While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize clients’ risk of suffering a cyber attack, adhere to the following protocol:
1. Programs clean-up – Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and “locked down,” it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.
2. Use of service packs – Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.
3. Patches and patch management – Planning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on the client’s computer.
4. Group policies – Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly.
5. Security templates – Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.
6. Configuration baselines – Baselining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your standard for maintaining security and meeting your clients’ needs.