CISA’s New Catalog of Cybersecurity Bad Practices to Aid Healthcare Providers

The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has published a new resource that discusses bad practices in cybersecurity, which are particularly damaging and significantly increase the risk to critical infrastructure.

A lot of resources had been published regarding cybersecurity best practices, which if implemented can strengthen security. Even so, CISA thinks another point of view was needed as it is in the same way, if not more, vital to ensure the removal of bad cybersecurity practices. CISA mentioned that stopping the most egregious risks demands that companies should make a decisive effort to stop bad practices.

CISA is advocating that all organization leaders should get involved in crucial discussions to take care of technology bad practices, in particular institutions that provide countrywide critical functions.

One of the crucial elements of risk management is to focus on the critical few, noted by CISA Executive Assistant Director Eric Goldstein when he announced the new website resource. Companies might have little resources to find out and counter risks, however, eliminating cybersecurity bad practices is crucial to every organization’s strategic solution to security. Handling bad practices is not a substitute for implementing best practices, nonetheless, it provides a rubric for making priorities and a valuable solution to the dilemma of what should be done first.

The new resource was created after cyberattacks on critical infrastructure that confirmed their impact on critical government operations and the threat to security, national public wellness and safety, and/or national economic security.

The CISA Bad Practices catalog https://www.cisa.gov/BadPractices
will grow after a while, nonetheless currently it points out two cybersecurity bad practices, which are incredibly risky: The continuous use of an unsupported application that has expired and the continued use of recognized, set, and default passwords and information to gain access to and make use of Critical Infrastructure and National Critical Functions.