- October 6, 2020
- Posted by: Pat Riot
- Categories: CyberSecurity, Security Operations
Humans created the internet and computers so inherently computers follow logical processes just like humans. Hygiene is ingrained in our culture as something that is not only accepted – but expected. If COVID has taught us one thing, I hope it’s the importance of regular hygiene. For over 6 months, we have been hypersensitive to our surroundings. Before the pandemic, everyone knew the importance of hygiene, but the importance wasn’t truly realized until we had a full-blown epidemic. I truly hope it does not take a cyberpandemic to realize the importance of cybersecurity. However, the importance of cyberhygiene has not yet been fully realized. Practicing good cyberhygine, especially as a business, is easier than you may think. Unfortunately, it’s not as common. 92% of U.S. residence say it’s important to get an annual physical and 62% of people get them. However, if businesses were people, 91% said cybersecurity was vitally important, but only 17% are ready for an attack. Since we all understand our physical health, we are going to metaphorically talk about cyberhygiene in the same manner:
An annual physical in a cybersense means “knowing what is there.” Every year, a business should keep a running tally on all the assets they possess (laptops, desktops, printers, scanners, copiers, etc.). The importance is knowing which devices allow information to pass through them, which could possibly store data on their hard drives.
Routine Blood Test
Our bodies have numerous amounts of trace elements that make up our internal ecosystem. Our devices and networks are no different. Counting software is the blood test to a system, it shows what is “running through it.” By counting software you will see all approved and unapproved software(s), enabling you to control what is running on your devices and networks.
Exercise and Nutrition
Health, in any context, does not “just happen.” It is a multifaceted process that requires attention to detail and determination. Cyberhealth is no different. Configuration is the exercise and nutrition of good cyber hygiene. Management and configuration, especially of data storage, is vitally important to the ongoing success of a business’s cyberspace. Standards like NIST, CIS benchmarks, HIPAA, HITRUST, and HIMMS, GDPR, and others are in place and are becoming more readily available but can be convoluted and expensive. Configuration is so important because most software is only partially configured straight out of the box. Just like fitness isn’t inherent, you must work at it.
Our scientists and healthcare professionals are amazing. We have been able to eradicate numerous illnesses that used to afflict millions (polio, typhoid, TB). Patches to a computer system are the vaccinations to our networks. Unpatched systems are one of the primary ways in which cybercriminals gain access. With a collective security mindset, when one business thwarts an attack, all the businesses utilizing the software learn how to thwart it as well. Patches are the way in which a system updates itself against cybercrime.
Washing Your Hands
As a result of COVID, it seems like we wash our hands every 30 minutes. And that’s good! The CDC says that is the most effective way we can avoid contracting bad toxins. Clearing your cookies, cache, and managing your passwords could have the same effect and it is just as simple. Clearing your cookies and cache at the end of every day ensures that continual data mining does not happen on your device. Password management takes that one step further to protect your identity in the case of an incident. Having complex passwords that are continually reset, ensures another level of complexity for cybercriminals and a miniscule effort on your part.
Do you tell your employees to stay home when they are sick? Limiting access controls ensures there is a small number of devices with administrative control. This redundant step limits the damage capability in case of a cyberattack. If a device were to become corrupted, only the files on that device would be compromised, not the entire network. Devices with administrative privileges pretty much have the “keys to the kingdom” and if they were to become infected, its bad news to say the least. Limiting the amount of access and the number of devices privileged to have access allows you to add another layer of security to your data and network.
Protecting our physical health has never been of greater importance than when living through an epidemic. Ironically enough, the physical health of our networks is undergoing a similar challenge that is equally as unprecedented. Due to COVID, the way in which security is managed has changed drastically. Imagine, pre-COVID, when most devices were connected to an inhouse network and all the network traffic could be monitored from a central environment. Now, security professionals have lost a massive amount of visibility to network traffic due to the massive influx of remote work and independent networks. Cybersecurity and data protection are now everyone’s collective responsibility. An organization is only as secure as its weakest link. With support, determination, and guidance, we can all work remotely, in a secure environment, and protect the data that we are entrusted with.
If you would simply like to inquire how you can become more cybersecure, simply give us a follow on social media (Facebook, Twitter, LinkedIn), send us an email, give us a call at 703-297-4405 or contact us directly! Regardless of the method you choose, we look forward to hearing from you and – as always, we appreciate your time for reading our content! Stay blessed and stay secure!