Blog

category filters go here

Cyber Essentials and Secure Configuration

 

Cyber Essentials Certification requires 5 key cyber security controls to be in place.  This series of articles focuses on each control individually.  Today we are looking at: Secure Configuration 

You can find an introduction to Cyber Essentials here.

What is secure configuration? 

Secure configuration is reached by choosing the most secure settings for your devices and software and managing that process to ensure these controls remain in place.  Without effective configuration management procedures, your systems are at exposed to additional risks including: 

  • Users gaining access to restricted data 
  • Accidental or malicious changes to or uses of data 
  • Users making changes to systems – leaving them at risk by removing protections 

How to securely configure your system? 

There are several keys factors which must be addressed for secure configuration, which include: 

  • Check settings – of all new devices and software. Default configurations of new devices are often open, with ‘everything on’.  Robust policies controlling software installation, configuration and ongoing management should be in place.  
  • Systems should be configured to prevent the installation of unauthorised software. 
  • Password control –  Devices often come with default passwords enabled or no password enabled.  These should be changed before the devices are distributed in your organisations.  You should have a company password policy in place with 2 factor authentication activated where possible.  
  • Auto run features – should not be enabled unless necessary 
  • Windows – many unnecessary services will run unless disabled and will expose your systems to risk.  Such unnecessary functionality must be identified and disabled.
  • Vulnerability scans – regular scans can help you manage vulnerabilities  
  • Ensure you are using supported software and have robust patch management policies 

Secure configuration as a managed service? 

With the wide array of IT products used by modern businesses, however, secure configuration can seem challenging to achieve.  Complex network infrastructures, servers, hardware, operating systems, software, applications etc all need to be configured securely.  This must be achieved,  in a way that allows them to interact effectively without negatively impacting functionality. 

How can RedMosquito help?

Secure configuration should be only one factor of your organisations security strategy. Alayered approach to IT security is essential as no one element of IT security can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board. 

 The next step?  Contact us today  for more information on Secure Configuration and our cost effective Cyber Essentials service. 

 RedMosquito Ltd. provides IT support and managed services across Glasgow, Edinburgh and throughout Scotland. 

 

 

 

 

 

 

typewriter

Is outdated technology costing your business money?

Is outdated technology costing your business money?  Unlike fine wine technology does not age well.  The rapid pace of change and short life cycle of some technology can lead many businesses to become overwhelmed with the prospect of change.    Older legacy systems may appear to still function well on the surface but unseen risks will develop below.  It may be tempting to turn a blind eye […]

What is two factor authentication?

For many years now, users have gained access to secure computing services by entering a user name and password.  This common everyday action for all of us, is called single factor authentication. While this approach has worked for a long time, it has now fallen prey to cyber criminals.  The surge in phishing attacks alongside […]

Cyber Essentials and Secure Configuration

  Cyber Essentials Certification requires 5 key cyber security controls to be in place.  This series of articles focuses on each control individually.  Today we are looking at: Secure Configuration  You can find an introduction to Cyber Essentials here. What is secure configuration?  Secure configuration is reached by choosing the most secure settings for your devices and software and managing […]