DriveLock support to achieve mandated CMMC and NIST certifications
U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security...
5 min read
DriveLock
Mar 28, 2022 11:00:00 AM
Cyber hygiene - these are simple security principles that every organisation should know and implement to keep all sensitive data under control and protect it from theft or attack. Worldwide, the costs caused by cybercrime are growing. If the business of cybercrime were measured as a gross domestic product, it would be the third-largest economy in the world after the US and China.
TABLE OF CONTENT |
Cybercrime is a profitable business, with relatively low risks compared to other forms of crime. Not only are the number of cyber attacks continuously increasing, but attackers are also becoming more and more tricky. They specifically exploit the human factor, which often becomes a gateway. IT security must adapt to changing hybrid working models and the increase in human error. It must keep pace with attack methods, distributed workplaces and infrastructures, and at the same time not interfere with daily work.
There are ways for companies to implement security measures that do not inconvenience users or make them feel restricted in their freedom.
By cyber hygiene we mean simple security principles that every IT department must know and implement. The main goal is to keep all sensitive data under control and protect it from theft or attack.
Cyber hygiene deliberately includes the association with personal hygiene, where we take precautions to maintain our health. It includes practices such as vulnerability management, endpoint inventory and many others.
A stark example of the financial and reputational damage stemming from inadequate cyber hygiene surfaced recently with the widely reported ransomware attack on a major European automotive supplier in late 2024. Investigations revealed that the initial intrusion vector was likely an unpatched vulnerability in a widely used VPN solution that had not been updated for several months.
This failure in basic cyber hygiene – specifically, neglecting timely patch management – allowed threat actors to gain initial access to the supplier's network. Subsequently, due to a lack of strong segmentation and lateral movement controls, the attackers were able to propagate the ransomware across critical systems, leading to a complete halt in production for several days. The estimated cost of this incident, encompassing lost production, recovery efforts, and reputational damage, ran into tens of millions of euros. This case underscores how seemingly minor lapses in cyber hygiene can have catastrophic consequences for even large and sophisticated organizations.
The basic practices of cyber hygiene are essential to ensuring a secure digital environment and thus form the foundation for any further security measures. While the implementation and monitoring of sophisticated security systems often falls under the responsibility of the IT department, the responsibility for diligent cyberhygiene extends to every individual within an organisation and, in fact, to all users of digital technology.
1. CYBER HYGIENE AFFECTS EVERYONE
Like personal hygiene, cyber hygiene starts with basic measures that contribute to good health. Although people like to attribute cyber hygiene to the IT department, it is a whole-business organisational task. It affects everyone. For example, the IT department can set password policies, but users must also set strong passwords and keep them secret.
2. CYBER HYGIENE REQUIRES REGULARITY
The principles of cyber hygiene are not new, but they are easily forgotten in everyday life. Simple rules make it easier to follow the hygiene protocols regularly and completely. A good idea is also is preparing yearly cyber security awareness training.
3. PREVENTION TOOL
Cyber hygiene is a prevention tool in a cybersecurity. When you strenghten it, your organisation will become more risk aware to malewares, threads, potential phishing or baiting.
Read more on IT Security and find out what is crucial to strenghten it:
We carry out hygiene measures regularly - at the very least when we are exposed to a significant threat. Thus, many of these measures are actually best practices in cyber hygiene. We focus here on what needs to be regularly checked and adhered to:
1. Patch regularly
Every time malware develops further or a new vulnerability becomes known, software manufacturers respond with system and software updates. A regular patch helps to reduce your attack surface.
2. Inventory of your hardware and software
A prerequisite of cyber hygiene is that you as a company know what you have in your inventory. Before you can adequately protect your attack surface, you need to identify all the assets within it. The basics of patch management include a complete inventory of all hardware and software assets across the corporate network. A vulnerability management solution continuously assesses risks from vulnerabilities and becomes a daily routine through automation.
3. The least privilege is better than maximum rights
Say goodbye to the idea of trusting everyone in the company, even if you know them well. "Never trust, always verify" is the maxim of Zero Trust, which applies to data, devices and users. An HR employee needs different access rights to contracts, for example, than an IT employee. Give users the minimal access they need and minimise the potential points of attack on your data.
4. Encrypt sensitive data
Use data encryption. If all else fails and your firewalls and access protocols are breached, or your laptop is stolen, encryption means that any important data you have stored is useless to the attackers. Basic cyber hygiene means encrypting your files and data before sharing them via removable media or, in the case of computers and laptops, the entire hard drive. The same applies to the encryption of removable media.
5. Strengthen the login with multi-factor authentication
Implementing multi-factor authentication more rigorously verifies that the right person is granted access. And the more personal you make the authentication, the more secure your network. Thumbprint ID and facial recognition create even more security.
6. Security when working remotely
Employees who work from home and use their personal computers (and also those who use a company-owned device) should adopt basic cyber hygiene practices. These include:
Further regular safety measures from the home office can be found here.
Maintaining strong cyber hygiene is not merely a suggestion but a fundamental necessity for any organization aiming for robust security and operational resilience. Implementing good cyber hygiene practices offers a multitude of advantages that extend beyond basic threat prevention.
Prioritizing cyber hygiene has become paramount. By consistently updating software, employing strong and unique passwords, enabling multi-factor authentication, and staying informed about the latest threats, individuals and businesses can fortify their online defenses.
Remember, cyber hygiene is not a one-time task but a continuous practice that safeguards sensitive information, ensures online privacy, and contributes to a safer digital world for all. So, take charge of your online presence and make cyber hygiene a cornerstone of your digital routine.
Are you looking to take your cyber hygiene to the next level and protect your endpoints comprehensively? The HYPERSECURE Platform offers a holistic solution that combines several critical security controls into one intuitive system. Simplify your security management and strengthen your defences against a wide range of cyber threats. Register now for a free demo and discover how Hypersecure can make your organisation more resilient.
U.S. companies seeking contracts from the U.S. Department of Defense (DoD) and other federal agencies are required to demonstrate strict IT security...
The Australian Cyber Security Centre (ACSC) is an Australian Government intelligence and security agency who provides advice and assistance on...
While firewalls, antivirus software, and intrusion detection systems serve as essential security layers, human error remains the weakest link in...