What are the NZ Government recommendations for SME Business cyber-security?
How does your business match up?
CertNZ has been rolled into the new National Cyber Security Centre.
They’ve released the 10 Critical Controls and a Cyber-Security Framework?
What do they mean and how does your business cyber-security compare?
Watch Kinetics CTO Bill Lunam as he unpacks the details, and how your current security matches up.
Briefing from Bill Lunam, CTO of Kinetics Group
Key Topics Covered:
1. Introduction to New Zealand’s 10 Critical Controls for Cyber Security:
Importance of having a framework for cyber security.
Comparison with Australia’s Essential 8 framework. 8:37
2. Patching and Software:
Emphasis on patching desktops, laptops, servers, and firewalls.
Managed patching services provided by Kinetics, including third-party applications and Mac OS. 10:24
3. Multi-Factor Authentication (MFA):
Importance of enabling MFA on all platforms, including 365 and other cloud services.
Need for a company policy to ensure MFA is enforced. 12:42
4. Asset Life Cycle Management:
Importance of replacing old equipment for security and productivity.
Tools provided by Kinetics to track hardware and software assets. 14:08
5. Backups:
Necessity of backing up data from servers, desktops, and cloud services.
Kinetics’ backup solutions and the importance of verifying vendor backups for SaaS applications. 16:19
6. Security Awareness:
Regular training and phishing testing for staff.
Creating a cyber security committee within the organisation. 17:11
7. Application Control:
Explanation of application control and the role of modern endpoint protection (EDR).
Encouragement to use password managers. 19:56
8. Centralised Logging:
Importance of centralized logging for security events.
Introduction of Kinetics’ Key Vigilance product for managed detection and response (MDR). 23:25
9. Principle of Least Privilege:
Reducing unnecessary access rights to minimise attack surfaces.
Use of privileged access managers (PAM) to manage elevated rights. 26:06
10. Network Segmentation:
Segregating IoT devices and guest Wi-Fi from the main network.
Registering devices for network access based on MAC addresses. 29:40
Action Points and Call to Action:
- Review and Implement Cyber Security Framework:
- Assess your current cyber security measures against New Zealand’s 10 critical controls.
- Consider adopting Kinetics’ managed services for patching, backups, and centralized logging.
- Enable and Enforce MFA:
- Ensure MFA is enabled on all critical platforms and services.
- Develop and enforce a company-wide policy for MFA usage.
- Regular Security Training:
- Schedule regular security awareness training and phishing tests for all staff.
- Form a cyber security committee to oversee and improve security practices.
- Asset Management:
Utilize Kinetics’ tools to track and manage hardware and software assets. - Plan for the replacement of outdated equipment to enhance security and productivity.
- Backup Verification:
- Verify that all critical data, including SaaS applications, are backed up and can be restored.
- Implement Application Control and PAM:
- Use modern endpoint protection and password managers.
- Implement privileged access management to control elevated rights.
- Network Segmentation:
- Segregate IoT devices and guest Wi-Fi from the main network.
Register devices for network access based on MAC addresses.