From Security Weekly WikiJump to navigationJump to search
- Security Think Tank: In-depth protection is a matter of basic hygiene - Defining "The Basics" is one thing, understanding what level of protection it gives you is another:Start with the basics:
- The IT estate is up to date with software and firmware patches.
- All default passwords have been changed.
- IT administrators and technicians have two accounts, one for day-to-day (email, report writing, and so on) and one for working on the IT estate.
- Only IT administrators and technicians have administrator privileges in the live network (users must not be given administrator access, even to their own company-provided PC).
- Good password policies are enforced, together with user access privileges and function (for example, sales should not be able to access HR files and people who only need to read files are restricted to read only).
- Unused accounts are regularly decommissioned or removed from the access control system.
- The IT estate as a whole is regularly backed up and there are easy-to-access policies, standards, procedures and work guides which are maintained and used.
- To Build a Strong Culture, Create Rules That Are Unique to Your Company
- Is Air Gapping Really a Solution?
- Cyber security: How to avoid a disastrous PICNIC
- Why Working Alone Is Smart: 4 Strategies to Find Time for Yourself
- What isn't 'as a Service' in enterprise technology?
- the 3 lists you should be making
- 100 Customers hit by Ransomware Attack MSP
- Enterprises muddled over cloud security responsibilities
- Screw Productivity Hacks: My Morning Routine Is Getting up Late