Rebel Road Creative

View Original

Is a Cyber Hygiene Checklist Part of Your Game Plan?

(By Elizabeth Tuico) Cyberattacks remain in the headlines. It’s not a matter of if an entity will be attacked, but rather when. The best defense is education and preparation. Part of your game plan should include a robust cyber hygiene program that targets every employee and department in the organization.

Cyber hygiene requires a two-pronged approach that addresses both technical and nontechnical issues. Technical issues focus on security controls that reduce risks such as hardware, software, and other mechanisms that keep devices safe. Nontechnical issues are procedures that determine how security is managed such as employee training and security awareness.

This strategy is about educating the entire workforce to create sustainable habits. Data and systems security aren’t the sole responsibility of the IT department but should be shared among all employees. At the end of the day, good cyber hygiene equates to good business.

What Everyone Should Do

Basic cyber hygiene goes a long way toward achieving a strong cybersecurity defense. Remember that every access point to a connected device is vulnerable. Overall cyber hygiene best practices for your workforce should include:

1.       Installing antivirus and malware software

2.       Regularly scanning for viruses

3.       Using firewalls to stop unauthorized users in their tracks.

4.       Updating apps, web browsers, and operating systems on all devices regularly

5.       Keeping hard drives clean

6.       Changing passwords often

7.       Using multi-factor authentication

Stop Using These Passwords

Update 9/7/23: The Hartford recently published this list of passwords that should NOT be used:

Password: This is the worst choice. Also prevalent (and equally bad) are variations such as P@ssword and P@55w0rd!. 

QWERTY: This hacker-friendly option constructed from the sequence of letters at the top left of the typical computer keyboard is something to lose.

123456: or 98765 and 4567: Stay away from consecutive numbers (and the same goes for sequential letter combinations).

BusinessName1: If your shop is called Suzy’s Cakes, don’t set your password as Suzycakes1.

Business Address: WAY too easy for a hacker to guess.

Birth Date: Thanks to the internet, no one’s birthday remains a secret.

Words Related to Your Business: Hackers also try simple words like cake, tires, and garage to crack passwords.

How can you select a strong password?

A key approach starts with thinking of a passphrase. Next, substitute letters, characters, and abbreviations for parts of it. For example, my first car was a Honda in 1992. A good password could be my1stc@r=honda92.

What Organizations Can Do

By maintaining good cyber hygiene, organizations minimize the risk of operational disruptions, data compromise, and data loss by improving the overall security posture. Useful advice from cybersecurity experts include:

1.       Audit cybersecurity technology to determine what malware protections and spam filters are available. Analyze the technology’s condition. Should anything be replaced or updated?

2.       Onboard new employees with comprehensive cybersecurity awareness training.

3.       Conduct monthly mandatory cybersecurity training for all employees.

4.       Engage third parties for internal risk audits and biannual internal process reviews.

5.       Limit visitor access to networks with physical barriers.

6.       Use device and file encryption to protect sensitive data.

7.       Install checks and balances: avoid the concentration of power and control over security.

8.       Regularly update and patch servers, computers, security cameras, and other devices.

9.       Do not allow employees to use their own devices for company work and prohibit company-issued devices for personal use.

10.   Create an incident response plan to manage security breaches to limit damage and disruptions.

What Are the Challenges?

Maintaining consistent cyber challenges is easier said than done. Most organizations encounter the following issues:

Complexity of IT Environments: One constant around us is change. The sheer volume of users, devices, and assets (often distributed across hybrid and multi-cloud environments) makes maintaining proper cyber hygiene extremely difficult.

Tedious Nature of the Task: Cyber hygiene requires security practitioners and end users to routinely engage in a never-ending stream of important (but often mundane) behaviors and tasks.

Employee Buy In: IT teams can’t achieve security goals on their own. They need employees to recognize the importance of cyber hygiene and how critical their everyday behavior is to the organization’s overall mission.

Good cyber hygiene isn’t a set-it-and-forget-it activity. The practice represents a dynamic array of habits and initiatives performed by organizations and employees with the goal of achieving and maintaining the strongest possible security posture.

Elizabeth Tuico owns Rebel Road Creative, a marketing consultancy in Washington, DC. She helps tech clients boost their revenue with quality content that motivates subscribers. Do you need writing help? Get in touch.