As the de-facto CISO of our small company, I have today received a note that CISA has published a list of "bad practices" to avoid when running critical infrastructure (or other things): https://www.cisa.gov/BadPractices
1. Don't run terribly outdated stuff
2. Change default passwords
"This list is focused and does not include every possible inadvisable cybersecurity practice."
A Mastodon instance for info/cyber security-minded people.