WHAT IS CYBER-HYGIENE
Cyber
hygiene, or cybersecurity hygiene, is a set of practices organisations and
individuals perform regularly to maintain the health and security of users,
devices, networks and data.
The goal of cyber hygiene is to keep sensitive data secure and strengthen the organisation's ability to recover if and when a successful attack occurs. The concept works similarly to personal hygiene. Individuals maintain their health by taking regularly recommended actions, such as flossing to minimise cavities and handwashing to avoid infection. In the same way, organisations can maintain their health, thereby preventing data breaches and other security incidents, by following precautionary cyber hygiene measures.
Personal
hygiene helps prevent disease, and it can also make it easier to bounce back
when illness or injury strikes. Similarly, cyber hygiene is foundational to
both cybersecurity and cyber resilience. While cybersecurity guards against
threats, cyber resilience improves an organisation's ability to recover and
resume normal operations after a security breach. Cyber resilience strategies
involve cybersecurity, incident response, business continuity and disaster
recovery.
Achieving
optimal personal health requires an overwhelming array of action items, ranging
from exercising to meditating to eating leafy greens to scheduling regular
colonoscopies. Adding to the confusion, recommended practices shift as a
person's risk profile changes and as medical science evolves.
Many
security professionals find achieving an optimal security posture similarly
complex and overwhelming, with a plethora of recommendations and a constantly
shifting threat landscape. A risk-based security strategy helps navigate this
confusion, enabling security teams to prioritise cyber hygiene practices that
most protect the business while still letting it operate efficiently. For
example, while it might not be feasible to apply every software patch
immediately upon release, practitioners can prioritise those that fix the most
dangerous vulnerabilities.
Some
of the biggest risks organisations face involve phishing threats, which raises
an important, related point: The onus of cyber hygiene is not just on IT and
cybersecurity practitioners. Rather it is a shared responsibility among all
departments and users. One way almost every employee can help maintain proper
cyber hygiene and mitigate business risk is by following current email security
best practices, such as being wary of suspicious attachments, avoiding public
Wi-Fi and using strong passwords.
Cyber
hygiene is often compared to personal hygiene. Much like an individual engages
in certain personal hygiene practices to maintain good health and well-being,
cyber hygiene practices can keep data safe and well-protected. In turn, this
aids in maintaining properly functioning devices by protecting them from
outside attacks, such as malware, which can hinder functionality. Cyber hygiene
relates to the practices and precautions users take to keep sensitive data
organized, safe, and secure from theft and outside attacks.
KEY ASPECTS OF
CYBER HYGIENE:
Regular backups: Ensure
important files are stored safely and separately from the main network to
prevent data loss in case of compromise.
Education: Train users to
identify and avoid phishing
scams, understand common malware attacks, and follow best practices for
password management and internet usage.
Software
updates:
Install patches promptly to close known vulnerabilities and stay protected
against newly discovered threats.
Strong
passwords:
Use complex, unique passwords for each account and consider implementing
multifactor authentication for added protection.
Anti-malware
software:
Utilize reputable anti-virus and anti-malware products to safeguard against
malicious code.
Network
segmentation:
Limit access to sensitive areas within the network to control potential
exposure.
Access
restrictions:
Grant only necessary permissions to users and monitor changes to administrative
rights.
Device
management:
Monitor and restrict the installation of unapproved software and enforce strict
guidelines for removable media usage.
Risk assessment: Conduct
periodic evaluations of the organization's cybersecurity posture and implement
improvements accordingly.
BENEFITS OF
CYBER HYGIENE
Having
a routine cyber hygiene procedure in place for your computers and software is
beneficial for two distinct reasons – maintenance and security.
Maintenance
is necessary for computers and software to run at peak efficiency. Files become
fragmented and programs become outdated, increasing the risk of vulnerabilities.
Routines that include maintenance are likely to spot many of these issues early
and prevent serious issues from occurring. A well-maintained system is less
likely to be vulnerable to cybersecurity risks.
Security
is perhaps the most important reason to incorporate a cyber hygiene routine.
Hackers, identity thieves, advanced viruses, and intelligent malware are all
part of the hostile threat landscape. While predicting threats can be
challenging, preparing and preventing them becomes feasible with sound cyber
hygiene practices.
COMMON CYBER
HYGIENE PROBLEMS
Enterprises
often have multiple elements in need of cyber hygiene. All hardware (computers,
phones, and connected devices), software programs, and online applications used
should be included in a regular, ongoing maintenance program. Each of these
systems has specific vulnerabilities that can lead to different problems. Some
of these problems include:
Loss
of Data: Hard drives and online cloud storage that isn’t backed up or
maintained is vulnerable to hacking, corruption, and other problems that could
result in the loss of information.
Misplaced
Data: Poor cyber hygiene could mean losing data in other ways. The information
may not be corrupted or gone for good, but with so many places to store data,
misplacing files is becoming increasingly commonplace in the modern enterprise.
Security
Breach: There are constant and immediate threats to all enterprise data.
Phishing, hackers, malware, spam, viruses, and a variety of other threats exist
in the modern threat landscape, which is constantly in a state of flux.
