5 Common Mistakes When Preparing for Cyber Security Essentials
This Photo is licensed under CC BY

5 Common Mistakes When Preparing for Cyber Security Essentials

INTEGY INTEGY

INTEGY

Microsoft Solutions Partner. A trusted technology provider, helping businesses successfully adopt technology!

发布日期: 2022年12月20日
+ 关注

Over recent years, the National Cyber Security Centre, Cyber Essentials and Essential Plus certifications have continued to drive the standard for protecting organisations, whatever its size, against a range of the most common cyber attacks.

At Integy we have both certifications and have helped other organisations in their journey to become accredited, here are some of the most common mistakes made in preparing for your assessment.

Multi-Factor Authentication

No alt text provided for this image
Conditional Access can significantly harden your account security

There can be some hesitancy in adopting modern account security, at time its can be seen as a hinderance or viewed as too difficult for some user types. Leaving groups or individuals outside of the policy will hinder your application.

Modern account protections. such as moving from legacy password structures of 8 characters/numbers with a capital, to longer 3 random word passwords without an expiry can feel alien to those who have not yet adopted the system.

Conditional access (the ability to login based on a set of rules/checks) and multi factor authentication can fall into this bracket, the challenge (more often than not) is communication, understanding and a measure rollout campaign.

Azure Active Directory can assist with an enrollment campaign, in addition to using conditional access itself to aid enrollment, with additional features to assist in measuring the impact.

No alt text provided for this image
This Photo is licensed under CC BY-SA

Stay Up to Date

Prevention is better than the cure

Keeping software, firmware and operating systems up to date is an ongoing maintenance challenge. Sometimes the hesitancy can be the fear of the unknown, or historical, negative experiences of a patch gone wrong.

Cyber Security Essentials requires a relatively short deployment window of 14 days or less.

For Windows 10 & 11 pcs, effective test rings is paramount to reducing risk and building assurance ahead of the wider rollout. Microsoft have greatly increased the reliability of patches in recent years, a level of forward planning for feature upgrades is required to avoid falling into the trap of an unsupported Windows version.

Firmware presents its own set of challenges, depending on your licensing, Defender for Endpoint can provide reporting on your current exposure.

Applications are treated in the same manner, auto updates should be enabled if licensing/the product allows or proactively remediated where required. Using a mixture of the modern app store and app packaging the window can be narrowed compliance maintained.

Do not forget to remove unused software!

No alt text provided for this image
This Photo is licensed under CC BY-SA-NC

Secure Personal Devices

As modern practices embrace zero trust and securing the identity, the view that staff personal devices are out of scope can no longer be taken.

These questions can be the beginning of a data security journey. Protecting data transmission with data loss prevention, access and usage with Defender for Cloud apps and app protection and the wider Microsoft Purview suite.

Intune and Azure Active Directory can deliver both the protection and the reporting required for your assessment.

No alt text provided for this image
Guests, are not welcome here

Guest Accounts

The Windows operating system has long included a default guest account which has long been the target of cyber criminals.

Removing or renaming the guest account is easily missed or forgotten, which can be easily rectified using Intune

No alt text provided for this image
This Photo is licensed under CC BY-NC-ND

Governance & Policy

Utility & Warranty, what are you doing? does it meet its purpose? how do you know its working? Is it meeting the correct standard?

Not all of Cyber Security Essentials is purely technical, demonstrating best practice and maintaining standards are viewed as key criteria.

  • Do you have a process for administrator access?
  • How do you track administrator account usage?
  • Do you formally track which users have higher privileges?

The Microsoft Suite can provide an audit trail, but there is an onus on having a process and policy to enforce, advise and provide a level of assurance

Ask Integy!

We work with large enterprise and small/medium sized business across the UK in modernising both their IT estate. Whilst not an assessor, we pride ourselves in our collaborative approach working hand in hand with existing IT teams to deliver a range of transformation.

If you are looking to adhere to Cyber Security Essentials and Essentials plus and you would like assistance please contact us at [email protected]

#CyberSecurityEssentials #byod

Written by Cameron Stephens

要查看或添加评论,请登录

INTEGY的更多文章

社区洞察

其他会员也浏览了