You would not think twice about practising the good personal hygiene needed to promote good health – cleaning your teeth regularly for example – and so practising good cyber hygiene should be up there with those basic well-being steps to promote good ‘IT health.’
What is cyber hygiene?
Cyber hygiene refers to steps taken by users to maintain the health of their computers and devices and improve online security to prevent the theft or corruption of data.
As with personal hygiene, cyber hygiene should be practised regularly to ward off common threats and the natural deterioration of devices and systems.
Cyber hygiene should be on every organisation’s to-do list…
The benefits of cyber hygiene
There are two major benefits of following cyber hygiene practices – security and maintenance:
- Security – In today’s ever-changing threat landscape, it is more important than ever to use a cyber hygiene routine to help prevent hackers, intelligent malware, and advanced viruses from accessing and corrupting your company’s data.
- Maintenance – Computers and devices need to run at optimum efficiency. Cyber hygiene routines help to spot issues such as programs becoming obsolete or files that have become fragmented. In addition a well-maintained system is less likely to be vulnerable to cybersecurity threats.
Cyber hygiene is everyone’s responsibility
Employees often like to place responsibility for a company’s cyber hygiene practices with their IT department – which might provide clear password policies for example – but every employee has a duty to do basic things like using strong passwords and keeping them secure.
It is very hard for organisations to keep pace with the constantly changing threat landscape and the sheer number of security vulnerabilities within software and hardware.
The threats are not just technological either…
Hackers are very clever at gaining access to systems and information using social engineering (Social engineering, in this context, refers to psychological manipulation of people into performing actions or divulging confidential information). A hacker might deliver a sob story to an employee over the phone for example, to get them to impart information unwittingly.
It is not entirely down to the IT department to reduce social engineering attacks, all employees need to help shoulder the responsibility.
Focusing on risks
Good cyber hygiene practices revolve around identifying what the most likely risks are to an organisation’s products or services and responding to those risks. Those risks might include the risk analysis of launching a new product, or service, acquiring a new customer, or updating to new software.
An organisation should also be clear about what it has/owns – identifying its supporting assets, products, or services for example – and what facilities are involved in the production of a service or product, or what employees are crucial to the delivery of these.
Some basic cyber hygiene tips
- Make sure you keep an inventory of the company’s hardware and software on your network.
- Make sure you educate your employees on how to practice good cyber behaviour – this might include:
- encouraging good password management
- encouraging the use of complex passwords
- identifying which devices employees can connect to the network.
- Make sure you limit the number of employees who have administrative privileges.
- Make sure you regularly back up your data and keep multiple copies. You might consider using a secure cloud solution as well as keeping the data on-site.
- Make sure you identify any vulnerable applications that aren’t currently being used and disable them.
- Make sure you establish some form of incident response plan.
- Make sure you implement some controls to protect and recover data if a breach occurs.
- Make sure you conduct cyber threat and vulnerability monitoring.
Automate your company’s security practices to reduce human impact
There is no guarantee that your organisation won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat, so you should aim to reduce human impact by automating security practices such as:
- Providing double authentication logins requiring complex passwords
- Testing users on their security knowledge
- Blocking certain types of files.
To sum up, cyber hygiene is a business problem, not an IT problem, and no two organisations will implement it in the same way. However, a small amount of cyber hygiene goes a long way towards keeping your organisation healthy…