A common theme in the results of our cybersecurity assessments is: There are several things you can do with minimal effort that will greatly increase your cybersecurity posture. Below are listed the common areas that can gain great benefits.
- Increase passwords to at least 15 characters. Encourage the use of a password manager and/or passphrases (random, unrelated words with numbers, special characters). Passphrases are easier to type and remember and will allow you to increase the time required for passwords to change.
- Remedy any compromised ports you are alerted to as soon as possible.
- Understand your relationship with your third-party providers (IT, student data, etc.).
- What are their data handling processes?
- Do you have documentation on their backup schedules, policies, etc.?
- Your organization is still responsible for the service and data.
- Do you have multi-factor authentication (MFA) on all applications? Review what you use daily and ensure MFA is turned on for all.
- Implement remote wipe on mobile devices.
- Local administrator accounts should be renamed and default passwords changed. This includes research/test equipment.
- What are the policies and procedures for onsite third-party vendors (cameras, doors, HVAC, etc.)?
- Do they have physical and remote access, and what policies and procedures are in place?
- Are backups TESTED? Are the results documented? If you have a third-party backup, do you receive the backup reports?
- Check privacy settings on all applications.
- Document all policies, procedures, playbooks, etc. Set aside 30 minutes a week to start the documentation process, and delegate pieces to owners of the process. Meet monthly to review and revise.
If you are interested in a MOREnet cybersecurity and/or network assessment, please contact security@more.net.