Essentials practices

By Pedro Tavares, Co-Founder, CSIRT.UBI

With the Internet becoming a giant data container, cybersecurity challenges have increased both in number and complexity over the last years. Organization’s cybersecurity can be very elaborate, but purchasing a piece of new hardware or software isn’t enough. Instead, defining baseline cyber practices and using cybersecurity programs should be seen as a pillar in this information era.

This article elaborates on cyber hygiene and presents the essential practices that should be applied.

Definition of cyber  hygiene 

Cyber hygiene is often compared to personal hygiene, in the sense that it should be a daily routine practice. This is a principle that establishes the practices and steps that users take to maintain the system’s health and improve their online security to minimize the risks from cyber threats. These routines represent some things that we learn as children. It involves typically three basic essential principles: (i) using tools that fit our hygiene need, (ii) performing these hygiene tasks correctly, and (iii), establishing a routine.

Have a  cyber  hygiene routine 

Do we all wash your teeth daily? To do this, we needed to set up our properly routine — using a toothbrush and toothpaste, learning to brush the teeth and end up making it a routine.

Do you change your password regularly? Let me guess: Probably not. IT organizations might set password policies, but users have to set strong passwords and keep them secret. These practices are routines to ensure the safety and integrity of identity and should be implemented securely to prevent that information could be stolen and corrupted. In contrast to physical hygiene, cyber hygiene is regularly conducted to ward off natural deterioration and common threats.

Among other highlights, it’s cleary notorious that having a well-defined cyber hygiene routine can be beneficial for two distinct reasons — maintenance and security.

Cyber  hygiene as a  mandatory measure

Risk is indeed a key consideration for this question. Having good cyber hygiene involves identifying,  prioritizing, and responding to risks of the organization’s key services and products. Arguably, it’s impossible to eliminate all risk, so determining the biggest, most likely risks focuses effort and improves efficiency.

Organizations have several devices in need of cyber hygiene.  For instance,  all hardware such as computers, servers, network devices, software programs, and online applications should be included in a regular maintenance program. All the devices mentioned are different, and each one has its security challenges. Below, examples of threats that corroborate the use of a cyber hygiene culture are presented.

Data Loss Prevention (DLP): This is a required process for all organizations. Hacking or corruption could result in a loss of information.

Misplaced Data: Poor cyber hygiene could mean losing data.

Security Breach: There are constant and immediate threats to all enterprise data.

Out-of-Date Software: Software applications should be updated periodically. For instance, antivirus software and other security software must be updated continuously.

Building a checklist 

Creating a cyber hygiene routine isn’t so difficult as it may seem and can reduce the system’s vulnerabilities and threats and also improve their security. So, to build a  checklist, check the example below:

  1. Identify and prioritize organization services, products and they’re supporting
  2. Establish an incident response
  3. Create network security and
  4. Implementing Identity and Access Management (IAM)
  5. Manage cyber risks associated with suppliers and external
  6. Document all current equipment and programs (hardware, software, and applications).
  7. Analyze the list of equipment and programs (identify vulnerable and obsolete software).
  8. Create a cyber hygiene policy (password policy, software updates, hardware updates, manage new installs, limit users and backup all data).
  9. Conduct cybersecurity education and awareness

Final thoughts —  make cyber  hygiene a routine 

Learning to monitor cybersecurity regularly will considerably increase the chances of avoiding an online threat. Just like any habit you wish to keep, it requires routine and repetition. Begin by setting an alarm to address a series of tasks. For instance, changing passwords every 90 days, scanning for viruses with antivirus software, updating the operating system, wiping the hard drive and checking for updates at least once per week.

Once you initiate a cyber hygiene routine, it will become a natural daily task for you and will prevent major losses to you or your company.

About the Author

Pedro Tavares is a cybersecurity professional and a founding member and Pentester of  CSIRT.UBI  and the founder of seguranca- informatica.pt.In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, Cybersecurity, iot and security in computer networks. He is also a Freelance Writer.