System Hardening: Rules for Securing Your Systems Against Unauthorized Access


Cybersecurity Essentials: Part 4

All organizations need to protect their systems and data from cyber-attacks, which means that all organizations need to implement a cybersecurity program. Our monthly blog, “Cybersecurity Essentials,” details the elements of a comprehensive program to ensure you are accounting for privacy concerns, compliance issues, and the policies and procedures critical to maintaining a secure organization and a culture of cybersecurity.

In part 1 of our series, we addressed privacy concerns as they extend to employee records, client or customer records and communications, and the use of mobile devices.

In part 2, we shifted our focus to a discussion of a security program, which includes training, policies, and other steps required to protect your organization’s sensitive data.

In part 3, we introduced some tools—applications and solutions—you can use to safeguard your organization from hackers.

Now in part 4, we offer five rules for “system hardening,” that is, tightening up access and adding security to ward off potential hackers.

Rule 1: Remove all unused programs on all systems. Programs stored on a server or workstation are potential entrance points for hackers. Removing unneeded programs cuts down the number of ways your systems can be hacked. Because the needs of organizations constantly change, you should check regularly to ensure all installed applications are needed and being used.

Rule 2: Maintain user group policies in Microsoft’s Active Directory. The policies should clearly define the rules for user groups for access to your systems. Simple errors can allow unauthorized individuals access to groups or settings, a potential gateway for a cyber attack. Conduct audits to validate group members, and ensure that nothing is left in systems or servers that those groups no longer need access to.

Rule 3: Implement a patch management plan. Your cybersecurity plan should include regular planning, testing, and implementing of patches through patch-management software to ensure all applications and operating systems are the most recent versions and that you’re not missing any critical security patches. If there is a vulnerability in a piece of software, Microsoft will release a patch for it, so have an automated process in place to ensure your machines aren’t susceptible.

Rule 4: Secure endpoints and perimeters. You can reduce the likelihood of attacks by strengthening user account controls and implementing security policies while maintaining user efficiency. The intent is to allow reasonable user access while ensuring your devices are protected by properly configured and deployed firewalls, routers, VPNs, and intrusion, detection, and prevention systems.

Rule 5: Monitor and track behavior in cloud applications. The goal is to detect abnormal user behavior, like “impossible travel time” (e.g., a user logging in in Pittsburgh then minutes later in Dallas). Abnormal behaviors include unfamiliar sign-in properties, or suspicious in-box manipulation, such as forwarding to an unknown account. Ensuring that security rules or settings haven’t been changed will help prevent attacks, email compromises, and ransomware.

If you have questions or concerns, our Vertilocity team can evaluate your cybersecurity strategy and discuss your options with you. Call us at 412-220-5744, or email me at

About the Author(s)

Justin Krentz is a Principal with Vertilocity whose main responsibilities include account management, operations and new business development. His experience spans 14 years of selling managed services and comprehensive technology solutions to small and mid-sized businesses, with a primary focus on the healthcare sector. He has written several articles that have been printed in various healthcare societal publications and regularly speaks at medical societies on technology updates. Justin graduated from Ohio University with a B.S. in Marketing and received his MBA with a focus in Healthcare Management from Duquesne University.

Vertilocity, an HBK company, was created in 2021 with the merger of Vertical Solutions with HBK IT. The resulting entity operates out of HBK offices in Pittsburgh and Clark, New Jersey, and remotely in and around Denver, Colorado. In addition to expanding its IT services to its broad base of business clients, the merger enhanced HBK’s technological offering to its more than 600 healthcare business and institutional clients.

Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.