Cyber Essentials – Secure Configuration

The second of the 5 controls is Secure configuration, which involves making device and software settings as secure as possible. This process requires a very proactive approach to your IT management.

 

The default security settings ARE NOT the most secure

It is often the case that programmes and hardware in their default settings are fairly insecure due to the ‘factory settings’ mostly being designed to be as unrestrictive as possible to enable fluidity for the customer and to allow users to configure settings to their own parameters from a blank canvas. To become Cyber Essentials certified you will have to reconfigure settings to ensure you enforce higher standards of security.

We will now take a look at some problems resulting from a poorly configured system.

 

The risks posed by a poorly configured system

As difficult as it is in the modern workplace to make time for anything other than your normal work functions, it is essential that, as services fall in and out of use, and as new hardware is acquired or repurposed, you stay proactive in your approach to ensuring that devices and systems are always kept as safe and protected as possible. Hackers and cybercriminals thrive off poorly configured systems so businesses need to be vigilant.

Some of the risks include:

  • As we just touched on, cybercriminals thrive off systems which are not properly defended. An attacker will be met with minimal resistance when coming across a poorly configured system and can cause untold amounts of damage to your IT by:
    • Pre – configuring a route for future attacks
    • Taking advantage of unnecessary functionality
    • Gaining access to extremely sensitive data (payment information, biometric data or intellectual property)

These are just a few of the different problems that can be caused by not putting up a good resistance.

  • Vulnerable Software. Cybercriminals are constantly on the lookout for vulnerabilities in software. To seal-up these security weak points it’s important to install ‘patches’ and updates regularly. Failing to do so leaves security loopholes open for longer, which hackers will be keen to take advantage of.
  • Individuals within or without your company can make unauthorised changes if you have a poor standard of access management in place. Such changes could inadvertently present opportunities for hackers when leaving your system compromised. The potential ramifications of this is that sensitive data is corrupted, stolen or misplaced, leading to problems legally, financially and reputationally. It is essential your permissions are carefully managed.

Next up in the blog are some ways to make life tough for Cybercriminals.

 

Ways to configure your system securely

  • Carry out vulnerability scans. Review your network’s resilience by regularly performing vulnerability scans to flag-up potential security concerns. Rectify any issue highlighted by these scans promptly.
  • Establish a software update policy. Draw up policies relating to the installation of important, security-critical software updates. Create clear guidelines for how quickly updates should be installed to ensure that they are fixed quickly.
  • Only use supported software. Unsupported software is no longer being updated and patched by the vendor. While unsupported software may continue to work, there is no longer a team dedicated to creating and launching updates to patch security faults leaving security loopholes for hackers to exploit.
  • Establish secure configuration guidelines. Specify the basic security standards that all software must be configured to. There may be necessary diversions from these guidelines so be sure to take note of them.

Being certain that your IT infrastructure’s security is at its maximum is not easy by any stretch of the imagination. You will need to take a methodical approach and ensure every app, service and hardware component is at the peak of its security capabilities.

It is time to reach out to us and let us help you ensure all your systems are secure and to a Cyber Essential standard.

 

We’re Netcom, we can protect your business

Do you want your business to prove it takes the right steps to protect the information held on behalf of your customers, and Cyber Essentials certification is a recognised step toward that. We at Netcom provide you with your Cyber Essentials certification upon passing and can guide you to ensure the pass as quickly as possible. Contact us now for more information.

For guidance on IT strategy, cybersecurity and digital transformation why not book a free, no-obligation discovery call today by calling 0114 361 0062.