Did you know that 2023 marks the 20th year of Cybersecurity Awareness Month? Since 2003, we have seen the dramatic evolution of cyberattacks. Despite all the technological advances, the same cyber threats are still at play today. These include ransomware, phishing and business email compromise. Hackers are still trying to steal data, disrupt businesses and even harm physical safety. The leading causes of cyber incidents continue to be human error, weak authentication controls, unresolved vulnerabilities and over-permissive access.
While the threats persist, the foundation of cybersecurity basics remains steadfast. There is an enduring need to address the fundamental aspects of cybersecurity, and these threats can be addressed by one such basic cybersecurity practice – good cyber hygiene.
What Is Cyber Hygiene?
Think of it this way: cyber hygiene is a set of foundational security behaviors that all organizations and individuals should practice to protect information and systems from unauthorized access and breaches.
Let’s break down the top cyber hygiene best practices:
- Educate your users – Establish monthly security awareness training for your users that is engaging and does not take much of their time to complete. This will help users understand how to identify phishing emails, the best way to create and manage passwords and why reporting things that just don’t seem right is essential. An effective awareness program can significantly reduce the occurrence of human error that leads to cyber events.
- Establish strong authentication controls – Leverage multi-factor authentication where possible and put a strong password policy in place. To reduce the human error factor that always creeps into the discussion of strong passwords, provide users with a password management tool that will generate strong passwords, store them in a secure way and populate them into login screens for the user. Another option to consider is biometrics. Depending on the sensitivity and value of the information being protected, this may be an option worth exploring. Today, many forms of biometric authentication are much more user-friendly.
- Address vulnerabilities in your environment – It is critical that organizations know what assets are connected to their network and if those assets are vulnerable. Systems should be scanned for vulnerabilities periodically and patched regularly. Systems that can no longer receive security patches due to age or incompatibilities should be protected using other techniques, such as network segmentation to control the flow of information in and out of the system.
- Limit access to only what is needed – It sounds like a simple rule, however, it is often overlooked and is an important cyber hygiene best practice. Change default passwords and default usernames where possible. Limit the number of administrators to only those who absolutely need that level of access and monitor the usage of administrative privileges. Limit user access to the systems and information needed to perform their job, and review user access semiannually to help ensure that it is accurate. When departures from the organization occur it is critical to have a formal off-boarding process. You should suspend access immediately, and for those individuals that had administrative access, were part of executive leadership, or had access to financial or sensitive data, consider having a forensic image of their work environment captured. Limiting user access will help minimize exposure if an event occurs because the hacker can only get as far as the user’s credentials allow. Creating a forensic image in high-risk situations provides the company with the ability to protect itself and conduct investigations should events go undetected for some time.
As we observe the 20th year of Cybersecurity Awareness Month, we are reminded that fundamentals in cybersecurity remain key in fortifying our digital defenses. Cybersecurity basics, such as cyber hygiene best practices, are not just buzzwords but essential principles that help protect us from evolving cyber threats.
Being proactive in practicing good cyber hygiene is essential. Don’t delay and take action this Cybersecurity Awareness Month (and always), before it’s too late.