Two European Union cybersecurity agencies have published a set of best practices to help organisations strengthen their cyber resilience.
The European Union Agency for Cybersecurity and the European Union’s Computer Emergency Response Team have issued a total of 14 recommendations, with organisations advised to prioritise them based on their business needs.
The list covers topics such as the implementation of multi-factor authentication, avoiding the reuse of passwords, ensuring software is up to date, hardening cloud environments, reviewing data backup strategies, limiting the access of third parties to internal systems and networks and changing default credentials and disabling protocols that use weak authentication.
Organisations are also recommended to employ network segmentation, conduct regular training and cyber awareness events, deploy protection against DoS attacks, limit internet access for servers and other devices that could be abused for command and control purposes by malicious actors and create a resilient email security environment.
According to Security Week, the joint guidance is meant for public and private organisations in the EU and is recommended for entities that support organisational risk management.
The agencies said, “By following these recommendations in a consistent, systematic manner, ENISA and CERT-EU remain confident that organisations in the EU will be able to substantially improve their cybersecurity posture and in doing so will enhance the overall cyber resilience of Europe,”
The agencies added that their recommendations can complement guidance issued by national or governmental cybersecurity authorities, but they do not replace it.