Practice These 10 Basic Cyber Hygiene Tips for Risk Mitigation

For six years in a row, cybersecurity has been identified as the #1 “problematic shortage” area across all of IT. What’s more concerning is that in 2016 and 2017, there was a dramatic increase in the shortage across organisations.

With companies scrambling for cybersecurity personnel, they are also distracted by involvement in an innovation race. Today, intense pressure is placed on organisations to stay on top of new technology without slowing daily operations. As rapid implementations of these technologies continue, security measures and risks that tend to cause vulnerabilities in the IT environment are overlooked. With the popularity of Internet of Things and BYOD, we’re also witnessing the creation of weak spots that IT departments do not have the bandwidth or expertise to address.

In today’s modern cybersecurity, a large emphasis is placed on managing risk, which is dire for companies lacking professionals that can respond to attacks. With ever-evolving threats, it’s nearly impossible to always know what is coming. That’s why it is so imperative to practice basic cyber hygiene as a way to eliminate and mitigate possible threats, especially during a time of digital transformation.

What is Basic Cyber Hygiene?

The Center for Internet Security (CIS) and the Council on Cyber Security (CCS) defines cyber hygiene as a means to appropriately protect and maintain IT systems and devices and implement cyber security best practices.

This risk mitigation technique is a must for all businesses deploying emerging technologies to their networks. Without clear assessments and interventions, hackers will have an easy in through unpatched and outdated solutions, and unforeseen security gaps in newer technologies.Executive Brief Endpoint Protection

Keeping Good Cyber Hygiene Habits

While cyber hygiene isn’t an ironclad protection, it’s important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips:

  1. Keep an inventory of hardware and software on the company network.
  2. Develop a process for software installation by end users. That could include limiting installation of trusted software or prohibiting and blocking all installation without prior approval from IT.
  3. Educate users on practising good cyber behaviour, including password management, identifying potential phishing efforts, and which devices to connect to the network.
  4. Identify vulnerable applications that aren’t in use and disable them.
  5. Consistently back up data and keep multiple copies. Consider using a secure cloud solution as well as on premise.
  6. Turn to industry-accepted secure configurations/standards like NIST and CIS Benchmark. These can help organisations define items like password length, encryption, port access, and double authentication.
  7. Patch all applications right away–regularly. Unpatched systems are one the biggest risk factors in attacks.
  8. Create complex passwords.
  9. Limit the number of users with administrative privileges.
  10. Upgrade ageing infrastructure and systems.

Reduce the Human Impact

Even with the best protection, there are no guarantees that your business won’t become the victim of a ransomware attack, data breach, or other cybersecurity threat. That’s why it is so important to reduce human impact by automating security practices whenever possible.

Providing double authentication sign-ons that require complex passwords, blocking certain file types, and testing users on their security knowledge are steps that all companies can take to protect today’s diversified networks.

For businesses with a shortage of cybersecurity professionals, these steps while simple may still prove to be a challenge. That’s why it is helpful to find tools like machine learning that can react and predict malicious behaviour for you.

With machine learning and behavior-based detection, you can relieve your IT team of exhaustive manual procedures. SentinelOne automates security for you with EPP. To learn more on how to protect your network in our quickly evolving technological world, download our executive brief Get Your Endpoint Protection Out of the 90’s!

Item take from SentinelOne blog.