Nowadays, more than ever before, we are reminded to stay on top of our hygiene. Whether it is frequently washing our hands, sanitizing work stations, or keeping our distance from others, regular practice is key to preventing illness.
As we develop routines to keep ourselves physically clean, it is important to ensure that we also do not neglect the regular protocols that our technology demands. From computers to mobile phones and everything in-between, in 2021 there were approximately 11.3 billion connected devices worldwide. This number is forecast to grow to 27.1 billion by 2025. These very devices are often home to our most sensitive data. Keeping these items safe from hackers, viruses, and malfunctions requires regular upkeep. With this in mind, we have a few important considerations for building out a new or stronger "immune" system for your cybersecurity hygiene plan.
What is cybersecurity hygiene?
Before going through some key items for your cybersecurity hygiene plan, you will want to understand its meaning. Do not be surprised to find out that you may have already implemented some of these actions. Sometimes, the most important item that most people miss is consistency in performance.
Cybersecurity hygiene should cover areas that include a company's hardware, software, and IT infrastructure as well as employee awareness and training. Following up and regularly updating these areas of your organization's infrastructure will ensure the deterrence of future cyber threats. A sound routine will also improve the ability of an organization to track the relationships between incidents and specific hardware.
3 areas to consider for enhancing your cybersecurity hygiene
- Perform regular system updates
Whether a laptop or mobile phone, we often receive notifications to "update to the latest software version". Many continuously put-off these updates to a later time, in order not to disrupt their current workflow. It is important to follow through on these updates as soon as they are available. Many offer enhanced security patches to new vulnerabilities. If you notice that you have not been prompted to update in more than one month, you should check your settings as manual action may be required.
Example: A 2021 data breach of Microsoft Exchange servers was reportedly discovered in January, however emergency patches to repair the breach were not issued until March, enabling bad actors to successfully attack the unpatched systems of tens of thousands of organizations until the patches could be installed.
- Regularly verify access management
Whether your organization is home to 10 or 10,000 employees, there should be a system in place to monitor who has access to particular systems and information. For instance, personal health information (PHI) that is accessed by an unauthorized employee can lead to serious trouble in terms of infringing on HIPAA compliance in the U.S. Besides keeping records of organizational permissions, it is recommended to also implement the use of strong passwords and multi-factor authentication on all programs.
Did you know? Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks. Though this does not apply to Microsoft programs only. Enabling MFA will have similar results for users of most other platforms as well.
- Implement a rapid response plan
If danger strikes, make sure you are not caught off guard. Hackers work quickly, so you will need to ensure a few key items are in place when it comes to responding to a variety of different cyber attacks.
Set goals: Reduce response time, minimize data loss, and get employees or clients back online as quickly as possible.
One of the best ways to reduce your response time is to test your plan with employees you have entrusted to assist in case a particular situation arises. Create mock breach scenarios on a regular basis to improve response time and improve your team's tactics in ridding the breach.
Other important areas to consider regularly updating
The government of Canada has compiled a list of key areas to monitor and update regularly as part of your cybersecurity hygiene plan.
Mobile device security (stay on top of software updates)
The creation of strong passwords (updated regularly)
Social media security (multi-factor authentication)
Traveling with a company device (what are the policies?)
Knowledge of the most common cybersecurity threats
For more in-depth tips on the above-noted categories check out the Government of Canada's cyber hygiene page.