Did you know that most Cybersecurity incidents in the workplace occur due to human error. Identifying ways to avoid human error is key to preventing data breaches and limiting downtime.
Following good cyber hygiene practices can also make a big difference in your business not becoming the next victim of a cyber attack.
What is Cyber Hygiene?
Cyber hygiene is simply the process of following the best IT security practices to keep your network and data secure. These cyber hygiene practices offer numerous benefits, such as reducing vulnerabilities and limiting the chance of data breaches.
On the other hand, poor cyber hygiene practices can lead to devastating results for your business.
What are Examples of Good Cyber Hygiene Practices?
Following good cyber hygiene practices is critical for any company.
Examples of good cyber hygiene practices include creating a detailed inventory of your hardware and software, keeping backups up to date, downloading and applying the latest software patches, and limiting the number of employees with admin-access capabilities. (Least Privaliage)
What are the 11 Rules of Cyber Hygiene?
Keeping up with basic cyber hygiene practices can help you avoid many issues. A Managed IT Service Provider can assist your business in following the eleven rules of cyber hygiene.
Here is an overview of these rules and why your business needs to remain committed to these steps.
1) Automatic Updates
Outdated software is a major security risk that can lead to numerous problems for your business. These updates play a vital role in patching vulnerabilities. Turning on automatic updates is a great way to keep everything up to date without having to rely on your employees to manually download these patches.
2) Detailed Documentation
Many businesses make the mistake of not keeping accurate records of their inventory. Failure to keep track of devices in the workplace increases the chance of cyber security breaches. Creating and maintaining an up-to-date list of your hardware and software is key to maintaining IT security.
A Managed Services Provider will maintain this asset inventory on your behalf along with process documentation
3) Inventory Assessment
The next step is to review your inventory to look for any signs of vulnerabilities. For example do you still have nay Windows 7 computers in the IT eco-system? Are all devices listed in the inventory in use or have some been retired and the records not updated. Are the devices Encrypted etc.
A managed IT service provider will as part of their regular reporting (monthly is recommended) provide an overview of any risk posed by the inventory. Together you would agree an action plan to reduce risk and exposure to vulnerabilities. It's also recommended to remove any unused programs for an additional level of security.
4) IT Security Policies
Creating IT security policies can help you avoid common cyber hygiene problems. These policies will give your employees direction on how to respond to a cybersecurity incident while also providing best practices on how to prevent these situations.
A managed service provider can provide best practice templates for your IT Security Policy’s that cover, Acceptable Usage, Device Management, Password Requirements, Mobile Device Management, etc (If you would like a copy of our Templates please ask.) Your IT Support Provider can also update your IT security policy on a regular basis due to the evolving nature of cyber attacks. It’s always recommended to have any policy’s reviewed by your Legal advisors.
5) Device Encryption
Cybercriminals are always looking at ways to target weaknesses to access confidential data. Enabling device encryption is key to staying proactive against these threats. Requiring device encryption for all devices is especially important for remote workers, whether it's laptops, smartphones, or tablets.
Under GDPR all Laptops and mobile devices should be Encrypted and if your using up to date operating systems such as Windows 10 or Windows 11 the encryption can be enabled in the settings.
If you working with a Managed Services Provider the Encryption of all company devices can be centrally applied, maintained and monitored for you.
6) Anti-Virus Software
Installing antivirus and malware software for each device is critical to equip your business much-needed protection. IT security software is often your first line of defense against cyber threats. Enabling automatic updates for your antivirus software is key to ensuring your business is always receiving the best protection available.
It’s highly recommended that you also deploy a Managed Detection Response (MDR) in tandem with Anti-Virus. An MDR is more sophisticated in its identification and remediation of suspicions and or nefarious behaviour and malicious software often associated with criminal activity.
If your working with a Managed Services Provider this should be included as standard (Both AV and MDR), this provides round the clock altering, and remediation of identified threats.
7) Network Firewalls
Network firewalls are another important aspect of business cyber hygiene. A network firewall offers your company an extra layer of defense against cyber threats. These digital barriers can help prevent unauthorised access to your network to ensure your company is always well-protected from cybercriminals.
It’s essential that the configuration is checked to ensure the security services are enabled and configured correctly. Some Firewalls require annual licensing for the security services. If you don’t have them enabled or configured you may not be receiving any protection from the firewall.
Make sure you ask your Managed Services Provider for a screenshot of the configured services to show they are enabled and working.
8) Strong Passwords
Weak passwords are a major issue for most businesses especially if the password policy is not configured to best practice standards
Using the same password for multiple accounts presents a significant security risk. Requiring your employees to create complex passwords is essential to IT security.
If your working with a Managed Services Provider they can help configure the necessary technical controls to ensure the use of strong password that align to your Password Policy.
9) Protection of Wireless Devices and Networks
Cybercriminals often target wireless networks due to them being easy to hack. Making sure the Wireless uses either WPA2 or WPA3 encryption is critical to ensure your information remains safe on the network. Even better is to use Certificate Based Authentication that can be centrally configured to push the secure Wireless settings to the compact assets this removes the need for a single Wireless Password to be shared among all devices and users further strengthening the corporate Network and systems
If you working with a Managed Services Provider ask them about Certificate Based Authentication
10) Multi-Factor Authentication
Creating strong passwords is just one aspect of data security. Turning on multi-factor authentication provides your accounts with even greater protection, as it requires a person to verify their identity with a time-sensitive code sent to their email or mobile device. To achieve best Practice standards and now often required by Insurance companies you should enforce MFA on all company accounts to ensure no account is left unprotected by human error
11) Creation of Data Backups
The loss of data can happen in a variety of ways. Data loss can result in significant fines against your business, and it can also ruin your reputation. Maintaining Off-site copies of your data such as to the cloud is one way to protect your information. Even more important in todays technology driven world is a Disaster Recovery Plan which not only maintained a copy of your data off-site but also an operational snapshot of the entire IT eco-system to ensure rapid recovery from an unforeseen event such as a Fire or Ransomeware incident
Cyber Hygiene for Employees
Employees need to remain aware of cyber hygiene best practices. Staying aware of these best practices is a necessity in today's digital work environment. Creating a cyber hygiene checklist for your team is important in avoiding common mistakes. Keeping your list up to date is also vital due to the ever-changing nature of cyber threats.
Implementing a Cyber Security Awareness Training Program is highly recommended. If your working with a Managed Service Provider they can offer this as a service so you doing have to spend time creating the learning platform.
Good Cyber Hygiene at Home
Cyber hygiene isn't only limited to the workplace, as it's also important to practice at home. Good cyber hygiene covers a wide range of areas, whether it's keeping software up to date, creating data backups, installing antivirus software, or using a password manager. Continuing to practice these tips can help limit cybersecurity incidents, whether it's in the workplace or at home.
Following cyber hygiene best practices is critical in staying a step ahead of cyber attacks. Working with a managed IT service provider can help your business follow this checklist while also training your team on how to avoid common mistakes.
Feel free to reach out to Lantech to book a cyber security posture review or to schedule a meeting.