Blog 2: Secure Configuration for SME Cybersecurity

In our series on essential cybersecurity controls for small organizations, let's delve into the second key control: Secure Configuration. This control focuses on how you set up your computers and devices to protect sensitive information. Here are some factors to consider:

1. User Device Locking: Ensure that laptops, workstations, and mobile phones are set to automatically lock when not in use, requiring a password or PIN for access.
2. Remove Unnecessary Accounts: Eliminate default or obsolete user accounts, reducing the potential targets for cyber attackers.
3. Get Rid of Unnecessary Software: Simplify your device's software by removing any non-essential applications. This minimizes the chances of missing critical software updates or exposing vulnerabilities.
4. Disable Autorun: Turn off autorun to receive warnings before executing content from external devices like USB keys.
5. Throttle Access Attempts: Implement measures to slow down attackers attempting to guess passwords, such as temporarily locking an account after a set number of failed attempts.

By adhering to secure configuration practices, small businesses can reduce their vulnerability to cyber threats and maintain data integrity.