Red Mosquito - Blog
Cyber Essentials and Secure Configuration
Cyber Essentials Certification requires 5 key cyber security controls to be in place. This series of articles focuses on each control individually. Today we are looking at: Secure Configuration
You can find an introduction to Cyber Essentials here.
What is secure configuration?
Secure configuration is reached by choosing the most secure settings for your devices and software and managing that process to ensure these controls remain in place. Without effective configuration management procedures, your systems are at exposed to additional risks including:
- Users gaining access to restricted data
- Accidental or malicious changes to or uses of data
- Users making changes to systems – leaving them at risk by removing protections
How to securely configure your system?
There are several keys factors which must be addressed for secure configuration, which include:
- Check settings – of all new devices and software. Default configurations of new devices are often open, with ‘everything on’. Robust policies controlling software installation, configuration and ongoing management should be in place.
- Systems should be configured to prevent the installation of unauthorised software.
- Password control – Devices often come with default passwords enabled or no password enabled. These should be changed before the devices are distributed in your organisations. You should have a company password policy in place with 2 factor authentication activated where possible.
- Auto run features – should not be enabled unless necessary
- Windows – many unnecessary services will run unless disabled and will expose your systems to risk. Such unnecessary functionality must be identified and disabled.
- Vulnerability scans – regular scans can help you manage vulnerabilities
- Ensure you are using supported software and have robust patch management policies
Secure configuration as a managed service?
With the wide array of IT products used by modern businesses, however, secure configuration can seem challenging to achieve. Complex network infrastructures, servers, hardware, operating systems, software, applications etc all need to be configured securely. This must be achieved, in a way that allows them to interact effectively without negatively impacting functionality.
How can RedMosquito help?
Secure configuration should be only one factor of your organisations security strategy. A layered approach to IT security is essential as no one element of IT security can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board.
The next step? Contact us today for more information on Secure Configuration and our cost effective Cyber Essentials service.
RedMosquito Ltd. provides IT support and managed services across Glasgow, Edinburgh and throughout Scotland.
How will AI impact cyber security threats in 2025
As we approach 2025, the integration of AI in cyber security is set to revolutionise threat detection and response, but it also opens new avenues for sophisticated cyber attacks.
Understanding the Microsoft Outages: What You Need to Know
Explore the recent Microsoft outages, their impact on services, and what steps you can take to mitigate such disruptions.
Crafting a Robust Disaster Recovery Plan for SMEs
Discover how to shield your SME from catastrophic data losses with a comprehensive disaster recovery plan.
AI Revolution: Transforming UK Businesses with Microsoft Copilot
Explore the transformative power of Microsoft Copilot in revolutionising UK businesses and driving growth and efficiency.