Since the start of the Covid pandemic, hygiene has been given a whole new meaning. We take small measures every day, such as washing our hands and wearing face masks, to maintain our well-being. A similar concept applies to IT infrastructures: Cyber hygiene encompasses all practices performed regularly by IT admins and users to ensure the health and security of data, devices, and networks within an organization. [By Lisa Mohsmann]
IT systems are not so different from humans – at least in the aspect that their health and safety rely on certain hygiene practices being followed. No matter if you are an IT admin or an end user, consider the following 7 best practices to prevent cyberattacks, downtime and data breaches in your organization.
1. Centrally oversee and manage your IT inventory
You can’t manage what you don’t know anything about. To ensure proper cyber hygiene is being upheld on all hardware and software distributed within your company, you need to have real-time oversight of your entire IT inventory. Especially in times of bring-your-own-device (BYOD), companies need to document exactly which software is being employed by which user on which device. As an admin, make sure you are notified whenever a risky piece of software is detected on a device in your network and keep track of the availability and potential faults of deployed hardware.
2. Patch deployed software right away
Did you know that outdated software is a leading cause of cyberattacks? In a survey conducted for IBM by the Ponemon Institute in 2020, 42% of respondents who had recently experienced a data breach indicated that the cause was a patch which had been available at the time but had not been applied. Cyber criminals systematically look for vulnerabilities in outdated software to gain access to a company’s network. To prevent this, organizations need a process that automatically screens the entire network for missing patches and performs updates in the background with minimal disruption for end users.
3. Perform data backups regularly
Data loss does not only occur when end users accidentally delete a file, but can be the consequence of hardware issues, power failure or malware attacks. Ransomware, for instance, is a type of malware that encrypts files in an organization that attackers use to blackmail companies into paying enormous sums to get back their data. You can save your organization time and money by creating backup copies of all important files. Automate your backup policy by use of a backup solution to avoid tedious manual work, circumvent potential human errors, and maintain a regular backup schedule.
4. Control user permissions
The issue with end devices is that they are managed and used by humans. And humans make mistakes – according to a report released by the World Economic Forum in 2022, 95% of cybersecurity issues can be traced back to human error. That is why it is key to carefully manage which individuals in your organization have the permission to control security-relevant settings. Since assigning user permissions is a time-consuming manual task for IT admins, it can be beneficial to make use of an IT management solution that automatically assigns users to groups with pre-defined usage rights.
5. Use strong passwords and make sure they are changed regularly
Of 3,000 adults surveyed by Google in 2019, 65% of users use the same password for multiple accounts and shockingly, IT professionals are no exception to this phenomenon. It is key to educate end users on what constitutes a secure password and how main account passwords can be changed. However, users struggle to come up with and remember complicated passwords every time. Use a password manager to generate secure passwords automatically and store them in an encrypted database.
6. Employ multi-factor authentication
Passwords are great, but organizations should not rely on passwords alone to protect their data – they are just too easy for criminals to hack, even if they fulfil all safety requirements. Multi-factor authentication (MFA) solutions require users to verify their identity via one or more additional verification factors, such as entering one-time passwords (OTPs) sent via smartphone apps, email, or text. Other additional verification factors are answering personal security questions or using face or voice recognition. This is an easy way to add an extra level of security to your organization.
7. Use a cybersecurity solution and adhere to a cybersecurity framework
There are many cybersecurity options out there, but here are some things to look for when choosing a solution for your company:
- Signatureless protection that can proactively detect both known and unknown threats (also known as zero-day threats)
- Built-in automated remediation of infections and any related artefacts
- Compatibility with all deployed devices and OS in your organization
- Lightweight solution that does not impede on the performance of your devices
Another thing to consider is adopting a cybersecurity framework such as the U.S. National Institute of Standards and Technology (NIST) framework. This allows you to save time on conceptualizing an entire cybersecurity program and instead rely on the collective experience of thousands of professionals who contributed to the framework.