NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations>
– SecureTech
1.) Unpatched software and operating systems: Make sure to regularly update any computers and other devices at your business.
This will keep them secure and up-to-date with the latest security features.
2.) Weak passwords: Create passwords with a combination of numbers, letters, and other symbols.
Make passwords at least eight characters long.
3.) Open ports: Close any open ports on the network that are not needed for business operations or to support vendors.
4.)Insecure authentication methods: Use two-factor authentication or other authentication methods for all users that access the network.
5.) Insecure APIs: Only use secure APIs for your web applications and make sure to monitor them regularly.
6.) Access control: Implement an access control system at your business to restrict access to critical systems or data.
7.) Data encryption: Use encryption at rest and in transit to protect sensitive data from unauthorized access.
8.) Lack of user training: Ensure that all users are adequately trained on security policies and best practices to avoid common mistakes.
9.) Poor back-up procedures: Develop regular back-up procedures for all systems.
A good practice is to back up data at least twice a week with an off-site provider.
10.) Unsecured Wi-Fi networks: Make sure to take the proper security measures for any wireless network setup for your business.
Consider segmenting the network to various levels of access, using encryption, and utilizing a separate guest network.
Link: https://spinsafe.com/nsa-and-cisa-red-and-blue-teams-share-top-ten-cybersecurity-misconfigurations/