may be helpful to consider agreements to extend operating hours or put contingency plans in place to quickly scale operations if a cyber incident occurs.
7. If you have systems in place that automatically notify you with actions or notifications – based on threat information – you may also want to consider purchasing a threat feed that provides information on all potential threats, while also enabling prevention.

These are some of the best practices you can implement within your organization, but don’t think of them as “the only ones.”

This is because knowledge of cybersecurity never ends and even today’s top security experts are constantly studying new methodologies and models for countering threats, so take this as a good “start of a journey” that will always lead you to continuous self-improvement of your performance.