Cyber hygiene has many similarities to personal hygiene
Today’s digital threat landscape is more active than any time in history and more dangerous and deadly to business than ever. Even the most sophisticated cyber defenses and following cyber hygiene best practices are being challenged by the complexity of new and inventive attack vectors, tools and techniques. Some of the more recent threats include:
- The information stealing, triple-threat combination of Emotet, Trickbot and Ryuk;
- The highly evasive and stealthy Sodinokibi (REvil) ransomware;
- The blackmail tactics of attackers using Maze ransomware in publishing victims’ stolen information on the dark web to extort payment;
- The destruction of connected backups and restore points prior to encrypting live data;
- The targeting of operational technology (OT) after infiltrating through the business information technology (IT) network.
Consider the following:
Research conducted by the National Cyber Security Alliance found that:
- Almost 50 percent of small businesses have experienced a cyberattack.
- More than 70 percent of attacks target small businesses.
- As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.*
It’s evident that cyberattacks and cyber infections can have devastating effects on any company, especially small and medium-sized businesses (SMBs), which are often resource-challenged when it comes to effective cybersecurity hygiene.
Not unlike protecting ourselves from catching a cold or a more serious case of the flu, we can draw parallels between behaviors recommended for personal “healthcare” to the preventative measures in “secure-care” for business. These measures illustrate preventive steps a company should employ to prepare for and hopefully avoid or mitigate an infection of ransomware or other cyberattacks.
Cyber Hygiene Best Practices
Let’s look at the things we do keep a healthy personal and business life.
- Personal hygiene: Wash your hands regularly.
Cyber hygiene: Keep your systems and applications patched and updated.
- Personal hygiene: Clean frequently touched surfaces and objects
Cyber hygiene: Scan your systems for vulnerabilities and remediate them.
- Personal hygiene: Cover your mouth and nose when coughing and sneezing, with the bend of your elbow, sleeve or tissue.
Cyber hygiene: Keep your information private. Protect your data by using strong passwords – and don’t share them.
- Personal hygiene: Get vaccinated.
Cyber hygiene: Use antivirus, anti-malware on your systems.
- Personal hygiene: Thoroughly cook meat and eggs.
Cyber hygiene: Use email and internet filtering and best practices to block phishing and malware – don’t open unexpected attachments or click on unknown links, they could be toxic.
- Personal hygiene: Refrigerate/freeze unused or uncooked foods to protect them from spoilage.
Cyber hygiene: Use encryption and Multi-Factor Authentication (MFA) to hide and protect your sensitive information.
- Personal hygiene: Avoid sharing personal items like water bottles.
Cyber hygiene: Allow only role-based access and the minimal necessary information to do the job. Reduce accounts with elevated or unrestricted privileges.
- Personal hygiene: Avoid close contact with anyone showing symptoms of respiratory illness such as coughing and sneezing, maintaining a distance of at least 2 meters (6 feet).
Cyber hygiene: Disconnect your backups from the live system and protect them from attacks.
- Personal hygiene: Isolate yourself or others who are showing symptoms or are obviously ill.
Cyber hygiene: Secure your supply chain and vendors, including those downstream. Don’t let them infect your company or allow their security practices to adversely impact your business.
- Personal hygiene: Share your recent travel history with your health care provider.
Cyber hygiene: Segment your network and manage/secure the information and users accessing and traveling on it.
- Personal hygiene: If you suspect an infection or are showing symptoms, get professional medical help.
Cyber hygiene: Develop an incident response plan and coordinate with law enforcement or other cyber professionals to help you.
- Personal hygiene: Get an annual check-up or physical
Cyber hygiene: Perform an annual risk analysis and security posture reviews.
- Personal hygiene: Perform a regular exercise routine.
Cyber hygiene: Test your backups and your Incident Response Plans.
- Personal hygiene: Maintain a healthy diet.
Cyber hygiene: Monitor your systems, create metrics and use them to make improvements.
- Personal hygiene: Read and learn – take an active part in maintaining your health.
Cyber hygiene: Educate your workforce with continual security awareness training.
In today’s digital landscape, everyone’s data and system are targets. Taking protective measures can reduce the risks that companies face from cyberattacks and accelerate recovery when an infection does happen. A cyber hygiene plan is an essential part of your company’s business strategy. Interested in learning how Micro Strategies can help?
*Inc Magazine 2017