EOFY Cyber Security Checklist: 5 Tips to Safeguard Your Business

As our financial year (EOFY) closes, we know that cybercrime accelerates as criminals attempt to exploit ‘the mad rush’ and our daily distractions. Now is the time to review change in your environment, identify new vulnerabilities, bolster detective and protective controls and defend your value from emerging risks.

Here are my top recommendations to help you to prioritise your efforts:

1. Employee Awareness (Train)

Our threat intelligence indicates that higher transaction rates and greater use of service providers during EOFY increases the risk of supply chain cyberattacks. Your supply chains may include small, expert but potentially insecure organisations, and your rush to meet EOFY deadlines can exposure vulnerabilities in people and processes.

Can your colleagues distinguish legitimate requests from threats and fraud e.g., via phishing emails, business email compromise or identity theft? Do your processes quickly identify fraudulent invoices with incorrect remittance information?

Now is the time to revisit employee cyber awareness training, including how to safely identify and report a cyberthreat. Invest in seminars or leverage a training platform to deliver a quick shot of awareness!

2. Security Controls (Monitor)

Humans can be the weakest link in your defence-in-depth architecture, often creating a runway from an external access point to a crown jewel. Fortunately, your technology can be configured during the EOFY to help bolster your defences.

Consider reducing thresholds that need to be reached before a security alert is triggered and automated response is deployed by your security operations centre (SOC). Now is the time to revisit your risk thresholds, confirm log health, and justify detection rules and playbooks. Invest in SOC engineering and fortify your watchtowers.

3. Access Management (Authenticate)

Nobody enjoys continuous authentication, but employees will accept the reasons for increased authentication during EOFY. Consider strengthening MFA by utilising e.g., passkeys, and deploying just-in-time access to systems at greater risk of attack.

Revisit your Identity and Access Management (IAM) controls and ensure your perimeter is protected. Invest in an IAM health check, remove old identities and turn-up authentication requirements for high-risk users.

4. Vulnerability Management (Remove)

Throughout the FY, developers, marketers, business leaders and bring-your-own-device users have promoted, built, and deployed an infinite amount of new code, applications and data into your organisation! This may have introduced vulnerabilities and visibility gaps.

Now is the time to review new code, applications and interfaces for vulnerabilities. Invest in technology that can detect, prioritise and manage application security, and buy a head start on forcing secure coding behaviour in the new year.

5. Incident Response (Prepare)

In the event of a successful attack, a retained First Responder and cyber insurance can protect your organisation against reputational damage and existential financial loss. However, buyer beware - an insurance policy may force you to use an approved First Responder.

Review your incident response retainer and read the small print on your cyber insurance policy. Invest in a retainer for digital forensics and incident response and confirm your policy does not expire during the EOFY period.

EOFY is the time to reinforce specific capabilities in your cybersecurity system There is no silver bullet to eliminate increased cyber risk, but proactively managing your control deployment is responsible and resilient behaviour.