Cyber Security

Shimadzu's Approach to Firewall Protection

At Shimadzu, we prioritize robust cybersecurity to safeguard your data through effective firewall protection. Much like physical barriers that defend properties, firewalls act as a crucial security filter between our network and the internet, ensuring that your data remains secure from external threats. Our approach integrates multiple layers of firewall protection. Boundary firewalls, including advanced hardware devices and router-integrated firewalls, serve as the first line of defence. These firewalls monitor and control network traffic, blocking unauthorised access and allowing only verified data to enter or leave our network. For added security, we implement software firewalls on individual devices within our network. These provide an additional layer of protection by regulating application-level traffic and enforcing access controls. In environments with virtualized systems, virtual firewalls are employed to secure communication between virtual machines, maintaining stringent security policies within our virtual infrastructure. Shimadzu ensures that our firewall systems are not only configured correctly but also regularly updated to address emerging threats. We adhere to best practices by keeping inbound ports blocked by default and only opening them with a valid business need. This comprehensive approach guarantees that our firewall protection effectively shields our network from potential cyber threats.

Shimadzu Cybersecurity Measures: Malware Protection

Malware, or malicious software, poses significant threats to systems by disrupting operations, damaging data, or gaining unauthorised access. Common types include viruses, worms, and ransomware. Malware often infiltrates systems through phishing emails, malicious ads, or downloads from unapproved sources and can also spread via infected USB sticks. To combat these threats, Shimadzu employs a range of robust cybersecurity measures. Our Windows and macOS devices are equipped with malware protection software, such as Windows Defender, and additional third-party programs are recommended for Apple devices to enhance security further. This software continuously monitors for malicious activity and scans files upon access, ensuring that any potential threats are secured before causing harm. Advanced detection techniques are also utilized, including signature detection, which matches code with known malware, and heuristic detection, which identifies suspicious traits in new or modified malware. Browsers are configured to scan web pages and block access to known malicious sites, utilising features like Windows 10’s SmartScreen. For mobile devices, Shimadzu enforces strict controls by allowing only apps from official stores, such as the Google Play Store and Apple App Store, to ensure they are reliable and secure. Overall, Shimadzu’s proactive measures safeguard against malware, protecting data and systems with advanced software and stringent mobile app policies.

Secure Configuration

Shimadzu takes a proactive approach to secure configuration, minimising cyber risks by disabling or removing unused software, accounts, and services. We ensure that only necessary features are active, reducing potential vulnerabilities. All devices are protected with strong, unique passwords or biometric locks. Autoplay and autorun features are disabled to prevent unauthorised software installation. We carefully configure open ports, closing those not essential for external services, and block high-risk ports like Remote Desktop Protocol (RDP) at the firewall. Where possible, we prioritise cloud services, such as OneDrive, over remote connections to enhance security and safeguard our systems.

Security Update Management

Our company’s Security Update Management ensures all software and firmware remain up-to-date to prevent cyberattacks. We maintain an asset inventory to track systems and regularly apply security patches to address vulnerabilities. Automatic updates are enabled on all devices, ensuring timely installation of critical updates, including operating systems, firmware, browsers, applications, and antivirus software. High-risk and critical patches are installed within 14 days of release. Unsupported or legacy software is removed or isolated to minimise risk. This approach ensures that our systems are secure, minimising potential vulnerabilities that cybercriminals could exploit.

User Access Control

Our company’s User Access Control ensures secure and controlled access to data and services. Each user has a separate account—no shared logins—ensuring accountability. Admin and regular user accounts are segregated; admin privileges are limited to essential tasks like software installation. Users perform daily tasks with standard accounts, reducing risks from malware. Unused accounts are deleted, and guest accounts are disabled. Strong, unique passwords are enforced, and multi-factor authentication (MFA) is required for admin and high-risk accounts, protecting against unauthorised access. This approach ensures clear accountability, limits vulnerabilities, and safeguards sensitive information.