T-Mobile. Colonial Pipeline. Acer. What do they all have in common aside from being multibillion dollar companies? They’ve all been hacked in recent months due to poor cyber hygiene. As Matthew Swenson, Chief of the Department of Homeland Security’s (DHS) Cyber Crime Unit at Homeland Security Investigations (HSI), stressed during an August 19 GovernmentCIO webinar, “[i]f you look at the most major ransomware attacks that have occurred, basic cyber hygiene could have prevented the vast majority of them[.]”
With ransomware attacks on the rise and even nation-states getting in on the action, basic cyber hygiene is critical. Don’t wait for a cyber attacker to take advantage of flaws in your environment before you strengthen your security posture. Through good cyber hygiene practices and a proactive security posture, you can avoid a damaging cyber breach.
What is Cyber Hygiene?
Cyber hygiene means doing the little things consistently and correctly every time to minimize your threat surface. It’s taking the time to ensure you’re not providing a malicious attacker with the opportunity to take advantage of gaps and vulnerabilities in your network. This can be done by asking yourself these questions:
- Is my anti-virus and anti-malware software running the latest definitions?
- Are my operating systems on both servers and workstations patched and up-to-date?
- Are my firewalls updated with the latest patches and firmware?
- Are my virtual hosts patched and updated?
- Are my third-party applications patched?
If you answered “no” to any of these questions, you may want to consider evaluating your cyber hygiene.
Trust, But Verify.
Trust, but verify are great words to live by, especially with regard to cyber security. If Equifax had verified all the items on the checklist above before their 2017 cyber breach, they would have realized one of their web applications had a critical vulnerability patch available. Unfortunately, Equifax didn’t verify this patch update, and left the application vulnerable for several months before hackers took advantage of their oversight. The simple act of verifying that all critical patches and updates were applied not only to operating systems, but also to their applications would have prevented 143 million people from being exposed.
You’re Not Alone.
Maybe you know your company doesn’t have the best security posture, or maybe you don’t. Maybe you have a security solution in place, but realize you can be more proactive. Wherever you stand on cyber security, don’t worry. You’re not alone. Some of the biggest companies in the world can succumb to a cyber breach, and as breaches become more prevalent, what likelihood do you think your company has of being breached, too?
How Do I Improve?
You don’t wait until you have an unbearable cavity to go to the dentist, and, in the same way, you don’t want to start thinking about security best practices until after a hacker breaks into your network. In addition to the checklist, there are a number of network assessments that will help you understand your current security posture, including:
- Security Gap Assessment – Provides your company with an in-depth look at your current security posture, a customized and strategic roadmap comprised of short and long-term milestones, and a plan of action to achieve your security goals
- Vulnerability Assessment – Provides insight into the stability and security of your network, as well as transparency within the internal and external perimeters of your network
- Edge Assessment – Designed to help you understand your threat landscape and how to secure your firewall
- Customized Action Plan – We work with your business to develop a customized plan and roadmap specific to your organization
We’re here to help you. If you want to be proactive and gain a better understanding of cyber hygiene and how to improve your security posture, contact us and we’ll gladly help.
Don’t wait for an attacker to take advantage of your organization’s poor cyber hygiene. Take our short Cyber Hygiene Quiz for an assessment of your company’s cyber posture.
*This blog post was originally posted in 2019 and has been updated for accuracy and relevance.