Cyber Hygiene

See the message below from CISA. Like oral hygine, it is daily attention that makes the difference to your teeth and to your cybersecurity.

“Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a Directive, Binding Operational Directive 23-02, that requires federal civilian agencies to remove specific networked management interfaces from the public-facing internet or implement Zero Trust Architecture capabilities that enforce access control to the interface within 14 days of discovery.

“While this Directive only applies to federal civilian executive branch agencies, the threat extends to every sector and we urge all organizations to adopt this guidance.

“Threat actors have too frequently used certain classes of network devices to gain unrestricted access to organizational networks leading to full scale compromises. Inadequate security, misconfigurations, and out of date software make these devices more vulnerable to exploitation. The risk is further compounded if device management interfaces are connected directly to, and accessible from, the public-facing internet.

“Implementing appropriate controls and mitigations outlined in this directive is a necessary step to reducing unnecessary risk to your network enterprise. Organizations should consider using all available capabilities to automatically identify networked management interfaces exposed to the public facing internet. Examples of such capabilities include CISA's Cyber Hygiene Services.”