General Cybersecurity Hygiene Compendium

‘Tis the new year, and with a new year comes a great time to revisit some of the basic blocking and tackling of cybersecurity. Listed in this post you will find sage guidance on some cyber hygiene basics. Tackle a topic a week and you’re sure to keep busy. Oh, and don’t forget to review those policies and procedures (#9 in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities) – these tips and tools could be valuable updates!

Our colleagues at PenTestPartners outline and discuss several troublesome default configurations that can undermine the security and control of your Azure AD environment(s) that you may have missed.

• Azure AD. Attack of the Default Config

SQLi? Make it stop! Talk about back-to-basics; few cyber threats are as basic (or as old) as SQL injection, and yet it’s the vulnerability that keeps-on-keepin’-on. That said, you can’t beat this quote from the article, “December 2020 marked SQL injection’s 22nd birthday (of sorts). Despite this vulnerability being old enough to drink, we’re still letting it get the better of us instead of squashing it for good.”

• SQL injection: The bug that seemingly can’t be squashed

As 2021 continues the remote working trend, it’s good to make sure staff have the resources they need. The Center for Internet Security (CIS) has some videoconferencing guidance that is a must for organizations still supporting remote staff. If you didn’t see these resources before, add them to your toolbox and act on them today.

• Top videoconferencing attacks and security best practices
• CIS Videoconferencing Security Guide
• CIS Benchmarks: Securing Zoom

What is the best chance for cybersecurity awareness success? Make it personal. For addressing the human factor of cybersecurity, perhaps music can play a part.

• Strike a chord: What cybersecurity can learn from music