Why is a routine security hygiene check important? Why do we tend to forget about it? Cybersecurity crosses all industries and affects everyone. Cybersecurity is a complex topic. It crosses all industries and affects everyone. Even in academia, cybersecurity is a multidisciplinary program. As “security people” we spend a lot of time focusing on the next threats/big risk areas and on securing the next big IT “thing”. We implement/maintain a proper security hygiene routine, respond to the latest threats you hear about on the news and then write blogs about advanced security topics.

The shocking truth about the current threat landscape…

Now, the reality of the current threat landscape is that the hackers (a.k.a. bad guys) aren’t using sophisticated means to compromise our data! They’re getting in with the silliness that everyone has the ability to prevent! Even the NSA has stated that they don’t need sophisticated attacks, they just need to wait for someone to make a mistake.

I talk about this notion of “security hygiene” a lot in my talks. Security hygiene is the stuff that everyone should be doing! It’s the simple things that we take for granted. What follows is my top-5 areas of security hygiene that I tell all my clients and show in every presentation I make:

• Understand what’s important. Identify your critical data. Is this ePHI? Contracts? Legal documents? Whatever it is, you need to classify that data as specifically important. And keep in mind, if everything is important, nothing is important..
• Confirm the location of your private information. Where is your data? On a cloud service (e.g. a drive service)? In your email? Who has access to your email? What about your partner organizations? If you can’t find your important data, how can you protect it?
• Run your updates. This seems SO SIMPLE, yet it also seems so unattainable for some. You need to routinely run your operating system updates AND your software updates! A lot of malware exploits vulnerabilities in your browser or Flash player; it’s important to keep those updated at all times.
• Use an AntiMalware/AntiVirus service. These programs will NOT stop everything! However, a good malware program will prevent common malware from infecting your systems. For extra points, look for a managed malware solution (we have that too!).
• Practice and Promote Education. Spending time in awareness, on blogs, and reading about security is critically important for you and your organization. The only way you can stop someone from clicking a malicious link is to show them what one looks like (and what to do when they inevitably click it).
• Endpoint Security. Okay, this is #6 in a top-5 list, but it’s too important not to add. Most every software vendor publishes best-practices for securing their software (e.g. Windows, Mac OS, Office, etc…). There are also other great resources like the CIS Benchmarks and the DISA STIGS that go in to even more detail. Find someone who knows how to implement those standards, and do it! If your IT service provider doesn’t know what that means, call us and we’ll explain it to them…

These may seem like simple things, and they are! The fact is, most organizations (1-100k employees) fail to do them correctly, completely, or routinely. Small and mid-sized businesses have the ability to run world-class security programs with a fraction of the investment a larger company would make. The key is planning, building a security culture, and starting with simple security hygiene.

Let GoldSky help you get there!