Earlier this week, in a joint report, the National Security Agency and the Central Security Service teamed up with security agencies around the world to put forth IT security recommendations for businesses. These agencies include The Cybersecurity and Infrastructure Security Agency (CISA) along with the Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC) and others.
With the cyber attacks still consistently affecting organisations in both the public and private sectors, federal security agencies around the world have come together to provide a coherent set of recommendations. These recommendations centre around IT security, they are easily implemented and strongly align with Milnsbridge’s core Managed IT Services values. We have compiled the list of recommendations here for you. Read on to find out more.
This essentially means keeping IT software and applications updated. Outdated and old software is consistently a root cause of many major malicious cyber attacks. For example, the BlueKeep attacks of 2019 exploited a remote access vulnerability in Windows 8 software. Luckily, by this time many people had progressed to Windows 10. However, those users who had been reluctant to upgrade their operating system paid the price. BlueKeep was not the last Windows 8 vulnerability to be exposed and exploited. This sentiment applies to all software, applications and operating systems you use.
Falling victim to cyber attacks through outdated, unpatched software is easily fixable. The cyber report authored by the FBI, ACSC and other agencies recommends the following security practices:
Another pervasive issue leading to cyber crime is identity and access management – or lack thereof. It is now the general consensus that two factor authentication is necessary to protect your accounts. If you haven’t already, it is time to roll out two and multifactor authentication to your organisation. This means, in the case of a data breach, hackers will still not be able to access important devices or accounts. Where MFA is not able to be implemented, users should be practicing strong password practices. This includes a password over ten characters, a combination of upper and lowercase letters, numbers and special characters. See below a chart from N-Able which demonstrates how quickly weak passwords can be cracked in a brute force attack.
Similarly, the National Security Agency/Central Security Service paper encourages businesses to regularly assess and review privileged accounts (such as administrative accounts) in order to avoid complacency.
Security Recommendation 3 – Positive Controls and Architecture
This one is quite straightforward. Essentially the security agencies recommend that you disable unused network ports, network services and devices.
Some other, more general security practices include:
If you’d like to know more about Managed Security recommendations or IT Services for small business, give Milnsbridge a call today on 1300 300 293 to chat to one of our friendly engineers.
Key Takeaways: Implementing strategic IT upgrades can significantly enhance business operations without requiring substantial investment.…
Key Takeaways: Cloud computing offers unparalleled efficiency, allowing businesses to optimise resources. It provides scalability,…
In the ever-evolving landscape of remote work, 2024 has seen remarkable advancements in technology tools…
Data Privacy Day serves as a crucial reminder of the importance of protecting personal and…
In the evolving landscape of Australian business technology, cloud platforms have emerged as a vital…
In the ever-evolving world of technology, 2024 marks a significant year for Managed IT Services.…