Security Recommendations for the LSS System in Windows Environments

To ensure the integrity, confidentiality, and availability of the data managed by the LSS system, it is essential that the Information Technology (IT) staff implement and regularly update various security measures on both the Windows operating system and the device running the application. Below are the main recommendations, which should be adapted according to the resources and capacities of each organization.

1. Continuous Updating of the Operating System and Software

• Keep the Windows operating system updated with the latest security patches, including both system updates and critical drivers, to correct vulnerabilities that could be exploited by attackers.
• Ensure that all installed software, including web browsers, PDF readers, and other applications, also receive regular updates to reduce the system's attack surface.

2. Robust Firewall Configuration

• Enable and properly configure the Windows Firewall, limiting traffic strictly to the ports, protocols, and applications necessary for the operation of the LSS system.
• Disable Remote Desktop Protocol (RDP) access if it is not essential, and if required, restrict access to specific IP addresses through Access Control Lists (ACL) and Virtual Private Networks (VPN).

3. Antivirus and Antimalware Protection

• Install and keep updated an enterprise-grade antivirus solution capable of providing real-time protection against viruses, ransomware, spyware, and other advanced threats.
• Configure regular full-system scans and establish automatic alerts for any detected threats.

4. Access Control to the Device and Information

• Restrict both physical and logical access to the device serving as the LSS system server by implementing:
  • Strong password policies (minimum of 12 characters, including uppercase letters, lowercase letters, numbers, and symbols).
  • Differentiated user accounts (administrator vs. standard user) and disabling unnecessary accounts.
  • Automatic session lock configuration through a screensaver, setting a maximum inactivity period after which authentication is required to resume access.

5. Regular and Secure Backups

• Perform regular backups of the LSS system's database and critical files based on a defined frequency (daily, weekly, or according to the level of criticality).
• Store backups in secure locations, ideally off the main device and preferably on encrypted media or protected storage systems.
• Regularly verify the integrity of backups and test restoration procedures.

6. Secure Use Policies and Staff Training

• Provide regular training to staff on good cybersecurity practices, including:
  • Identification of malicious emails (phishing).
  • Prohibition of unauthorized software installation.
  • Proper handling of external devices such as USB drives, which must be scanned by antivirus software before use.
• Disable the automatic execution of external devices to prevent infections from rapidly spreading malware.