Keeping Clear of Bad IT Practices

Most of the time, our recommendations are centered around continuous improvements within our clients’ environments. It’s not often we talk about the bad practices that exist. CISA, the Cybersecurity & Infrastructure Security Agency just started a bad practices list. This one is as simple as it gets with just two items at present time.

  1. Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, as well as to national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies.
  2. Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, as well as to national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies.

For the first item, this means getting rid of all old Windows 7 machines, like you did with the old Windows XP machines years ago (you did replace all of those right?). The same goes for Server 2008 and 2003. In addition, software like old Adobe versions and line of business apps should be up to date. These are part of our preventative checks, but we often hear reasons from clients to delay or keep some of these legacy systems in place. Please don’t do this, we love our clients too much to see a bad practice in place.

For the second item, we handle this as a baseline policy for every client — so nothing to worry about there.

Now of course, this is not an exhaustive list, there are plenty of other bad practices, like using the same password for multiple accounts, clicking on links and attachments without caution, and public Wi-Fi use. If we start with the most egregious issues, according to CISA, we’re not only minimizing risk, we’re also reducing liability — which we’ll talk about in an upcoming article.

 


Connect with CompassMSP

Request A Free Consultation

  • This field is for validation purposes and should be left unchanged.