Cyber Essentials 101 – Secure Configuration Control

08 Jan Cyber Essentials 101 – Secure Configuration Control

Secure Configuration is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Secure Configuration is important?

A new computer, network devices or installed software cannot be considered secure upon default configurations. Standard or factory settings often use administrator account with publicly known default password, come with unnecessary pre-installed applications and pre-enabled user accounts (sometimes with special access privileges). Computers and network devices should be configured in the most secure way to the needs of the organisation.

How to manage Secure Configuration requirement?

• Remove or disable unnecessary user accounts (e.g. guest account or unnecessary admin account)
• Change default administrative password for any user account to alternative, strong password
• Remove or disable unnecessary software (including application, system utilities and network services)
• Disable autorun feature to prevent software programs running automatically without user authorisation
• Enable personal firewall and configure to disable/block unapproved connections by default on desktop PCs and laptops
• Authenticate users before allowing Internet-based access to commercially or personally sensitive data, or data which is critical to the running of the organisation

About the Cyber Essentials Scheme

This is the second of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

Download our non-technical, no-jargon “Quick Guide to Cyber Essentials – Cyber Security starting point for small and medium businesses” to learn more about Cyber Essentials Scheme, its five key controls and how to implement them correctly.

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified company and Cyber Essentials audit body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Get a Free Network Health Check completely free of charge, and with no obligation attached.

Access Control is one of the five key technical controls required in the UK Government-backed Cyber Essentials Scheme.

Why Access Control is important?

This control aims to ensure that only authorised individuals have user accounts and have access and at the appropriate level to reduce the risk of information being stolen or damaged. User accounts with special access privileges such as administrative accounts are often the target of cybercriminals as they have greater access to business sensitive information. When such account is compromised, it can facilitate large-scale corruption of information and disruption to business operations.

How to manage Access Control requirement?

• Have a provisioning and approval process for user account creation
• Special access privileges should be restricted to a limited number of individuals, be documented (e.g. individual details and purpose) and reviewed on a regular basis
• Admin accounts should be configured to require a password change on a regular basis
• Implement two-factor authentication, where available
• Every user should use a unique and strong password to access to applications, computers and network system
• Use administrative accounts to perform administrative activities only (no emailing, web browsing or other standard user activities that may expose administrative privileges to avoidable risks)
• Remove or disable user accounts and special access privileges when no longer required (e.g. when an individual changes role or leaves the organisation) or after a pre-defined period of inactivity (e.g. 3 months)

About the Cyber Essentials Scheme

This is part of a series of blog posts dedicated to the five key controls of the Cyber Essentials Scheme.

Cyber Essentials is a government-backed, industry supported scheme to help organisations implement measures to help protect themselves against common cyber-attacks. The scheme focuses on the five most important technical security controls that, when implemented correctly, can reduce significantly an organisation’s vulnerability.

How Urban Network can help

It is now becoming more important than ever to ensure your business is protected and certified against the cyber risks. As a Gold IASME certified body, Urban Network is fully qualified to help your business achieve security compliance with the Cyber Essentials Scheme. Get in touch with our cybersecurity experts today to learn how you can improve your business security, assess current IT infrastructure and prepare a successful accreditation process.

For a better preparation of your application, get exclusive FREE access to the Cyber Essentials Questionnaire Portal here

Contact us and speak with a CyberSecurity expert who will answer any questions you might have.

Get a Free Network Health Check completely free of charge, and with no obligation attached.