Cyber Essentials Certification requires 5 key cyber security controls to be in place. This series of articles focuses on each control individually. Today we are looking at: Secure Configuration
You can find an introduction to Cyber Essentials here.
What is secure configuration?
Secure configuration is reached by choosing the most secure settings for your devices and software and managing that process to ensure these controls remain in place. Without effective configuration management procedures, your systems are at exposed to additional risks including:
- Users gaining access to restricted data
- Accidental or malicious changes to or uses of data
- Users making changes to systems – leaving them at risk by removing protections
How to securely configure your system?
There are several keys factors which must be addressed for secure configuration, which include:
- Check settings – of all new devices and software. Default configurations of new devices are often open, with ‘everything on’. Robust policies controlling software installation, configuration and ongoing management should be in place.
- Systems should be configured to prevent the installation of unauthorised software.
- Password control – Devices often come with default passwords enabled or no password enabled. These should be changed before the devices are distributed in your organisations. You should have a company password policy in place with 2 factor authentication activated where possible.
- Auto run features – should not be enabled unless necessary
- Windows – many unnecessary services will run unless disabled and will expose your systems to risk. Such unnecessary functionality must be identified and disabled.
- Vulnerability scans – regular scans can help you manage vulnerabilities
- Ensure you are using supported software and have robust patch management policies
Secure configuration as a managed service?
With the wide array of IT products used by modern businesses, however, secure configuration can seem challenging to achieve. Complex network infrastructures, servers, hardware, operating systems, software, applications etc all need to be configured securely. This must be achieved, in a way that allows them to interact effectively without negatively impacting functionality.
How can RedMosquito help?
Secure configuration should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element of IT security can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.
The next step? Contact us today for more information on Secure Configuration and our cost effective Cyber Essentials service.
RedMosquito Ltd. provides IT support and managed services across Glasgow, Edinburgh and throughout Scotland.