Oct 16, 2017Industry insights,
Make configuration secure
As part of our series focusing on the Governments Cyber Essentials Scheme, the next area we’d like to draw your attention to is secure configuration.
Secure configuration centres on the processes and procedures a business would have in place to make sure their IT systems, such as computers, web applications and network devices are set up in the most secure way. When followed, it will help the business to avoid cyber vulnerabilities and maintain their ongoing security efforts. The correct configuration will cover many different areas of the installation and setup of a business’s equipment. This will include the removal of any default passwords and to make sure the devices are set up to only provide the services required to fulfil their indented function.
Businesses that fail to understand the importance of secure configuration, would leave their business exposed to easily detected vulnerabilities, and it would only be a matter of time before the business became a victim of cybercrime.
There are ten simple yet vital steps to take to ensure your business is as protected as possible:
- Remove the use of any default passwords, for any systems, applications or devices and change to a secure password using a mixture of upper and lower case, numbers and special characters.
- Ensure you formalise the process, and make the secure configuration part of a role and responsibility.
- Remove or restrict any unnecessary software installed on networks and servers.
- Ensure you have a robust and consistent software installation process.
- Make sure you correctly manage file and directory permissions.
- Remove or restrict user accounts with unnecessary access privileges.
- Consider restricting any auto-run features. If these are enabled to run without the need of administrator access, malware could be installed automatically.
- Consider the benefit of additional personal firewalls for your PCs and laptops to block any unauthorised content.
- Ensure system configuration for networks, software and web applications are documented.
- Make sure the configuration management is reviewed and updated regularly.
Once all of these steps are followed and managed properly, this along with the additional areas of the Cyber Essentials Scheme will make your business as safe as possible against cyber threats.
For more information on the Cyber Essentials take a look at some more reading material here.