password, password change, frequency, IT, IT security, security

In this blog post, we echo a joint publication by ENISA, the European Union Agency for Cybersecurity, and the Computer Emergency Response Team for the European Institutions, CERT-EU. Its title is “Boosting your Organization’s Cyber Resilience”.

In this publication you can find a list of best practices that encourage all public and private sector organizations to follow in a committed and systematic way. The objective is to help improve the level of cybersecurity of all the organizations, as well as increase their resistance to possible cyberattacks.

Best practices

1. Ensure remotely accessible services require multi-factor authentication (MFA).
2. Ensure employees do not re-use passwords and encourage them to use Multiple Factor Authentication (MFA) whenever supported by an application.
3. Ensure all software is up to date.

4. Tightly control third-party access to your internal networks and systems.
5. Pay special attention to hardening your cloud environments before moving critical loads to the Cloud.
6. Review your data backup strategy and use the so-called 3-2-1 rule approach.

7. Change all default credentials and disable protocols that do not support multi-factor authentication or use weak authentication.
8. Employ appropriate network segmentation and restrictions to limit access and utilise additional attributes when making access decisions.
9. Conduct regular training to ensure that IT and system administrators have a solid understanding of your organisation’s security policy and associated procedures.

10. Create a resilient email security environment.
11. Organise regular cybersecurity awareness events to train your employees.
12. Protect your web assets from denial-of-service attacks.

13. Block or severely limit internet access for servers or other devices that are seldom rebooted.
14. Make sure you have the procedures to reach out and swiftly communicate with your technology suppliers and local police in case of emergency.

We propose you a self-check

How many of these recommendations does your company apply?
Score a point for each of them that you already follow. Then, check your total score.

Less than 4
Your company is risking a lot. It needs to take cyber security seriously.

From 4 to 7
Your organization is just starting out, but it has not yet aligned its strategies with cyber security. Keep working.

From 7 to 10
Your company is on the right track, with an extra boost it will start to notice the benefits of cyber resilience.

From 10 to 14
Your organization is in the final stretch, persevere and it will achieve excellence.

Encripto also recommends that you read our post Why is Cyber Security Important? – Part 1. In this blog post, we have a look at what cyber security is and why it is important in our lives. Also, we give you a few tips to improve it.