Cybersecurity really comes down to percentages. There is a metaphorical deluge of attacks pouring down, and an old-fashioned umbrella just can’t fully protect you anymore. Because lots of the raindrops now have guidance systems that let them maneuver around the umbrella and hit you in the face.
OK, that metaphor didn’t really work out, but the point is that everything you do to secure your network, apps, data, and users is meant to reduce the percentage of attacks that can penetrate your systems and potentially cause a breach or other costly outcome.
Cyber hygiene refers to a whole assortment of behaviors, many habitual, that are undertaken to reduce the chances of a successful attack. In addition, it refers to an organization’s cultural disposition to maintain good security practices. You can think of it as a discrete element of your overall security posture, but it is uniquely distributed across the entire organization in terms of responsibility.
Cyber hygiene for individuals
For individuals, there are plenty of recommendations for good cyber hygiene practices to help prevent identity theft when using online services. For example, the Identity Theft Resource Center (ITRC) provides a list of eight good habits to protect your data, including:
- Set up multifactor authentication for all online accounts
- Only use secure payment methods when shopping online
- Never open links from unknown sources
- Ensure all devices are password protected
By following these and other guidelines faithfully — making them a habit that comes naturally whenever operating online — you can significantly reduce the risk of identity theft. Even if there is a data breach that includes your login credentials, if you are diligent about using unique passphrases and updating them frequently, your risk is greatly reduced.
Cyber hygiene for IT admins
At the administrative level, there are similar recommendations for best cyber hygiene practices. These include:
- Enforce requirements for complex passwords and multifactor authentication to make it harder for criminals to use brute-force attacks to access your data and other resources. Especially with more employees working remotely, it’s critical to strictly control access. To optimize access control, consider a Zero Trust Network Access solution such as Barracuda CloudGen Access.
- Keep an up-to-date inventory of all digital assets. Without complete visibility into all your devices and all the elements of your network, it’s easy for vulnerabilities to occur without your knowledge — vulnerabilities that criminals are actively looking out for and hoping to exploit.
- Keep all software updated. Poor patch management is surprisingly common and (unsurprisingly) extremely costly. It’s very common for organizations to experience a successful attack that leverages a vulnerability that has been known for a long time, and for which a patch has been made available.
- Control admin privileges. Strictly limit who has admin privileges to your critical systems to only those who genuinely need it. Review privileges frequently and adjust as people change roles or leave the organization. Leftover privileges for former employees are a gift to cyber crooks.
- Manage end-of-life systems. Whenever any hardware or software on your network reaches end-of-life — meaning that it is no longer supported by security patches or updates, replace it immediately. Unsupported software is a huge risk to many organizations.
- Back up your data. If you’re not yet using an advanced, automated backup system like Barracuda Backup, start using one. Now. Like, right away.
Cyber hygiene for organizations
The trickiest part of cyber hygiene at the organizational level is that there is only so much that you can do to force users to practice good hygiene habits.
In order to best reduce risk across the organization, it’s important to cultivate an organizational culture that recognizes the importance of cyber hygiene, celebrates good habits and practices, and effectively addresses shortcomings and hygiene failures.
This requires a combination of leading by example, communicating expectations clearly, and maintaining a steady cadence of reminders that over time can drive universal buy-in.
An advanced security awareness training system such as Barracuda Security Awareness Training can be extremely helpful when implemented thoughtfully. Customers who have the greatest success are those who implement such tools with a gamification strategy that is appropriate for their users and get them to engage in a fun way.
For example, a quarterly event to celebrate and reward employees who respond correctly to simulated phishing attacks — while also delivering targeted training, without judgment, to lower performers — can have an amazing effect on an organization’s overall dedication to security awareness and best cyber hygiene practices. And that means less risk, less cost, less downtime, and less regulatory jeopardy.
Use every tool
Advanced security solutions to protect email, apps, data, access, etc. are all important tools to have in your security infrastructure, each of them reducing the chances of specific kinds of attacks.
Cyber hygiene is yet another important tool, one that serves as the foundation to optimize the effectiveness of all your other tools. While implementing cyber hygiene across your entire organization is a special challenge compared to, say, configuring and deploying a new email gateway, it’s just as important to maintaining an optimal security posture and reducing cyber risk as much as possible.
Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.
You can connect with Tony on LinkedIn here.