How to best maintain cyber hygiene governance with documented processes.
Today, technology is driving change in organizations more than ever before. As a result, we’re highly dependent on numerous electronic devices—laptops, smartphones, and tablets. The additional electronic devices create complexity in your IT environment, which results in a lack of visibility and gaps in protection. In addition, security measures that depend on accessing cyber hygiene and fixing issues aren’t keeping up with today’s cyber challenges. For these reasons, having documented processes and governance in place is a must to maintain solid cyber hygiene on a continuous basis.
While hardening systems is like washing your hands after working in the garden, continuous automated remediation is like taking your daily Vitamin C to support your immune system and prevent illness. Good cyber hygiene focuses on putting the best practices in place that create and continuously maintain industry standards and compliance mandates before you are stricken with a cyber illness. Combining sound cyber hygiene practices with constantly monitoring for new vulnerabilities deliver the foundation for good cybersecurity.
Some primary challenges organizations face when trying to monitor their systems, networks, and software continuously:
- Identifying new risks: scanning environments manually or with multiple solutions increases human error risk
- Prioritizing patching activities: determining which threats pose the most significant risks and help allocate limited resources
- Choosing tools: ensuring reporting tools have security information and event management as well as governance, risk, and compliance capabilities
- Training staff: employees need to be cyber-aware and capable of identifying potential vulnerabilities to manage continuous monitoring tools
Where to start to build your immunity
It is best if you always start with the automation of as many cyber hygiene practices as possible to concentrate your human resources on the tasks that require human attention.
Automated Configuration Management
Secure configurations address many vulnerabilities that lead to data breaches. Implementing and maintaining proper secure configurations, including policy controls, is a prime target for automation. Reducing the effort for keeping your organization’s security configurations frees up significant resources for other cyber activities.
When securing technical configurations, you need to consider the different configurations across your:
- Operating systems
- Web and database infrastructure
- Network gear
Firewalls are a first-line defense against unauthorized users gaining access to data. To be effective, firewalls must:
- Be set up and configured properly
- Exclude outsider access to your organization’s network
- Limit the scope of access allowed to authorized users on the network
Passwords prevent unauthorized users from accessing information stored on devices and networks. To maintain strong protections, passwords should:
- Be unique and complex
- Contain at least 15 characters, numbers, symbols, and capital and lowercase letters
- Be changed regularly and kept private
Two-factor or multi-factor authentication provides an additional layer of active protection. Multi-factor authentication should be implemented with something you know and something you have:
- A unique code sent to a secondary device like a cell phone or a hard token
- Biometrics such as fingerprint or facial recognition
Requiring additional confirmation after submitting a password and username makes it harder for hackers to gain access to an organization’s environment and data.
Encrypt all company devices that contain sensitive data, including laptops, tablets, smartphones, and removable drives, backup tapes, and cloud storage. Encryption options are most commonly:
- End-to-end encryption
- Device-level data encryption with cloud backup storage
- Encrypted USB memory sticks
Network segregation is a type of endpoint protection that prevents cybercriminals from accessing an entire system. Appropriate network segmentation should separate networks transmitting and processing sensitive data from other networks.
Network segmentation can be achieved using one or a number of the following:
- VPN connections
- Firewall configurations
- Software-defined networking in a vast area network (SD-WAN)
- Secure access service edge (SASE)
Maintaining Cyber Hygiene Health
Continuous monitoring can be challenging, but it is mission-critical for any company that wants to mitigate data breach risks. Organizations can use Security Technical Implementation Guides (STIGs) and CIS Benchmarks to ensure secure configuration management. Leveraging automation, you can ensure continued secure system-level control effectiveness and document processes for a more mature cybersecurity posture.