Most cybersecurity breaches are the result of an internal employee/contractor in an organization doing something either they were not supposed to do or failing to do something they are supposed to do, or both. Listed below are some of the best practices from a customer management and risk mitigation perspective to ensure cybersecurity risks are identified and mitigated.
Remote Web Client
- Users must keep the web browsers and operating system continuously updated on their client devices (PC, tablet, mobile) to mitigate security vulnerabilities.
- Users must keep a continuously up-to-date virus and malware protection software installed on their client devices (PC, tablet, mobile).
- Replace client devices if they have reached the end of their life cycle or maintenance cycle.
Acquisition and installation of Mobile Applications
It is strongly advised to only install Mobile Applications (for example, Cerberus Test) from the official App stores of your mobile platform (App Store for iOS and Play Store for Android). Only then can you be sure to install genuine, untampered Siemens software that has undergone the strict quality and security assurance processes defined by Siemens.
- Recommend no more than two administrator accounts for one Cerberus Cloud Apps subscription. Tasks should be limited to managing users and subscriptions.
- Administrators must never share their login credentials.
- When inviting users to Cerberus Cloud Apps, use the least privilege principle, that is, individuals are invited with roles reflecting the minimum privilege required to complete their task within the organization
- Remove/update user accounts as soon as a user is no longer associated with a company or their role.
- Refer to the User Guide for roles and authorization.
- Always logout of your session once you have finished using the application.
On-premises IT/OT network and Connect gateway
- Ensure the Connect gateway installation follows the Cerberus Cloud Apps installation guide and the fire system cybersecurity guideline.
- Administrator credentials for the Connect gateway must not be shared.
- Ensure correct configuration on the Connect gateway to access web applications.
Security is a shared responsibility
- As with any solution that encompasses cloud applications and IoT/On-premises connected devices, customers play a key role in keeping their systems secure.
- Keeping your systems up-to-date and employees educated is key to mitigating cyber risks.
- Ensure the Connect gateway is installed in a physically secure area where access is restricted, that is, access, power and network cables cannot be tampered with.