Security doesn’t work if all we’re doing is trying to keep pace with an ever-evolving landscape of threats and cyber-attacks – you’ll always be one step behind. Cybersecurity is a hot topic, not just in large enterprise and government organizations, but has now found its way to the kitchen table and is something we all have an opinion on. After all, bad cybersecurity habits affect us all.
Just simply reacting to new threats doesn’t work – but unfortunately this is how many organizations are currently operating. To counteract this, the best approach is to architect security into information technology systems from the start. Easier said than done - but with advanced technologies and new capabilities, provided by cloud and mobile computing, this is now not only feasible but essential too.
In 2016 there were over 4,000 ransomware attacks every single day, and that’s without mentioning the devastating effects of breaches like WannaCry where hospitals were blocked from accessing essential data like patient records. Of course, in reaction, cybersecurity spend has risen (in 2017 to over $86.4 billion) and organizations are adding layers of security over their systems.
The elephant in the room that is still leaving organizations vulnerable to attack is mindset. Outdated systems, no matter how many layers of bubble wrap companies blanket them in, are still outdated.
With breaches occurring at an alarming rate, and on such large scales too, it’s time for organizations to make sure they’re practicing basic cyber hygiene and protecting their crown jewels – mission critical business applications and data.
What is cyber hygiene?
In short, the simple principles every organization with an IT system needs to be aware of, and implementing, on a day-to-day basis. These can be broken down into five core principles. These aren’t new ideas, but sometimes they’re forgotten, and protocols aren’t always updated to keep cyber armor ‘chink-free’:
- Least Privilege - Just because you trust everyone in a business doesn’t mean that the receptionist needs the same access levels as the CEO. Giving users minimum necessary access leaves the most valuable data vulnerable to far fewer breach points. Hotels don’t give guests a key for every room in the hotel so why should his be any different?
- Micro Segmentation - We don’t use drawbridges and castle walls anymore for a reason – they give a false sense of security and encourage lax approaches to security within the walls. Once an attacker infiltrates the outer-defense the threat’s inside and there’s nowhere to hide. Breaking down a network into layers and self-contained areas keeps the entire system protected, and ensures access points aren’t left vulnerable to attack. Don’t neglect the perimeter and don’t rely on that alone.
- Encryption - Think of encryption as the last weapon in an arsenal against hackers – except with cyber security it keeps you ahead of the game. If all else fails and firewalls and access protocols are breached, encryption means that all the critical data stored is useless to them. Like a Rubix cube, if you don’t know how to decode it and put it back together, encrypted data is a difficult puzzle to crack. Basic cyber hygiene means encrypting files and data before sharing. The same applies to encrypting network traffic wherever possible.
- Multi-factor authentication - From thumb-print ID to facial recognition, security is becoming personal. But even implementing basic two-factor authentication stops the first wave of breaches. And, the more personal authentication gets, the more secure networks will be. After all, your thumbprint is much more difficult to steal than a pin code.
- Patching - Systems require updates for a reason. Every time malware gets more advanced service providers respond with system and software updates. Don’t remain in the past. Upgrade and update to stay ahead of the attacker’s game.
Understanding these principles is one thing – but implementing them is critical. Everyone in an organization should understand why cyber hygiene is critical, but more importantly, IT managers and business decision makers need to understand how to implement these principles.
Just like brushing your teeth or washing your hands, good cyber hygiene habits protect everyone.