Out-of-Date
Software: Software applications should be updated regularly, ensuring that the
latest security patches and most current versions are in use across the
enterprise – for all applications. Out-of-date software is more vulnerable to
attacks and malware.
Older
Security Software: Antivirus software and other security software must be
updated continuously to keep pace with the ever-changing threat landscape.
Outdated security software – even software that has gone a few months without
an update – can’t protect the enterprise against the latest threats.
A CYBER HYGIENE
CHECKLIST
While
there are numerous threats and multiple vulnerabilities with each piece of the
digital puzzle, creating a cyber-hygiene routine isn’t as difficult as it may
seem. A few key practices implemented regularly can dramatically improve the
security of any system.
All
hardware, software, and online applications will need to be documented. Start
by creating a list of these three components:
Hardware:
Computers, connected devices (i.e. printers, fax machines), and mobile devices
(i.e. smartphones, tablets).
Software:
All programs, used by everyone on a particular network, are installed directly
onto computers.
Applications:
Web apps (i.e. Dropbox, Google Drive), applications on phones and tablets, and
any other program that isn’t directly installed on devices.
Analyse
the List of Equipment and Programs
After
creating a comprehensive list of all cyber-facing components, you can begin to
scrutinize the list and find vulnerabilities. Unused equipment should be wiped
and disposed of properly. Software and apps that are not current should be
updated and all user passwords should be changed. If the programs aren’t in regular
use, they should be properly uninstalled. Certain software programs and apps
should be chosen to be the dedicated choice for certain functions for all
users. For instance, if both Google Drive and Dropbox are being used for file
storage, one should be deemed primary and the other used as a backup or
deleted.
CREATE A COMMON
CYBER HYGIENE POLICY
The
newly clarified network of devices and programs will need a common set of
practices to maintain cyber hygiene. If there are multiple users, these
practices should be documented into a set policy to be followed by all who have
access to the network.
Here
are typical items that should be included in a cyber-hygiene policy:
Password
Changes: Complex passwords changed regularly can prevent many malicious activities
and protect cyber security.
Software
Updates: Updating the software you use, or perhaps getting better versions
should be a part of your regular hygienic review.
Hardware
Updates: Older computers and smartphones may need to be updated to maintain performance
and prevent issues.
Manage
New Installs: Every new install should be done properly and documented to keep
an updated inventory of all hardware and software.
Limit
Users: Only those who need admin-level access to programs should have access. Other
users should have limited capabilities.
Back
Up Data: All data should be backed up to a secondary source (i.e. hard drive,
cloud storage). This will ensure its safety in the event of a breach or
malfunction.
Employ
a Cyber Security Framework: Businesses may want to review and implement a more
advanced system (e.g. the NIST framework) to ensure security.
Once
the policy is created, the routine for each item should be set to appropriate
timeframes. For instance, changing passwords every 30 days or checking for
updates at least once per week could be set in place. Doing so will ensure the
continued cyber hygiene of your entire network of hardware and software.
Developing
comprehensive cyber hygiene procedures is a must for today’s enterprises. When
carried out in conjunction with robust, enterprise-wide security practices,
sound cyber hygiene practices aid in maintaining a sound security posture for
modern organizations.
CYBERSECURITY
& ONLINE SAFETY BUZZWORDS TO KNOW
When
it comes to learning about cybersecurity and internet safety, it can feel like
wading through a lot of technical jargon. There are many helpful cybersecurity
terms to know, but we’re sharing just a few of the most common online safety
buzzwords:
Data
Breach A data breach is any incident that results in confidential data or
personal information being shared, stolen or otherwise transmitted. Scammers
and hackers often target business like banks and major retailers in order to
access personal financial information, but data breaches can occur anywhere.
For more information about responding to data breaches, check out these
resources.
Malware
Malware is any malicious software intended to disable or infect a device’s
functionality. Some malware allows a hacker to control a device remotely. Users
can avoid malware by using antivirus software and following technology best
practices.
Back-ups
Backing up data means saving a copy of the data on a separate storage device,
like an external hard drive. Many people also use cloud storage to keep back-ups
online.
Cloud
Storage The “cloud” is just a way to talk about online networks and storage.
Cloud storage is distinct from local storage, which includes your computer’s
hard drive. When you save something to the cloud, it is simply stored on one of
many remote servers located throughout the world.
The
term “Internet safety” encompasses a set of issues that are, either directly or
indirectly, related to the physical and psychological well-being of Internet
users. Also referred to as “online safety,” “digital safety,” or “e-safety,”
this concept is associated both with the risks individuals face online and with
the ways they can protect themselves against those risks. A large body of
research within this domain is dedicated to the safety of children and
adolescents. One reason for this specific focus is the fact that young people
are the most active Internet users. Being online offers them a whole range of
opportunities, but at the same time, this may confront them with several risks.
Adolescents
may be particularly vulnerable when facing those online risks as compared to
adults, because they are, among other things, more stimulated by short-term
rewards than by long-term prospects and because they have a higher tendency to
take part in risky behaviours than adults. An additional concern related to
this age group is that how they access the Internet differs from previous
generations. Most devices that are used to go online have become portable and,
therefore, young people spend more and more time alone with their laptops,
smartphones, and tablets, in their bedrooms for example. In consequence,
children’s Internet use is often free of parental supervision.