Have you heard of something called cyber hygiene lately? Cyber hygiene refers to fundamental cybersecurity best practices that an organisation's security practitioners and users can undertake in order to improve online security. These practices are generally part of a routine ensuring identity and data security. Similar to other regular practices, cyber hygiene is regularly conducted to assure safety from common threats.
With the ever-changing threat landscape, it is important to create a cyber hygiene routine to prevent cyber criminals from causing security breaches, creating backdoors, installing malware and stealing personal information.
Normally organisations rely on cybersecurity professionals to carry out regular activities to protect themselves and their end-users sensitive data. But this is not sufficient. Every employee needs to understand the basics of cyber hygiene practices and their role in protecting and maintaining IT systems and devices. This will enable better incident response and provide immediate and effective defences against cyber attacks.
To begin with cyber hygiene
1. Use passwords and PINs to restrict log-on - Limit information system access to authorized users, and processes acting on behalf of authorized users or devices.
2. Assign user access privileges to accounts - Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
3. Know the network you are connecting to and make sure it is secure - Verify and control/limit connections to and use of external information systems.
4. Limit who and where you share/post information - Control information posted or processed on publicly accessible information systems.
5. Make accounts for each user - Identify information system users, and processes acting on behalf of users, or devices.
6. Use password authentication - Authenticate the identities of users, processes or devices before allowing them access to organizational information systems.
7. Crush it, Shred-it, or overwrite it before trashing - Sanitize or destroy information system media containing important business information before disposal or release for reuse.
8. Limit physical access - Limit physical access to organisational information systems, equipment, and the respective operating environments to authorized individuals.
9. No unauthorized entry and supervise visitors - Escort visitors and monitor visitor activity.
10. Audit logs of physical access - Maintain audit logs of all the physical access.
11. Track physical access - Control and manage physical access devices.
12. Keep your devices inside the firewall - Monitor, control and protect organisational communications at the external boundaries and key internal boundaries of the information systems.
13. Setup/use a secure network for internet access - Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
14. Install updates and run patches - Identity, report and correct information and information system flaws in a timely manner.
15. Use antivirus - Implement required protection from malicious code at appropriate locations within organisational information systems.
16. Subscribe for threat protection - Update malicious code protection mechanisms when new releases are available.
17. Enable antivirus scans - Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened or executed.
Organisations can benefit from Illume Intelligence's security ratings to protect their data and access their current security posture. We can minimize the time required for accessing related and third-party information security controls with the help of questionnaires and templates. Our related cyber security services are capable of helping in complete cyber protection for an organisation.