What is this theme about?
Like many things, IT systems are often designed for ease of use or accessibility, but they are not necessarily secure by default. In order that the different components of your IT infrastructure can be protected,it is important to understand how your systems are set up and how they work together.
There are a number of technical controls that need to be applied to your devices that will help reduce the chances of a cyber attack. Some modern devices may have some controls activated by default, however, it is crucial to check that these secure configurations are in place and monitored, rather than assume they are applied.
The border firewall
At the border between your organisation’s IT systems and the wider internet there needs to be an important security barrier called a firewall. In computing, a firewall is a safety barrier, but unlike the one in a building, a computer firewall is more of a filter than a total block and works both ways to check, then accept or deny data that is moving through a network. Some organisations have a hardware firewall which is like a computer at the network border, others use the firewall which is built into the internet router. There are also firewalls built into the operating system of most laptops and computers which are called personal firewalls or software firewalls.
Not all organisations have their own internal network, instead, many connect their devices directly to the internet in order to access cloud services. In this setup, the software firewall on the devices is the border.
For good cyber security, the border firewall and / or the software firewall needs to be enabled. The firewall incorporated into the internet router can be configured via the router’s configuration webpage and the software firewall can be configured via your computer’s security control panel. It is essential that you use a long and unique password to set up the firewall rules and which would be needed to change any of the settings.
Remove unnecessary software
When devices and operating systems are new or first installed, they often include software that won’t be used, this software should be removed. Having software that is not used and maintained can introduce vulnerabilities to your devices, and by removing this software, you reduce the options for an attacker to gain entry.
Change default passwords
Many devices out of the box are set up with default configurations which includes a default access password. These default passwords can be easy to discover on the internet and are known by attackers. It is important to change the password to something unique, that is hard to guess before the device is used.
Disable autorun
In common operating systems, there is a feature known as ‘auto-run’ or ‘auto-play’; this allows programs, media and storage devices to run automatically when detected. When enabled, the auto-run feature can allow automatic installations of software including unauthorised software such as malware. This feature is often automatically disabled, but you cannot assume that it has been disabled on your device, so do check that it is switched off.
Devices automatically lock when not in use
There needs to be a locking mechanism in place on each device to prevent the access the software and services installed when the device is not being used. It is recommended that the device locks after 10 minutes of inactivity and users should be required to unlock the device using a password, PIN or biometrics.
It is recommended that you take these steps:
-
Enable a firewall at the border of your network
-
Ensure that all software not in use has been removed or disabled on all devices
-
Ensure that all devices only contain necessary user accounts
-
Accounts that are not required or no longer in use should be removed
-
Change default passwords to passwords that are long and unique
-
Disable any features that will allow applications to run automatically
-
All devices that allow user access to organisational data or software must be set to lock after a set period of time