skip to Main Content
Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages
Filter by Categories
Articles
Collaterals
Homepage
Press Releases
Uncategorized
Videos
Webinars
Contact:
  • Content Types

    category
    61a28c3f083c8
    0
    0
    Loading....
  • Content Types

  • Topics

  • Vitamin C for your Infrastructure – Cyber Hygiene Governance

    How to best maintain cyber hygiene governance with documented processes.

    Today, technology is driving change in organizations more than ever before. As a result, we’re highly dependent on numerous electronic devices—laptops, smartphones, and tablets. The additional electronic devices create complexity in your IT environment, which results in a lack of visibility and gaps in protection. In addition, security measures that depend on accessing cyber hygiene and fixing issues aren’t keeping up with today’s cyber challenges. For these reasons, having documented processes and governance in place is a must to maintain solid cyber hygiene on a continuous basis.

    While hardening systems is like washing your hands after working in the garden, continuous automated remediation is like taking your daily Vitamin C to support your immune system and prevent illness. Good cyber hygiene focuses on putting the best practices in place that create and continuously maintain industry standards and compliance mandates before you are stricken with a cyber illness. Combining sound cyber hygiene practices with constantly monitoring for new vulnerabilities deliver the foundation for good cybersecurity.

    Some primary challenges organizations face when trying to monitor their systems, networks, and software continuously:

    •   Identifying new risks: scanning environments manually or with multiple solutions increases human error risk
    •   Prioritizing patching activities: determining which threats pose the most significant risks and help allocate limited resources
    •   Choosing tools: ensuring reporting tools have security information and event management as well as governance, risk, and compliance capabilities
    •   Training staff: employees need to be cyber-aware and capable of identifying potential vulnerabilities to manage continuous monitoring tools

     Where to start to build your immunity

    It is best if you always start with the automation of as many cyber hygiene practices as possible to concentrate your human resources on the tasks that require human attention.

     Automated Configuration Management

    Secure configurations address many vulnerabilities that lead to data breaches. Implementing and maintaining proper secure configurations, including policy controls, is a prime target for automation. Reducing the effort for keeping your organization’s security configurations frees up significant resources for other cyber activities.

    When securing technical configurations, you need to consider the different configurations across your:

    • Operating systems
    • Web and database infrastructure
    • Network gear
    • Applications

    Network Firewalls

    Firewalls are a first-line defense against unauthorized users gaining access to data. To be effective, firewalls must:

    • Be set up and configured properly
    • Exclude outsider access to your organization’s network
    • Limit the scope of access allowed to authorized users on the network

     Password Protection

    Passwords prevent unauthorized users from accessing information stored on devices and networks. To maintain strong protections, passwords should:

    • Be unique and complex
    • Contain at least 15 characters, numbers, symbols, and capital and lowercase letters
    • Be changed regularly and kept private

     Multi-Factor Authentication

    Two-factor or multi-factor authentication provides an additional layer of active protection. Multi-factor authentication should be implemented with something you know and something you have:

    • A unique code sent to a secondary device like a cell phone or a hard token
    • Biometrics such as fingerprint or facial recognition

    Requiring additional confirmation after submitting a password and username makes it harder for hackers to gain access to an organization’s environment and data.

     Device Encryption

    Encrypt all company devices that contain sensitive data, including laptops, tablets, smartphones, and removable drives, backup tapes, and cloud storage. Encryption options are most commonly:

    • End-to-end encryption
    • Device-level data encryption with cloud backup storage
    • Encrypted USB memory sticks

     Network Segregation

    Network segregation is a type of endpoint protection that prevents cybercriminals from accessing an entire system. Appropriate network segmentation should separate networks transmitting and processing sensitive data from other networks.

    Network segmentation can be achieved using one or a number of the following:

    • VPN connections
    • Firewall configurations
    • Software-defined networking in a vast area network (SD-WAN)
    • Secure access service edge (SASE)

     Maintaining Cyber Hygiene Health 

    Continuous monitoring can be challenging, but it is mission-critical for any company that wants to mitigate data breach risks. Organizations can use Security Technical Implementation Guides (STIGs) and CIS Benchmarks to ensure secure configuration management. Leveraging automation, you can ensure continued secure system-level control effectiveness and document processes for a more mature cybersecurity posture.

    Share This: