Top 10 Cyber Hardening Tips for Integrator Deployments

By Chris Peckham, COO, Ollivier Corporation, PSA Cybersecurity Committee Chair

October is National Cybersecurity Awareness Month and the 2025 theme is “Stay Safe Online.” The PSA Cybersecurity Committee would like to offer some information and host a webinar to aid integrators with their deployments. Some members may already be discussing or performing many of the items on the list, however, if it seems overwhelming, keep in mind that small steps indeed can make a big difference. It takes a combination of many factors to secure the environment.

Here are 2025’s Top 10 Cyber Hardening Tips for Integrator Deployments:

1.Cybersecurity Training

Staff can better protect the organization with proper cyber training. This can be performed using no-cost or low-cost training programs. Training can also include real-life phishing simulations to improve the staff’s understanding of the risks. Refresher courses also allow users to become aware of evolving threats and can be focused on specific job functions. A staff that understands the risks and reports suspicious activities can serve a critical role in defending against cyber events.

2. Software Patches

Modern operating systems and applications release patches fix software bugs and reduce vulnerabilities. Some vendors may require a software support agreement to obtain updates. Many devices and systems can be configured to update automatically which improves consistency and security. When automation is not possible due to integrations with other systems or version dependencies, patching should remain a high priority. If updates cannot be applied those systems should be isolated to minimize risk.

3. Password Management

Use password managers and multi-factor authentication (MFA) to strengthen security. MFA combines “something you know” (password), “something you have” (phone/token) and “something you are” (fingerprint) to protect accounts. Always use strong, unique passwords for privileged accounts and create separate accounts for specific purposes (e.g., service or video accounts). Avoid reusing passwords across different systems. When possible, use domain authentication or single sign-on (SSO). Passkeys—cryptographic keys stored on a device—provide phishing-resistant technology that can replace passwords, making login both simpler and more secure. Finally, users should verify that their passwords are not on published password breach lists.

4. Reduce the Attack Surface

You cannot manage it if you do not know it is there, on both the device and application level. Run a full inventory of the network and remove outdated devices, unused accounts and unnecessary privileges. Apply a similar cleanup to individual systems by uninstalling outdated applications and closing orphaned accounts. Avoid deploying systems directly to the internet and disable unnecessary discovery and unsecure services. Disable unused applications and restrict access to edge devices using IP filtering to allow access from only necessary servers and networks. Finally, perform regular vulnerability scans and penetration tests to catch issues before attackers do.

5. Configure Devices and Applications Appropriately

The existence of misconfigured devices and applications can create gaps in an organization’s cyber defenses. Many breaches have occurred when attackers exploited “open” or poorly secured backdoors into infrastructure. When possible, device and application configuration should be automated to reduce errors. Settings or poor configuration of firewalls, servers, routers, switches, application and other infrastructure components are common attack vectors.

6. Sound System Administration

Actively monitor services to inform when they are down or impacted by system conditions and review logs (ideally stored off the host) rather than collect them. Default and unused accounts should be removed, and the principle of least privilege should be applied by restricting network and administrative access to only what is necessary. An admin account should never be a default login and network time should be synchronized since many services fail when time is out of sync across systems. Configurations should be backed up regularly and those backups should be tested; remember that RAID is not a backup! Apply that same backup discipline to configuration files from switches and other infrastructure devices. Use application allowlisting when possible. Finally, enforce unique usernames and avoid account sharing to maintain accountability.

7. Networking

Firewalls, network segmentation and port isolation can work together to provide layered cybersecurity protection. Firewalls control traffic entering and leaving the network, blocking unauthorized access. Network segmentation, often performed using VLANs, divides the network into isolated zones based on departments or use so that a breach in one segment does not easily compromise others. Port isolation can further restrict communication within a segment, preventing devices that don’t need to communicate from interacting and limiting lateral movement from a compromised device. Using these together, multiple barriers are created that will work to contain threats and make it more difficult for attackers to move across the network.

8. Zero Trust

“Never trust, always verify” means no user, device or application is trusted by default. Users are authorized access based on strong identity and access management (IAM) combined with multi-factor authentication (MFA). Devices also must meet security standards before connecting. Access is limited to only what is needed, and data is protected with encryption. Tools such as next-generation firewalls (NGFW), endpoint detection and response (EDR) and continuous monitoring provide real-time visibility and work to stop threats quickly. These controls create a layered, adaptive defense that reduces risk and limits damage from cyberattacks.

9. Implement Framework and Hardening Guides

The use of cybersecurity frameworks such as the CIS Critical Security Controls or the NIST Cybersecurity Framework (CSF) can aid organizations to follow best practices. These frameworks provide structured guidance and by using them, organizations can prioritize security efforts, close common gaps and commit to managing cyber risk. The NIST CSF can help organizations set a strategic direction and CIS Controls can provide the necessary steps to carry it out. The use of vendor hardening guides as well as CIS Level 1 Benchmarks or the or Microsoft Security Compliance Toolkit can also aid in compliance alignment. The frameworks also emphasize the need for an incident response plan, ensuring that organizations are prepared to recover from security events when preventative measures may not work.

10. AI in Cybersecurity

The use of AI is changing cybersecurity. Adversaries are using AI to automate attacks, develop convincing phishing campaigns and probe systems at scale. Defenders can use AI for threat intelligence, anomaly detection and faster response to an event.  AI-driven tools can help identify threats early and adapt available defenses on the fly. Organizations should remain aware of AI-powered threats and update policies, frameworks and controls to mitigate risks effectively

For a physical security integrator, strong cyber security within all these areas is important to protect client systems as well as sensitive data. It begins with the foundation of cybersecurity training and reducing risks by patch management as well as the use of strong account credentials; stop using the same password across customer systems! Solid system administration and network practices ensure a reliable environment and limit exposures to compromises. Zero trust and the use of frameworks and hardening guides provide for structured and measurable cybersecurity actions, demonstrating that the integrator understands the risks and is working to reduce them. Finally, the understanding of how AI can be used will build upon what is already in place.

These top 10 cyber hardening tips help reduce risk, protect assets and build trust by showing that cybersecurity is taken seriously within the organization and for their customers. The topics can be used as discussion points for your teams as well as with customers. During Cybersecurity Awareness Month, PSA will be offering a webinar to increase awareness. Even If your company has a strong cybersecurity program, there is always room to grow! Cybersecurity is not a one-time effort, but a continuous process of adaptation and improvement.

Chris Peckham is the chair of PSA’s Cybersecurity Committee. This article was written to raise awareness about cybersecurity risks for Cybersecurity Awareness Month 2025. To learn more about about cybersecurity best practices, register for PSA’s virtual Lunch & Learn on Oct. 22, 2025, at 11 AM MT.

To learn more about PSA Committees and how to join, click here.