Cyber hygiene, or cybersecurity hygiene, is a term used for observance of leading technology security practices, and it generally applies to businesses and individuals alike. As with most facets of business, there is a trade-off between cost and benefit regarding security measures. In this post, we’ll share cyber hygiene best practices organizations should routinely perform to maintain the health and security of users, devices, networks and data.
The goal is to secure sensitive data and protect it from theft, accidental deletion or attacks. The concept works similarly to personal hygiene. Individuals maintain their health by taking proactive measures (i.e., flossing to minimize cavities or handwashing to stop the spread of disease). Organizations can maintain their health and prevent data breaches and/or other security incidents by following cyber hygiene best practices and measures.
Cyber Hygiene Best Practices
Consider these leading cyber hygiene best practices to help minimize enterprise-class cyber risks:
- Perform a technical audit (or even better, a security assessment and/or penetration test) on the firm’s technology infrastructure and network(s) to determine what policies and controls are in place and how effective they are. Adding a detailed network discovery effort will also help identify where to “tune up” tech configuration-dependent tools like spam/email filters and internet browser restrictions.
- Onboard new staff with focused cybersecurity awareness training and to reinforce the emphasis on (and the visible importance of) security to your organization. Provide all staff periodic updates on cybersecurity topics of relevance – for example, a monthly security bulletin newsletter or email sent to all employees.
- Bring in independent, external assessors to conduct internal risk and security audits at least annually. Even better would be to incorporate those findings with a higher-level review of organizational security posture, controls/processes and policies.
- Where possible, configure physical barriers in and around the office which limit visitor and unauthorized user access to network infrastructure.
- Separate roles and diversify responsibilities across staff to avoid the concentration of security oversight in too few hands. This helps prevent a single point of failure (or failure of execution).
- Have a patch management program and policy in place. Regularly update and patch servers, computers, security cameras and other devices.
- If you choose to allow staff to use their personal devices to access company work and/or networks, have a carefully considered “BYOD” policy that lays out what is and is not allowed.
- Like the military saying goes, “You fight like you train.” Create and maintain an Incident Response Plan to help limit the impact of security breaches and attacks and make it a training goal to drill in the use and application of that plan. The critical period immediately following an attack (or attempted attack) is not a good first time for staff to exercise their expected roles and expect anything other than a poor outcome.
Effectively Mitigate Risk with a Program Assessment or Penetration Test
Don’t leave it up to chance that your business’ critical applications, IT infrastructure and devices are resistant to compromise. This month receive 10% off our program assessment or pentest services.
Cyber hygiene has a significant and measurable effect on lowering the likelihood that threat actors will exploit gaps in security and may have some or all the following collateral benefits:
- Keep your technology healthy and operating efficiently, as intended. This should include a regular replacement cycle for all devices.
- Protect the organization’s proprietary and protected data, as well as client information.
- Defend against ransomware and other malware and if indeed attacked, minimize the disruptive impact on business operations.
- Avoid the ‘downstream’ effects of phishing attempts and other malicious activity.
- Identify and update outdated administrative privileges from former employees or employees whose job functions have changed to avoid unnecessary privileges.
- Locate unmanaged and “orphaned” devices and assets. Remove these from the network if they are no longer needed.
It is crucial to be proactive when it comes to your cyber hygiene, which is considered basic blocking and tackling. Do not delay taking action until you experience a breach.