Blog

category filters go here

Cyber Essentials and Secure Configuration

 

Cyber Essentials Certification requires 5 key cyber security controls to be in place.  This series of articles focuses on each control individually.  Today we are looking at: Secure Configuration 

You can find an introduction to Cyber Essentials here.

What is secure configuration? 

Secure configuration is reached by choosing the most secure settings for your devices and software and managing that process to ensure these controls remain in place.  Without effective configuration management procedures, your systems are at exposed to additional risks including: 

  • Users gaining access to restricted data 
  • Accidental or malicious changes to or uses of data 
  • Users making changes to systems – leaving them at risk by removing protections 

How to securely configure your system? 

There are several keys factors which must be addressed for secure configuration, which include: 

  • Check settings – of all new devices and software. Default configurations of new devices are often open, with ‘everything on’.  Robust policies controlling software installation, configuration and ongoing management should be in place.  
  • Systems should be configured to prevent the installation of unauthorised software. 
  • Password control –  Devices often come with default passwords enabled or no password enabled.  These should be changed before the devices are distributed in your organisations.  You should have a company password policy in place with 2 factor authentication activated where possible.  
  • Auto run features – should not be enabled unless necessary 
  • Windows – many unnecessary services will run unless disabled and will expose your systems to risk.  Such unnecessary functionality must be identified and disabled.
  • Vulnerability scans – regular scans can help you manage vulnerabilities  
  • Ensure you are using supported software and have robust patch management policies 

Secure configuration as a managed service? 

With the wide array of IT products used by modern businesses, however, secure configuration can seem challenging to achieve.  Complex network infrastructures, servers, hardware, operating systems, software, applications etc all need to be configured securely.  This must be achieved,  in a way that allows them to interact effectively without negatively impacting functionality. 

How can RedMosquito help?

Secure configuration should be only one factor of your organisations security strategy. Alayered approach to IT security is essential as no one element of IT security can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board. 

 The next step?  Contact us today  for more information on Secure Configuration and our cost effective Cyber Essentials service. 

 RedMosquito Ltd. provides IT support and managed services across Glasgow, Edinburgh and throughout Scotland. 

 

 

 

 

 

 

microsoft logo windows 2008

Office 2013 connectivity to Office 365 services

Several core Microsoft services will reach their ‘end of life’ stage during 2020.  The end of support for Windows 7 and Server 2008 in January will impact a huge number of users.    However, there are other significant changes scheduled for later in the year. From 13th October 2020,  Microsoft will only support Office 365 […]

How to recognise a phishing email….

Over the last few years, cyber-attacks have become increasingly complex, yet a huge amount of attacks still originate from malicious emails.  ‘Phishing’ is the term used to describe fraudulent attempts to gather sensitive information such as usernames, passwords etc, via email.   While there are excellent tools available to protect your network against spam and malicious […]

We are recruiting!

We are recruiting for a talented IT Support Engineer to join our team. Based in our Network Operations Centre in Glasgow, our Service Desk Team delivers high quality technical IT Support to our SME customers located in Glasgow, Edinburgh and throughout Scotland.   As part of this team, you will assist our IT Support customers with […]