In addition to guest posting on the UpCity blog, Black Belt Consulting is featured as one of the Top Cybersecurity Agencies in the United States. Check out their profile!
In the past year and a half, there has been a lot of talk about personal hygiene, especially as it relates to the ongoing global pandemic. This pandemic has been devastating on economies and businesses, but another factor has compounded the destruction for businesses across the world: cyber-attacks.
Massive assaults on infrastructure and critical business operations have led to the recent SolarWinds, Microsoft Exchange and Kesaya, and other major compromises, costing hundreds of millions of dollars. Sadly, this represents just the tip of the proverbial iceberg. In most of these cases, the fallout could have been minimized if companies employed cyber hygiene policies.
So, what is cyber hygiene exactly? Cyber hygiene is often compared to personal hygiene. Much like individuals engage in personal hygiene practices to maintain good health and well-being, cyber hygiene practices can help to keep data safe and well-protected. This aids in maintaining properly functioning devices by protecting them from outside attacks such as malware or remote exploits, which can hinder functionality and cripple businesses.
Cyber hygiene then relates to the practices and precautions users take to keep sensitive data organized, safe, and secure from theft and outside attacks.
Defining Cyber Hygiene:
Much like personal hygiene practices, cyber hygiene is not a one-time process, but an ongoing process. It is a process that users of computing devices take to maintain system health and improve online security. These practices form healthy routines to ensure the safety of identity and other details that could be stolen or corrupted.
Cyber hygiene is regularly conducted to ward off natural deterioration and common threats. Cybersecurity researcher Brian Krebs produced an infographic displaying all the ways a compromised machine could be utilized by cybercriminals. The results are astonishing.
As one can see from the graphic, anything that can be hacked and monetized from a compromised machine will be. We live in an increasingly connected world and metadata follows us everywhere. One careless step can lead to a compromised machine, which can lead to a comprised network, a compromised business, a compromised bank account, or other troubling breaches that keep security researchers up at night.
What Are Cyber Hygiene Benefits?
Having a well-defined and routine cyber hygiene policy in place for your computers, software, and network and associated cloud-based systems will provide you with a host of benefits but will help you in two distinct areas: maintenance and security.
Maintenance is necessary for computers, software, and critical infrastructure to run at peak efficiency. Files can become fragmented and programs can become outdated, increasing the risk of vulnerabilities. Routines that include maintenance are likely to spot many of these issues early and prevent serious issues from occurring. A well-maintained system is less likely to be vulnerable to cybersecurity risks.
Security is the most important reason to incorporate a cyber hygiene routine. cybercriminals, advanced viruses, and intelligent malware are all part of today’s hostile threat landscape. While predicting threats can be challenging, preparing and preventing them becomes feasible with sound cyber hygiene practices.
Several problems arise when companies and individuals do not practice routine cyber hygiene including:
Data Loss
Hard drives and cloud storage that aren’t backed up or maintained are vulnerable to hacking, corruption, and other problems that can result in the loss of information. Many people falsely assume that since their data is in the cloud, they are safe, but this couldn’t be further from the truth. Malware is sharply on the rise and cloud platforms are increasingly made a target.
Misplaced Data
Poor cyber hygiene could mean losing data in other ways. The information may not be corrupted or gone for good, but with so many places to store data, misplacing files is becoming increasingly commonplace in modern enterprises.
Security Breaches
There are constant and immediate threats to all enterprise data. In the last year alone, there was a rise in security breaches by over 500%. Phishing, cybercriminals, malware, spam, viruses, and a variety of other threats exist in the modern threat landscape, which is constantly in a state of flux.
Outdated Software or Firmware
Software applications should be updated regularly, (we recommend at least twice a month for major systems) to ensure that the latest security patches and most current versions are in use across the enterprise, for all applications.
Firmware on critical devices (firewalls, NAS units, network switches, and other infrastructure devices) should be updated at least monthly as patches are made available. Out-of-date software and firmware are more vulnerable to attacks and malware.
Older Security Software
Anti-virus software and other security software must be updated continuously to keep pace with the ever-changing threat landscape. Outdated security software, even software that has gone a few months without a major update, cannot protect the enterprise against the latest threats.
Developing A Cyber Hygiene Checklist
Companies that want to minimize risk develop comprehensive cyber hygiene processes that address all aspects of their security policy. A few key practices implemented regularly can dramatically improve the security of any system.
Document All Current Equipment and Programs
Hardware
Computers, connected devices (printers, fax machines, scanners, IP phones, network equipment, infrastructure), and mobile devices (smartphones, tablets, etc.…)
Software
All programs, used by everyone on a particular network, are installed directly onto computers or servers.
Applications
Web apps and cloud services (Dropbox, Google Drive, industry-specific software), applications on phones and tablets, and any other program that isn’t’ directly installed on devices.
Hear From Industry Experts
Read the latest tips, research, best practices, and insights from our community of expert B2B service providers.
Analyze the List of Equipment and Programs
After creating a comprehensive list of all cyber-facing components, you can begin to scrutinize the list and find vulnerabilities. Unused equipment should be wiped and disposed of properly. Software and apps that are not current should be updated and all user passwords should be changed. If the programs aren’t in regular use, they should be properly uninstalled.
Certain software programs and apps should be chosen to be the dedicated choice for certain functions for all users. For instance, if both Google Drive and Dropbox are being used for file storage, one should be deemed primary and the other used as backup or deleted.
Create A Common Cyber Hygiene Policy
The newly clarified network of devices and programs will need a common set of practices to maintain cyber hygiene. If there are multiple users, these practices should be documented into a set policy to be followed by all users who have access to the network.
Here are typical items that should be included in a cyber hygiene policy:
- Password Changes: Complex passwords changed regularly can prevent many malicious activities and protect cyber security.
- Software Updates: Updating the software you use, or perhaps getting better versions should be a part of your regular hygienic review.
- Hardware Updates: Older computers and smartphones may need to be updated to maintain performance and prevent issues.
- Manage New Installs: Every new install should be done properly and documented to keep an updated inventory of all hardware and software.
- Limit Users: Only those who need admin-level access to programs should have access. Other users should have limited capabilities.
- Backup Data: All data should be backed up to a secondary source (i.e., hard drive, cloud storage). This will ensure its safety in the event of a breach or malfunction.
- Employ a Cyber Security Framework: Businesses may want to review and implement a more advanced system (e.g., the NIST framework) to ensure security.
Once the policy is created, the routine for each item should be set to appropriate timeframes. For instance, changing passwords every 30 days or checking for updates at least once per week could be set in place. Doing so will ensure the continued cyber hygiene of your entire network of hardware and software.
Developing comprehensive cyber hygiene procedures is a must for today’s enterprises. When carried out in conjunction with robust, enterprise-wide security practices, sound cyber hygiene practices aid in maintaining an excellent security posture for modern organizations.