Ransomware and other cyber attacks are getting more expensive every year. IBM’s recent report found that the average cost of a breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 — and the year isn’t over yet.
Too often, data breaches are the result of routine lapses. IT teams forget or neglect to regularly check what endpoints are connected to the network, monitor cloud platforms employees are using for remote work, deploy patch updates, check security configurations, or keep software updated with the latest security protocols. A big portion of cyber attacks is down to human error and negligence.
Practicing improving cyber hygiene can help mitigate this risk. Companies that understand and embrace good cyber hygiene are often able to identify vulnerabilities and lower the risk of insider threat before they become costly liabilities. Here’s how cyber hygiene can help your company improve its defenses.
What is cyber hygiene?
It is the ongoing practice of maintaining the security of your systems, devices, cloud platforms, and other digital tools. It consists of a regular routine of activities that prevent and mitigate potential security threats.
Routine and repetition are central to practicing cyber hygiene. Like good personal hygiene, cyber hygiene ensures the health and well-being of your data environments. And, as many companies bring tools to enable hybrid and remote work, it’s important to regularly scan for new cloud platforms and collaboration tools that your team may be using without the right security defenses. Cyber hygiene aims to manage:
- Risk of privilege escalation from cloud data exposure incidents. For example, like when credentials are shared publicly in channels like Slack. This is something Nightfall explictly prevents
- The risk of a security breach from malware, hackers, and viruses
- The risk of data loss from online storage and hard drives that are not backed up or that are vulnerable to hacking
- The risk of outdated software, which could leave your device vulnerable
- The risk of older security or antivirus software that hasn’t kept up to date with the ever-changing environment of cyber threats
Cyber security hygiene considers each of these risks in regular scans, training, and patching practices.
Cyber hygiene best practices
Cyber hygiene isn’t a one-off event, but it does start by creating an IT asset inventory. From there, you can implement these best practices to ensure you’re consistently monitoring for threats. Locate anything considered “business critical” — includingthings like corporate financial data, customer data, intellectual property, proprietary source code, and payment information. Create an inventory of where those assets are stored (on-premises or in the cloud) and who has access to them.
With these records in place, follow these cyber hygiene best practices.
Implement the right tools
Make sure you have the right tools in place to help you manage cyber security hygiene. This includes data loss prevention, a password manager, firewalls, antivirus software, and even data wiping software that enables you to clear out data you don't need from hardware or system files.
Set a schedule for regular check-ups
Cyber hygiene requires regularly updating software, backing up data, and reviewing user privileges. Create a schedule to make it easy for your team to make cyber hygiene part of the workflow. Delete files, data, and apps that no one is using anymore, and set up features that enable automatic updates to reduce the amount of manual effort associated with this task.
Use secure passwords
Set up a separate (and less predictable) schedule to remind members of your organization to change their passwords. Use a password management tool to help team members generate difficult-to-guess passwords that are at least 12 characters long. Likewise, make sure everyone has multifactor authentication enabled on their devices and accounts.
Provide regular cybersecurity training and data policy updates
So much of cyber security is mitigating the risk of insider threat. The main cause of insider threat data leaks is poor cyber hygiene — whether it’s ignorance of security policies or users who bend or break the rules to get work done faster or get around protocols. As a result, make it a requirement for team members to regularly attend training on how to maintain a secure IT environment. This should include rules around handling senstive information like PHI, PII, and other types of data that can result in breaches or exposure incidents. For good measure, using a tool like Nightfall to enforce policies around sensitive information in cloud environments can minimize your overall cloud security risk.
Listen to the following clip to see how Brent Lassi, CISO of Bluecore leverages Nightfall to secure his organization's SaaS applications from data leakage.
Cyber hygiene checklist
The list of activities that go into cyber hygiene at your organization will largely depend on the IT assets that you identify. However, here are a few cyber hygiene best practices to tick off your checklist.
- Implement cloud DLP. A solution like Nightfall can make it easy to maintain cyber hygiene. Nightfall uses AI to scan for instances in which data may be at risk and remediate the risk quickly.
- Regularly back up data. You should back up your data every 24 hours, but check to make sure regular backups are taking place at least weekly.
- Implement strong passwords. Use a password manager and 2FA or MFA.
- Practice IAM and actively manage user access. Read more in our guide, 5 Identity and Access Management Best Practices
- Implement privacy controls.
- Delete apps no longer in use.
- Update software, browsers, operating systems and antivirus.
- Keep devices and routers secure.
You may also want to regularly revisit your business continuity plan to make sure it’s still valid and useful.
Want to learn more? Find out more about cyber hygiene and get started with Nightfall by scheduling a demo at the link below.