720-891-1663

Alerts, Best Practices, Hacks

A Question for Every Business Exec

Leave a comment

CISA issued guidance this week to reduce cyber risk. The guidance is very simple:

DOES THIS HAVE TO BE OPEN TO THE INTERNET?

Of course, you have to know where all of your assets are. This includes by IT and OT (Internet of Things and Industrial Internet of Things) devices.

Here are CISA’s yardsticks to determine the questions to ask:

  • Necessity: Is the exposed system or service essential for operations?
  • Business justification: What operational need requires this exposure?
  • Security measures: Can you restrict access via VPNs or better secure it with multifactor authentication?
  • Maintenance: Is the system or service up to date with the latest security patches?

CISA says (and I have been saying this for a long time) that if a device does not need to be exposed to the public Internet, either shut it down or restrict access from the Internet. Adding a password to the device is not sufficient.

CISA also suggested the normal stuff:

  • Changing default passwords
  • Make sure you have a strong patch management process
  • Use MFA whenever possible

Of course, training of your employees is also very important.

This is just the basics. There is more, of course.

If you need assistance in restricting access to a system from the Internet, please contact us. Credit: CSO Online

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2025 CyberCecurity, All rights reserved. Privacy Policy