September 2nd, 2021

CISA list of Bad Practices - WST

The Cybersecurity & Infrastructure Security Agency (CISA) released a statement on adding single-factor authentication to its list of bad practices that are exceptionally risky. See https://us-cert.cisa.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices for details.

While the CISA is focused on Critical Infrastructure and National Critical Functions, they encourage all organizations to “engage in the necessary actions and critical conversations to address Bad Practices.”

This short list of Bad Practices can be summarized as:

    Don’t use unsupported (or end-of-life) software.
  1. Don’t use known/fixed/default passwords and credentials.
  2. Don’t use single-factor authentication for remote or administrative access.

See https://www.cisa.gov/BadPractices for details. While you’re there, note that the CISA website offers a wealth of other useful cybersecurity information.



Authored by: David Matt, CBISO, CEH, September 2nd, 2021

You May Want to Read More:

Don't Let Urgency Lead to Insecurity, Part 2 - WST

April 17th, 2020

April 17, 2020 Don't Let Urgency Lead...

Keep Yourself from being Roasted – WST

April 9th, 2020

April 9, 2020 Keep Yourself from being...

Complaint Management Programs - More Important Now Than Ever - WST

April 7th, 2020

April 2, 2020 Complaint Management Programs...

Keep your institution off the evening news.


Contact Us