Cyberangels Help Center

Cybersecurity Guidelines

Learn about the responsibilities related to the management and protection of information systems

Create an inventory of the company's IT systems, devices, software, services and applications

Create an inventory of critical data managed in the company

Identify assets and their dependencies

Identifying vulnerabilities and threats

Check the configurations of your systems and devices

Updates all installed software to the latest version

Make sure you have the necessary licences for the installed software

Keeping the operating system up-to-date

Create a backup of your data on a separate, protected environment: encrypt your data

Installing secure antivirus software

Activate a Firewall to protect your networks

What is the WPA protocol

Check that the WPA2 protocol is set by your provider

What is CMS and why is it important to keep it up-to-date

How to update a CMS

Take a password training course

Follow the security awareness videos

Disable Auto-play for removable devices

Install and keep up-to-date an anti-malware solution

Opt for a VPN provider deemed reliable and choose the right VPN protocol for your organisation

Activate the start-up logs of your systems

Set DNS servers recognised as secure in the network parameters

Create an Incident Response Team

Make sure you get SSL certificates for your domains

Set up Cron-Jobs to update your software

Define privacy by design practices

Adopt a centralised supplier management procedure

Applies AES-256bit encryption to data

Make your network architecture resilient to DDOS attacks

Hide the administration panel of your CMS to avoid improper access

Use a generic login error message that does not leak personal information

Block unauthorised access to the API of your CMS

Back up your data following the 3-2-1 backup rule

Segment your network according to the devices you own and use secure passwords

Document vulnerability management policies

Run simulations asking the question "What if...?" using recent cyber attacks as a model

Use automated analysis tools within your infrastructure

Test both the hardware and software you will use in the event of a computer incident

Use a solution to centralise access to the corporate network

Choose an asset discovery solution that works at the network broadcast level

Change registry keys to prevent the use of USB storage devices

Classify the resources to be managed according to their privacy requirements

Ensure that access control lists are monitored and updated regularly

Track the flows you receive from third-party providers

Create a standard procedure to follow when discharging a third party supplier

Adopt log retention solutions

Add the DMARC configuration to the DNS records of your domain

Check that your antivirus has an anti-exploit function and activate it

Implement physical access controls such as cameras, badges and alarms

Enable automatic scanning of removable devices in your antivirus solution

Define data management policies

Create company policies

Use an intrusion detection solution

Monitor network traffic

Use a new threat monitoring solution

Use an intrusion prevention solution

Use a data loss prevention solution

Remove administrative network paths from robots.txt

Configure automatic lock-out of work sessions

Perform recurring penetration tests

Carry out corrective actions on misconfigurations found

Set up a cron-job for backups

Activate whitelisting of authorised software in your antivirus solution

Define who can access what information meticulously

Conduct a careful evaluation before acquiring new service providers

Use an anti-malware agent for your corporate mailboxes

Make sure that anyone trying to connect to your organisation's system is verified before logging in

Use a SIEM solution that includes log forwarding

Delete default accounts

Document third-party supplier management policies

Report any cases of phishing

Check for unauthorised personnel, connections, devices or software

Delete accounts no longer in use

Updates the list of users with privileged access

Password: best practices

Documenting the product code

Turn off all those services and processes that have no use for your business

Employs safe design principles that include the concept of minimum privilege

Make periodic revisions to the logbook

In case of IT incident, analyze what went wrong

Implements port-based access control

Enable your VPN provider's application level filtering

Activates an internal network packet analysis solution

Update the web server

Do not use "admin" as the username

Remove accesses of no longer active users

Whenever possible, use less complex data formats such as JSON and avoid XML format

Use a development library that implements anti-CSRF tokens

Record access and changes to your database

Create Incident Response Policies

Create corporate information systems management policies

Set common attachment filters for your corporate email domain

Eliminate invasive browser and email client extensions

Enter the BIOS settings of your corporate devices and activate the password

Use a code review solution

Perform recurring application penetration tests