A clear understanding of the importance of cyber hygiene, and how it can provide a solid foundation for your wider Zero Trust and cyber resilience strategy, can drive greater security and collaboration across your organisation.
The third episode of the series explores cyber hygiene, defining why it is an important part of any overarching cyber resilience strategy, and the steps organisations can take to achieve it, including prioritising clean technology, safe user and community practices and effective governance.
In this episode of “Need to Know” host Liz Green, EMEA Advisory & Cyber Lead at Dell Technologies, is joined by Sian John, Director of Microsoft Security Business Development.
Listen In To Learn
- What cyber hygiene is, the risks that can arise from poor hygiene and practical steps you can take to improve it
- How cyber hygiene is like the Stanford Marshmallow Experiment
- Why collaboration is vital to good cyber hygiene, for organisations and across industries
- How good cyber hygiene can be built on Zero Trust principles
The big question – What is cyber hygiene?
“Cyber Hygiene requires all of us to pay attention and to play our part”. – Liz Green
As with cyber resilience as a whole, cyber hygiene requires action from a variety of different people and institutions and a range of technologies to function properly, and must be conducted collaboratively to achieve results.
A widely used but often misunderstood term, cyber hygiene can be defined as ‘a set of practices organisation and individuals perform regularly to maintain the health and security of users, devices, networks and data’[1]. Comparing cyber hygiene practices to personal hygiene practices serves up some valid comparisons: good personal hygiene relies on three key factors: clean water, good sanitation and good hygiene education.
Cyber hygiene can be thought of in this context, with the ‘clean water’ being clean data feeds coming in, ‘good sanitation’ being clean systems and the actions taken to keep them that way, and the upkeep of the clean environment relying on good education and engagement. While users can take ownership of their own personal cyber hygiene by being aware of their actions, such as clicking on potentially fraudulent or unsafe links, collaboration is needed to make sure cyber hygiene provides 360 degrees of protection.
Examples of this collaborations include ISPs and government organisations making sure connections and the wider internet are kept safe and clean through proactive cyber defence, and security management service providers working in ‘sanitation’ to clean data feeds through measures like anti-phishing and anti-spam. Organisations themselves can than take part in this ‘big clean up’ with good data management and governance principles, strong device and identity protection and rigorous data cleaning and clearance.
Is the digital world too much of a mess?
It may feel like the digital landscape is too ‘polluted’ for effective cyber hygiene to make a difference in the face of a challenging amount of risky data and bad actors looking to take advantage of any openings.
But looking back at sanitation history, if the powers that be in 19th century London had decided that nothing could be done about the prevailing unsanitary conditions of the time, history would have played out very differently. By collaborative effort to take action, the ecosystem can begin to clean itself and increase hygiene.
By putting systems in place to consistently monitor the quality of cyber hygiene, the question shifts from ‘can we make this completely clean?’ to focusing on making the environment cleaner and safer to exist in. This relies on putting the infrastructure in place to begin the cleaning process, and by taking positive action.
A Zero Trust Building Exercise
“Zero Trust is very fashionable, but it’s not a product – it’s a set of principles.” – Sian John
There are many common factors at play that can cause multiple cyber hygiene issues, and that rely on educating people to that they can make the right decisions as well as ensuring there is strong cyber hygiene infrastructure in place.
Taking steps like ensuring clean identities and introducing multi-factor authentication can be vital, as up to 80% of data breaches can be attributed to poor authentication procedures[2]. Ensuring that infrastructure is as up-to-date as possible is also a must in order to stay on top of evolving threats and exploits, and patches are a key part of this ongoing modernization process.
Cyber hygiene also benefits from instilling Zero Trust security principles, acting as a strong baseline for people to build good practices on. Ensuring that connection and access privileges are in places and that controls are put on what users can access, and how they can access it, are great first steps. Operating under the assumption that there will be pollution in your environments, and building architectures around that beginning with business critical data and systems ensures that good hygiene is built into your cyber resilience strategy and infrastructure from the ground up.
However it is approached, it is important to remember that cyber hygiene is a team effort that relies on collaboration. While some steps might involve individuals, others involve leaders setting the right strategy and making the right investments. While it may seem daunting, cyber hygiene can be built into everything an organisation does through practical steps like investing in the right tools, partnering with the right tech providers and building it into wider cyber resilience strategy. Just like household cleaning, when it comes to cyber hygiene many hands make light work.
At Dell Technologies, our objective is to provide a deep and broad portfolio of products, delivering specialist solutions for our clients, and partners enabling these solutions. To find out more about our range of cyber hygiene solutions and how these can help inform your cyber security strategy, click here.
You can listen to all episodes of “Need to Know” podcast, including this conversation on cyber hygiene, here.
[1] https://www.techtarget.com/searchsecurity/definition/cyber-hygiene
[2] https://www.scmagazine.com/analysis/identity-and-access/authentication-weakness-responsible-for-80-of-financial-breaches
