By Max Emelianov, CEO of HostForWeb
Cyber hygiene shouldn’t be a difficult concept – yet it seems like many organizations struggle with it. Yours might even be among them. Either way, it’s probably better to be safe than sorry. Read on to see if you’ve done everything necessary to keep your security posture strong – and what you still need to improve on.
Hygiene’s pretty important. If you don’t regularly shower, keep your environment clean, and wash your hands, you get sick. By that same vein, if you aren’t actively trying to keep your systems, people, and data safe, your business is going to end up in a spot of trouble.
Trust me, I am going somewhere with this analogy.
Today, we’re going to talk about cyber hygiene. It’s a pretty simple concept, but one that’s surprisingly complicated (and often difficult) to incorporate into your own organization. In essence, it’s everything involved in maintaining a strong security posture and ensuring your infrastructure stays in working order.
There’s actually quite a bit to it, even if we just focus on the security side.
Know Your Risk Profile
First thing’s first, you’re going to want to think like a cybercriminal. What assets or systems are most valuable to someone looking to make a quick buck off your business? What about someone wanting to defraud your organization or its staff, or a competitor looking to steal your intellectual property?
That’s only the first step. Next, you need to think about how a criminal might get access to sensitive assets. What elements of your infrastructure are most vulnerable to attack? Where are you most likely to experience a data breach, and how?
External threats from criminals aren’t the only thing you need to account for. You’ll also need to consider risks like internal bad actors, natural disasters, equipment failure, and more. The most important thing is that you have the security in place to protect yourself from all but the worst threats, and the resilience to survive should your systems still end up compromised.
Speaking of resilience…
Have a Disaster Recovery and Business Continuity Plan
You cannot control the weather. You cannot stop every cyberattack, nor can you account for a malicious insider. Eventually, there is a very good chance your systems will go down, a very good chance you will encounter a crisis of some kind.
How well you make it through that crisis depends on your level of preparation. It depends on how comprehensive and thought-out your disaster recovery and business continuity plans are. How prepared you are for the worst, in other words.
In broad strokes, a good disaster recovery/business continuity plan establishes the following:
- Roles and responsibilities in the event of a crisis. Who is in charge of keeping critical infrastructure operational and ensuring failover happens as it should? Who will keep in touch with shareholders and business partners? Ensure every employee understands precisely what their role should be.
- A response plan for a wide range of emergencies. Figure out what your business is likely to face, and plan to weather that. A general crisis response plan is also important.
- Critical and non-critical assets. What systems and data are critical to your business? What systems need to operate without interruption, and which ones need to be brought back online as quickly as possible?
- Communication details. How will people stay in touch? Contact numbers, emails, a crisis communication platform, etc.
- Major infrastructure. Do you have backup systems in place to ensure there is no interruption of service? Have those systems been adequately tested?
- Do you retain multiple, redundant backups of critical data? How will you handle sensitive or regulated data?
- Service recovery. What process will you have for getting services back online after an emergency?
- Regular testing. This one is self-explanatory. Constantly evaluate and re-evaluate your crisis response plan.
Encourage Safe Practices By Staff
The old adage that your employees are the greatest security risk in your business holds true more than ever these days. Criminals are always going to seek the path of least resistance by default. What that means for you is that if you have nigh-unbreakable security infrastructure, they’ll simply try to gain access by bamboozling your employees.
And even if an employee doesn’t fall victim to the machinations of a hacker, they might still inadvertently compromise your business. Human error is the cause of most data breaches, after all. Unfortunately, there’s only so much you can do to mitigate this.
Do what you can to promote a culture of cybersecurity within your business. Ensure leadership is schooled in the importance of cyber best practices, and ensure you are regularly training and educating your staff on the ins and outs of staying safe in the digital world. More importantly, have systems in place to recognize people who best embrace and embody their role in keeping your organization’s data safe.
Make cybersecurity a part of everyone’s job. Because ultimately, whether you like it or not, it is. That’s not going to change anytime soon.
Don’t Forget About The Basics
We’ve talked about some fairly high-level stuff so far. Processes and policies, training programs, corporate culture, and so on. But the problem is, that’s not actually where the majority of businesses fail at cybersecurity.
As it turns out, most of them struggle with the foundation. In a study carried out by cybersecurity firm Tripwire, it was found that 57% of organizations still struggle with visibility into their networks and systems, taking weeks, months, or longer to detect new devices or services. Many businesses (40%) still aren’t scanning regularly for vulnerabilities, and even more (54%) don’t collect and consolidate critical system logs into a single location.
It gets worse. 31% don’t even have a password policy in place, and 41% aren’t using multi-factor authentication. In short, their cyber hygiene is awful, regardless of any other steps they’re taking to protect their data.
Luckily, it’s fairly easy to avoid falling into the trap that they have:
- Patch your systems regularly and immediately.
- Scan for vulnerabilities on a daily basis.
- Ensure you have complete visibility into all networks and systems within your organization.
- Implement automated monitoring tools that alert you of any unusual network activity.
- Multifactor authentication: use it.
Understand That Cybersecurity Is Constantly Evolving
Last but certainly not least, one of the most common cybersecurity traps I see people fall into is the assumption that once their infrastructure is in place, their job is done. They don’t need to worry anymore – their data is safe, at least until next year sometime.
This is a dangerous mindset. The cybersecurity landscape is constantly shifting and evolving. You need to be cognizant of that. You need to pay attention to emerging vulnerabilities, new security techniques, and more.
Because if you’re not paying attention, you’ll simply be left behind.
Whether you’re talking about your infrastructure or yourself, hygiene is critical. Poor personal hygiene can result in sickness and isolation. Poor cyber hygiene can result in lost or misplaced data, data breaches, and productivity bottlenecks.
You don’t want to fall victim to either – and now you know how to avoid both.
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.