This is CERT NZ’s second annual list of ten critical controls for organisations. These controls would prevent, or better contain, the majority of attacks we’ve seen in the past year.
You can authenticate with something you know, something you have, or something you are. Multi-factor authentication (MFA) improves security by requiring two or more of these methods.
Keeping your software up-to-date is one of the most simple and effective steps to take, to ensure your environment stays secure.
Unused or older services and protocols often have their own vulnerabilities. Proactively scan your network for any that are not used or vulnerable, and disable them.
Change the passwords on any systems that come with default credentials before you use the systems in your environment.
After an incident, restoring your data from backups is often the best way to return to business as usual. Performing and testing backups often will help prevent the loss of data in the event of an incident.
Application whitelisting is a method of strictly controlling what programs can be run in your environment.
The principle of least privilege means only having the access you need to do your job.
Storing and securing your logs in a central place makes log analysis and alerting easier.