You may be looking at this blog title and wondering “what is cyber hygiene?” And “why do I need it?” When it comes to our bodies, we think of hygiene as doing things to take care of our mental and physical wellbeing. Cyber hygiene refers to the habits we undertake to keep our data and systems safe online.
If you’re thinking “does it even matter?” or “how does it help my business” keep reading. Cyber hygiene absolutely does matter as it is the first line of defence in any cyber attack.
Employees that practice good cyber hygiene are extremely beneficial to organizations like yours, as they will be the ones who don’t click on a phishing email infecting your systems with malware. Cyber hygiene is so important, the CISA (Cybersecurity and Infrastructure Security Agency) has issued a warning about hackers targeting cloud services, by, you guessed it, poor cyber hygiene. You can read the CISA report and a full list of their recommendations here, but below is a short summary of the 5 best practices you need for good cyber hygiene.
1. Secured Privileged Access
If this isn’t your company’s top security priority, it should be. Hackers love to target these accounts because of the significant potential business impact. Privileged accounts should include IT administrators with control of large portions of the enterprise estate and other users with access to business-critical assets (financial data, legal). Employ the principle of least privilege as much as possible (where users only have access to what they need). A strong password policy and Multifactor authentication are a must.
2. Strong Password Policy
Speaking of strong passwords, this is also a key of component of good cyber hygiene. Long, complex passwords, along with frequently changing passwords, and a lock-out policy (where an account is locked after a certain number of unsuccessful password attempts) are important to help in cases of brute force attacks. To help with users who complain about having to remember long passwords, have them use a password manager.
3. Multifactor Authentication
While there have been a few cases where hackers have been able to bypass multifactor authentication (MFA), it is still an important part of cyber hygiene. While CISA has found evidence of a breach using a “pass the cookie” to bypass MFA, in most cases, MFA has been effective to stop brute force attacks.
4. Cyber Awareness Training
Do you know how to spot a phishing email? Could your staff? Knowing about different types of phishing attacks and knowing not to click on malicious links in emails can go a long way in preventing malware infections and data leaks. If your business isn’t routinely providing cyber awareness training for staff, you need to consider doing so.
5. Close Open Ports
The CISA report also noted in their report that an organization failed to require a VPN to access its network. Even though the terminal server was located inside the firewall, it was configured with port 80 open to allow for remote connections from employees. As a result, the hacker was able to exploit this flaw by launching brute force attacks. To fix this, CISA recommends that all cloud-based virtual machine instances with a public IP do not have open Remote Desktop Protocol (RDP) ports. CISA also recommends that any systems with open RDP ports be placed behind the firewall and must use a VPN for authentication.
Following these 5 cyber hygiene best practices will help your organization’s wellbeing. While none of these tips on their own are a “magic bullet” solution to prevent all cyber attacks, they can help you stay secure. If you need help implementing cyber hygiene best practices, Uzado can help.