Virtually every business and service organization has critical systems that serve as the backbone of their operations. Any disruption could have disastrous consequences that could cost a lot to remediate or put lives at risk. While your organization might not be responsible for critical infrastructure that supports whole cities, you still have assets and data that need protection, such as patient records and systems, customer financial records, student records, inventory data, and more.
Hackers have figured out that smaller organizations and small municipalities have not put the money into protecting themselves, or are using older systems that are unsupported, with outdated software for which no updates are available. Whether you’re in a large corporation or a small organization, there are quite a few cyber-hygiene guidelines you can follow to prevent a major incident:
- Prioritize updates by severity and environmental exposure as they become available
- Limit account permissions in accordance to principle of least privilege
- Upgrade to the latest version of your OS
- Remove software that has reached end of life status, and migrate away from obsolete operating systems that are no longer supported
- Leverage multi-factor authentication for software access
- Eliminate “shared user” accounts
- Set password policies for accounts and audit unused accounts regularly
- Ensure that anti-virus software, spam filters, and firewalls are up to date and properly configured
- Track and audit remote desktop login attempts
- Ensure that audit logs are enabled for all remote connections and identifying any unusual activities
- Backup all critical systems and data to an offsite location
Are there any steps that you take to specifically ensure the safety of your critical infrastructure?
Critically unsafe, just as critical infrastructure should be.