If your home is looking more like a frat house after rush week, than a place an adult resides, buying a shiny new 65-inch OLED TV won’t make it better. Oh sure, the TV’s massive screen will distract you from the teetering piles of laundry, sticky everything, footprinted floors, and precarious towers of pots and pans, but it won’t clean up your space. The same is true of an organization’s cybersecurity. Keeping a company’s cybersecurity tight and clean can be tricky. Merely purchasing a new piece of software or hardware isn’t enough. Instead, you might want to start with the most common cybersecurity practice. Robust cybersecurity programs exercise good cyber hygiene. Clean Up Your Cybersecurity Act at Work
It doesn’t matter what industry category your company falls under or whether your private or public, cybersecurity is a factor across the board. Also, it doesn’t matter whether you’re working from a corporate office, a home office, or a coffee shop, your organization’s online security needs consideration. Even when working from home, good cyber hygiene must be part of your work routine. As mobile computing and the use of personal devices at work increases, the potential for network compromise also escalates. Increased compromise means a higher level of need for layered cybersecurity measures and ensuring that all users, company-wide, practice good cyber hygiene. You might be thinking, isn’t it IT’s job to clean up cybersecurity messes and keep the network running smoothly? No, it’s everyone’s job to practice good cyber hygiene for the health of your organization’s system.
Cyber hygiene: It’s not just IT’s job
You can’t expect a dentist to fix a lifetime of not brushing your teeth. A dentist is not a miracle worker, and you are accountable for the upkeep of your mouth. Just like personal hygiene, cyber hygiene is about necessary actions that will help to promote good cybersecurity health – it’s like brushing and flossing your network every day.
Many people want to dump cyber hygiene solely onto the IT department. However, cyber hygiene is a business problem, not an IT problem. IT can instruct on sound cybersecurity practice and implement cyber hygiene policies to keep the network safe, but it’s up to all network users to keep up their end of the cyber hygiene bargain. For example, IT might create a cyber hygiene password policy, but the users, themselves, have to set appropriate passwords, remember them (which is often the hard part), and keep them secret.
IT is already on their toes keeping the network locked down because the threat landscape of an organization is continually changing. New variants of cybersecurity attacks appear regularly, sometimes evolving hour by hour. The vast quantity of cybersecurity vulnerabilities in software and hardware, and the escalating and volatile threat landscape all combine to make it nearly impossible for a company to keep up. The IT department has a large surface to protect. They need each user to practice good cyber hygiene and keep their little piece of the larger puzzle clean.
To make it worse threats aren’t just technological; users are targeted. Hackers have gotten sneakier, and the growing trend is using social engineering to gain access to systems and the information they hide. These social engineering attacks are a sophisticated spear phishing campaign. They can come in many forms, by phone, via personalized email or text, or even onsite if someone, somehow, planted a wireless-enabled device. The IT department can’t lessen the amount or severity of socially-engineered attacks all by themselves. Everyone from the top floor C-suite to the intern working in the darkest corner of the basement needs to get on the cybersecurity Zamboni, to keep the network running as smooth as ice before the puck drops.
Here are some cyber hygiene strategies to help you clean up your cybersecurity game at work:
A patch a day keeps the cyber-criminal at bay
To help your organization’s system run smoothly, instead of introducing fibre into your network’s diet, update regularly. Practicing good cyber hygiene means installing updates and patches across all devices, applications, and operating systems used on the network. If you want to access the company Wi-Fi with your iPhone, make sure that you’ve downloaded the update before you log on. Updating is a pain – it takes time, you have to restart the device – and it seems unimportant when you’re busy, under deadline or helping a customer. However, by not updating your devices you are making it far easier for cybercriminals to breach your cybersecurity defenses and corrupt your device.
Make patching and updating part of your day. Add it to your calendar and set a reminder. It’s one of the easiest cyber hygiene practices to complete and has a big cybersecurity payoff in keeping the network protected. WannaCry, a recent ransomware attack, struck using known Microsoft vulnerabilities. The patches were already available to fortify these weaknesses. WannaCry targeted users and organizations that had failed to update their software with the available patches.
Practice safe and protected email
Email is hackers #1 way into a system. Email is the easiest way for a cyber attacker to breach an organization’s cybersecurity spreading malware to unsuspecting users. Hackers manipulate email in a variety of nefarious ways, but mostly they try and trick the recipients into clicking on something they shouldn’t. Sometimes, the emails will even appear from someone else working in the company. Phishing email attacks are a favourite weapon, and they often look legitimate, disguised as messages from a bank or business. The links will either work to steal credentials or unleash malware on your system.
The #1 rule of email is to trust no one. It seems harsh, but give that e-transfer of birthday money from Grandma Lizzie a good once over before you click on it. Never click on the link to claim an inheritance from an uncle you didn’t know, who turned out to be a prince. Even if it appears like a legitimate email from a trusted source, proceed with caution and be sure to evaluate the email address or website URL they instruct you to visit. Often, on close inspection, you’ll find the names or URLs will have misspellings. Unexpected requests for money or sensitive information are suspect every single time. Try directly contacting the sender to verify the request. Playing it email safe is practicing cyber hygiene.
Passwords, passwords, passwords!
We’ll keep this short because you’ve heard it before. Just because you’ve heard it, doesn’t mean you’ve heeded the advice though. So, once again (and maybe do it this time) use good, strong passwords and two-factor authentication across all devices and accounts for good cyber hygiene. A strong password is a complex combination of numbers, letters, and special characters. Use unique passwords for each account. Be especially careful when creating passwords for devices and applications that are used in accessing sensitive business information. Do not keep a list of passwords on your phone or a sticky-note; this is not cyber hygienic. If you can, employ two-factor authentication with a brain-teaser password. Strong passwords are a natural cybersecurity defense that all users can apply.
Have an incident response plan and understand your role in it
Should a cybersecurity attack (or worse, a cybersecurity breach) occur, every business, no matter the size, needs to have an incident response plan in place. For ideas about how to create an effective incident response strategy, check out this article on cybersecurity and creating an effective incident response strategy. Before an attack, everyone in the company should be aware of specific cyber hygiene practices and how to look for signs of attack. Have a 24/7 hotline for employees to call should a breach occur. Make sure every employee knows what to look for and what to do. Preparing by having an incident response plan and creating employee awareness is good for the health of your cybersecurity. The faster a problem is identified, the faster it can be dealt with.
Educate yourself and your employees on how to maintain good cyber hygiene. Stay current with cybersecurity attack trends or hire someone, a cybersecurity solutions provider like ISA, who is on point with the changing threat landscape. If your network is already a little muddled and messy, and you want to clean up your system, talk to the cybersecurity specialists at ISA (and be assured the ISA cybersecurity experts brush and floss regularly). ISA has practical solutions for keeping your organization’s cybersecurity healthy.