Red Mosquito - Blog

Cyber Essentials and Secure Configuration

04 Aug 2019
Cyber Essentials and Secure Configuration

 

Cyber Essentials Certification requires 5 key cyber security controls to be in place.  This series of articles focuses on each control individually.  Today we are looking at: Secure Configuration 

You can find an introduction to Cyber Essentials here.

What is secure configuration? 

Secure configuration is reached by choosing the most secure settings for your devices and software and managing that process to ensure these controls remain in place.  Without effective configuration management procedures, your systems are at exposed to additional risks including: 

  • Users gaining access to restricted data 
  • Accidental or malicious changes to or uses of data 
  • Users making changes to systems – leaving them at risk by removing protections 

How to securely configure your system? 

There are several keys factors which must be addressed for secure configuration, which include: 

  • Check settings – of all new devices and software. Default configurations of new devices are often open, with ‘everything on’.  Robust policies controlling software installation, configuration and ongoing management should be in place.  
  • Systems should be configured to prevent the installation of unauthorised software. 
  • Password control –  Devices often come with default passwords enabled or no password enabled.  These should be changed before the devices are distributed in your organisations.  You should have a company password policy in place with 2 factor authentication activated where possible.  
  • Auto run features – should not be enabled unless necessary 
  • Windows – many unnecessary services will run unless disabled and will expose your systems to risk.  Such unnecessary functionality must be identified and disabled.
  • Vulnerability scans – regular scans can help you manage vulnerabilities  
  • Ensure you are using supported software and have robust patch management policies 

Secure configuration as a managed service? 

With the wide array of IT products used by modern businesses, however, secure configuration can seem challenging to achieve.  Complex network infrastructures, servers, hardware, operating systems, software, applications etc all need to be configured securely.  This must be achieved,  in a way that allows them to interact effectively without negatively impacting functionality. 

How can RedMosquito help?

Secure configuration should be only one factor of your organisations security strategy. Alayered approach to IT security is essential as no one element of IT security can protect your system from all the threats it faces. You need a set of different but complementary tools working together to protect your system from harm. Let our consultants take your IT from zero to hero by bullet-proofing your systems across the board. 

 The next step?  Contact us today  for more information on Secure Configuration and our cost effective Cyber Essentials service. 

 RedMosquito Ltd. provides IT support and managed services across Glasgow, Edinburgh and throughout Scotland. 

 

 

 

 

 

 

Recent articles

Understanding the Microsoft Outages: What You Need to Know

Understanding the Microsoft Outages: What You Need to Know

Explore the recent Microsoft outages, their impact on services, and what steps you can take to mitigate such disruptions.

19 Jul 2024
Crafting a Robust Disaster Recovery Plan for SMEs

Crafting a Robust Disaster Recovery Plan for SMEs

Discover how to shield your SME from catastrophic data losses with a comprehensive disaster recovery plan.

18 Jul 2024
AI Revolution: Transforming UK Businesses with Microsoft Copilot

AI Revolution: Transforming UK Businesses with Microsoft Copilot

Explore the transformative power of Microsoft Copilot in revolutionising UK businesses and driving growth and efficiency.

04 Jun 2024
Best Practices for Effective Cyber Security Assessments

Best Practices for Effective Cyber Security Assessments

Explore the essential best practices for conducting effective cyber security assessments to protect your organisation from potential threats and vulnerabilities.

08 May 2024