ENISA, the EU Agency for Cybersecurity, and CERT-EU, the CERT of all the EU institutions, have recently issued a list of cybersecurity best practices, and are strongly encouraging all public and private sector companies in the EU to adopt them in order to safeguard themselves from the continuous threat level.
"ENISA and CERT-EU remain confident that, by applying this set of recommendations in a consistent, systematic manner, organisations in the EU will be able to substantially improve their cybersecurity posture and enhance their overall attack resilience."
The best practices are meant to complement the guidance issued by local authorities and not replace them.
- Ensure remotely accessible services require multi-factor authentication (MFA).
- Ensure users do not re-use passwords, encourage users to use Multiple Factor Authentication (MFA) whenever supported by an application (on social media for instance).
- Ensure all software is up-to-date.
- Tightly control third party access to your internal networks and systems.
- Pay special attention to hardening your cloud environments.
- Review your data backup strategy.
- Change all default credentials.
- Employ appropriate network segmentation.
- Conduct regular training.
- Create a resilient email security environment.
- Organise regular cyber awareness events.
- Protect your web assets from denial-of-service attacks.
- Block or severely limit internet access for servers.
- Make sure you have the procedures to reach out and swiftly communicate with your CSIRT.