Skopje, September 13, 2022

Taking into account the situation with cyber-attacks in neighboring countries but also on state institutions in the Republic of North Macedonia, the Ministry of Information Society and Administration hereby recommends specific steps that the state administration bodies should take, in order to protect against future cyber security attacks.

The actions below are to ensure that basic cyber hygiene controls are in place and operating properly. This is important under all circumstances, but critical during times of increased cyber threat. The recommended steps below focus on reducing the vulnerability of the attack and reducing its harmful impact.

Even the most sophisticated and determined attacker will exploit known vulnerabilities, misconfigurations, or credential attacks (such as password, attempted use of cracked passwords, or reuse of authentication tokens) if they can. Reducing the opportunity to use these techniques will reduce the cyber risk to the institution.

Due to the urgency of the situation, we suggest that the institutions act in accordance with the MIOA guidelines as soon as possible and take actions to improve their resistance to increased cyber threats. The Ministry of Information Society and Administration proposes to take the following steps in order to reduce the probability of a cyber-intrusion.

-Ensure your users' systems, desktops, laptops, and mobile devices are up-to-date, including third-party software tools such as browsers and office productivity suites.

-Check that anti-virus software is installed and regularly verify that it is active on all systems and that signatures are updated correctly.

-Verify that any remote access to your organization's network for privileged or administrative access requires multi-factor authentication.

-Verify that your organization's IT staff has closed all ports and protocols that are not necessary for business purposes.

-Make a backup copy of all the data on your systems, preferably in another location and an offline copy of the same.

-Verify that your backups are working properly. Perform a storage test from your backups to ensure the restoration process is understandable and familiar, ensure backups are isolated from network connections.

-Ensure that the machine and any critical external credentials (such as private keys, access tokens) are also copied, not just the data.

-Ask staff to ensure that their passwords are unique to your business systems and are not shared with other, non-business systems. Make sure passwords for your systems are strong and unique.

-Designate a crisis response team as contact persons

- Securely configure email services using security standards, encryption and spam prevention

-Share the information with all employees. Make sure everyone knows how to report suspicious security events and why reporting is so important during a period of increased threat.