Earlier this week, in a joint report, the National Security Agency and the Central Security Service teamed up with security agencies around the world to put forth IT security recommendations for businesses. These agencies include The Cybersecurity and Infrastructure Security Agency (CISA) along with the Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC) and others.
With the cyber attacks still consistently affecting organisations in both the public and private sectors, federal security agencies around the world have come together to provide a coherent set of recommendations. These recommendations centre around IT security, they are easily implemented and strongly align with Milnsbridgeโs core Managed IT Services values. We have compiled the list of recommendations here for you. Read on to find out more.
Security Recommendation 1 โ Vulnerability and Configuration Management
This essentially means keeping IT software and applications updated. Outdated and old software is consistently a root cause of many major malicious cyber attacks. For example, the BlueKeep attacks of 2019 exploited a remote access vulnerability in Windows 8 software. Luckily, by this time many people had progressed to Windows 10. However, those users who had been reluctant to upgrade their operating system paid the price. BlueKeep was not the last Windows 8 vulnerability to be exposed and exploited. This sentiment applies to all software, applications and operating systems you use.
Falling victim to cyber attacks through outdated, unpatched software is easily fixable. The cyber report authored by the FBI, ACSC and other agencies recommends the following security practices:
- Update software and applications in a timely manner
- Implement a centralised patch management system. This will ensure that all of your users are up to date. Patch management is a basic, core service offered to Milnsbridge customers in order to give you peace of mind.
- Replace end-of-life software, applications and operating systems. When software such as Windows 10 is given an end of life date, it is imperative you migrate users over to the new software (in this case, Windows 11) by this point. End of life dates mark when software developers will cease to monitor software for bugs, patches or vulnerability. By continuing to use unsupported software, you are running the risk of having vulnerability exploited by hackers.
Security Recommendation 2 โ Identity and Access Management
- Update software and applications in a timely manner
- Implement a centralised patch management system. This will ensure that all of your users are up to date. Patch management is a basic, core service offered to Milnsbridge MSP customers in order to give you peace of mind.
- Replace end-of-life software, applications and operating systems. When software such as Windows 10 is given an end of life date, it is imperative you migrate users over to the new software (in this case, Windows 11) by this point. End of life dates mark when software developers will cease to monitor software for bugs, patches or vulnerability. By continuing to use unsupported software, you are running the risk of having vulnerability exploited by hackers.
Another pervasive issue leading to cyber crime is identity and access management โ or lack thereof. It is now the general consensus that two factor authentication is necessary to protect your accounts. If you havenโt already, it is time to roll out two and multifactor authentication to your organisation. This means, in the case of a data breach, hackers will still not be able to access important devices or accounts. Where MFA is not able to be implemented, users should be practicing strong password practices. This includes a password over ten characters, a combination of upper and lowercase letters, numbers and special characters. See below a chart from N-Able which demonstrates how quickly weak passwords can be cracked in a brute force attack.
Similarly, the National Security Agency/Central Security Service paper encourages businesses to regularly assess and review privileged accounts (such as administrative accounts) in order to avoid complacency.
Security Recommendation 3 โ Positive Controls and Architecture
This one is quite straightforward. Essentially the security agencies recommend that you disable unused network ports, network services and devices.
Other good security practices
Some other, more general security practices include:
- Keep staff informed of best cyber security practices
As human error accounts for a majority of cyber security issues, it is important to keep your users up to date and informed with the best cyber security practices. Cyber security is also dynamic and always changing, therefore regular cyber security awareness training can benefit your team. - Monitor for exposed credentials regularly
Websites such as hveibnpwned.com will alert you if your email is found in a data breach. Staying abreast to this means, if your information is pawned, you can quickly get ahead by resetting passwords and locking accounts.
- Implement data security policies
Implementing data security policies within your organisation sets a level of expectation and behaviour from your team.
If youโd like to know more about Managed Security recommendations or IT Services for small business, give Milnsbridge a call today on 1300 300 293 to chat to one of our friendly engineers.