Cyber Hygiene……… What is it and how you can ‘clean up your act’!

Date

Cyber Hygiene…….if this isn’t a term you’re familiar with, then we suggest you read on. For years, many organisations have been spending millions on the latest IT defences. Sure, there’s no harm in investing in the latest monitoring software or fancy hardware that prevents even the most sophisticated of attacks. But what if we told you that over 75% of Cyber Attacks are avoidable by implementing the right level of Awareness, Policies and Procedures into your business? What if we told you that before you invest in your next ‘off the shelf’ cyber security solution, to double check you have the basics covered first. That’s right. In a world where we are constantly striving to purchase and test the most up to date, intelligent solutions before our competitors, often the solutions are a little closer to home. Our CEO Gary Langrish added ‘Ensuring you have an up-to-date Cyber Hygiene Policy is the cornerstone of any robust security strategy. Like Data Protection, a good Cyber Security culture should be based on solid foundations. Failure to have these basics in place is like trying to build a cathedral on quick sand’. At Trusthogen, we always start from the basics when consulting as these controls are often wrongly presumed to be in place and often missed. A good Cyber Hygiene Policy should include the following:
  • Agree and document a robust Password Policy – Agreeing an acceptable standard for passwords within your organisation should be top of your list. This should demonstrate what a bad password looks like vs a good one. In order to add a further layer of control, there should be requirements to refresh passwords on a frequent basis, for example every 30 days. Extra controls can also be implemented like not allowing the use of previous passwords etc.
  • Hardware Updates and Asset Inventories – We recommend that you record any hardware you have issued to your staff. This should include the type of device issued (Laptop, tablet, phone), the date it was issued and who it was issued to. With hardware evolving every year, it may be a good idea to inspect the condition of the hardware annually and replace when required. Over time, some hardware will develop vulnerabilities, so its important to stay one step ahead. If you’re allowing staff to ‘Bring Their Own Device’, this should also be logged and monitored
    • Software Updates and Inventories – That’s right, its also a good idea to keep a record of the software you are currently running across the various devices in your organisations. Often, global announcements are made that some software is susceptible to attacks from hackers and knowing which operating systems you’re running is a good way of assessing your vulnerabilities. It is also worth ensuring that you allow software updates to take place when available. Sure, this might be an inconvenience whilst the device updates, but it will save a lot of pain in the future.
    • Define Robust Access Privilege Procedures – Do your staff move around within the organisation? Do they always need access to the same level of information if they move department? Often, this can be managed by the implementation of a Joiners, Movers and Leavers Policy. Don’t forget, unauthorised access or disclosure of personal data could also constitute a Data Breach that could cost your business millions in fines, irreparable reputational damage and pave the way for legal action to be taken by employees and customers alike.
  • Monitor and Back Up Your Data – Data Back-ups have been utilised for many years by most organisations. This, in theory, allows you to ‘roll back’ the system and can be a response to a Malware Attack or huge programming error that has affected your data holdings. 
However, what is often neglected is the monitoring for Malware, Ransomware and other harmful intruders that are designed to wreak havoc within your organisation. Malicious Software is now so advanced that it will often seek out both your back ups and your address book directly after landing on your system. Often not ‘detonated’ for an average of over 200 days, malware can lie dormant on your system and go undetected for many months. Meanwhile, all of your backups have been infected and any attempts to ‘roll back’ the system will compound the issue and restart a devastating Attack Loop. On many occasions, organisations have stated that their back-ups were either deleted entirely or completely useless.
  • Training, Training and more Training – Quite often, an organisation will invest so heavily, that it will forget to include within scope its biggest commodity…..it’s staff!
Cyber Champions, improved governance around the ownership and updating of policies and effective learning material can be invaluable when preventing a Cyber Attacks. Keeping a record of who policies have been issued to and asking staff and manager to attest to having read these documents is also a great way to gain accountability from your people.

TrustHogen – Cyber Security as a Service

  • Availability – Comprehensive protection that basic cyber security frameworks can’t provide. 
  • Unlimited expert advice – Access to expert advice from a Cyber Security specialist 
  • Complete Solution – Schedule vulnerability scans, assess your cyber posture, meet compliance with relevant policies and procedures, train your staff and achieve Government backed Cyber Security certification. 
  • Ongoing protection – Maintain ongoing protection 247 with device monitoring. 

Cyber Security Bronze

  • A dedicated Cyber Security specialist
  • Discounted Cyber policy,procedure gap analysis and remediation 
  • Cyber Essentials Certification Guaranteed
  • Cyber Insurance (£25,000 indemnity coverage) 

Cyber Security Silver –

  • A dedicated Cyber Security specialist
  • Discounted Cyber policy and procedure gap analysis and remediation 
  • Cyber Essentials Certification Guaranteed
  • Cyber Essentials Plus Certification Guaranteed 
  • Cyber Insurance (£25,000 indemnity coverage) 
  • Real time Cyber Security device monitoring by CyberSmart 
  • Access to Managed Smart Policies 

Cyber Security Gold –

  • A dedicated Cyber Security specialist
  • Discounted Cyber policy and procedure gap analysis and remediation 
  • Cyber Essentials Certification Guaranteed
  • Cyber Essentials Plus Certification Guaranteed 
  • Cyber Insurance (£25,000 indemnity coverage) 
  • Real time Cyber Security device monitoring by CyberSmart 
  • Access to Managed Smart Policies 
  • Full company wide access to Cyber Security e-Learning (Animated courses covering information and cyber security staff awareness. 
  • Annual / Quarterly Vulnerability management with real time reporting

Cyber Security Platinum –

  • A dedicated Cyber Security specialist
  • Discounted Cyber policy and procedure gap analysis and remediation 
  • Cyber Essentials Certification Guaranteed
  • Cyber Essentials Plus Certification Guaranteed 
  • Cyber Insurance (£25,000 indemnity coverage) 
  • Real time Cyber Security device monitoring by CyberSmart 
  • Access to Managed Smart Policies 
  • Full company wide access to Cyber Security e-Learning (Animated courses covering information and cyber security staff awareness. 
  • Monthly Vulnerability management with real time reporting.
  • Quarterly / Annual Simulated Phishing Attacks with reporting 

More


articles