Everyone makes mistakes once in a while. Maybe not all the time, but who hasn’t reused a password or ignored a software update? But any time someone ignores security best practices adds to your risk. The Cybersecurity and Infrastructure Security Agency (CISA) recognizes these risks and has released a Bad Practices page on its website. What does that mean for businesses (or those in the business of protecting digital assets)?
“All organizations, and particularly those supporting designated Critical Infrastructure or National Critical Functions (NCF) should implement an effective cybersecurity program to protect against cyber threats and manage cyber risk in a manner commensurate with the criticality of those NCFs to national security, national economic security, and/or national public health and safety,” the website states.
As of this writing, the CISA named just two bad practices. Meanwhile, CISA is still building the list. What the CISA guidelines are missing, however, are next steps. How can you avoid these bad practices? Here’s some guidance on how to take action.
CISA Advice: Avoid Older Software
First, don’t use unsupported or end-of-life software. This is extra important if your business is in critical infrastructure and NCF.
Threat actors can easily exploit these. After all, they know defenders probably won’t be able to patch any vulnerabilities they find. Running software beyond its use-by date leads to malware and ransomware attacks and puts data and other important assets at risk of compromise or theft. Other tips include:
When possible, use managed service providers who handle software updates and offer software upgrades when software has reached its end-of-life cycle
Work with ven ..
Support the originator by clicking the read the rest link below.
