Why all businesses need to develop Cyber Hygiene

October has been deemed National Cyber Security Awareness Month. An initiative brought to life by the joint efforts of the U.S. Department of Homeland Security and the National Cyber Security Alliance. Their objective is to ensure that every individual stay safe and secure online, something that’s taken for granted in this fast-growing digital age.

Cyber hygiene isn’t a term that’s often used in the office due to a lack of understanding or no effort from leadership to make security a priority.

When you hear the term “hygiene” your mind immediately rushes to washing your hands, brushing your teeth, and sanitizing surface areas, especially during this COVID-19 pandemic. So, what does that have to do with technology? It’s a useful metaphor to establish a culture of cyber awareness and create meaning in cybersecurity habits.

Cyber hygiene is about training yourself to think proactively about the state of your business cybersecurity, the same as you would for personal hygiene. To promote an environment that resists cyber threats, address security vulnerabilities, and educate employees on cybersecurity techniques.

What is Cyber Security?

Cybersecurity is the techniques and practices of defending data, networks, servers, electronic systems, portable devices, and information from malicious attacks. It’s also known as information technology security, system security or electronic information security.

When most people think of protecting information or data from being stolen, they that believe locking your computer, installing anti-virus software, or having passwords on your system are enough. Although all these practices are important, doing these alone are not enough to truly protecting your data.

To grasp the concept of cybersecurity, look at it from a more simplistic angle. What are we trying to protect and what are we protecting it from? The answer…we are protecting data such as personal health information, personal identity information, intellectual property, trade secrets, etc., from being accessed, modified, or deleted without authorization.

Ultimately you don’t want people to see your data. Your goal is to Keep It Secret or Keep It Confidential.

Why is it important?

Many small and medium-size businesses don’t believe that they would ever be a target of cybercrime, due to their size or global position as it relates to larger companies. Most SMBs underestimate the type and amount of data that they store, transmit or process on a daily basis.

Cyber-attacks and breaches happen to almost every business whether large or small. Every business experience with attacks and breaches varies depending on the attacker’s intent, duration, and industry. Recovering from an attack or breach can also vary and have disastrous consequences depending on the magnitude of the event.

Some events destroy a business’s reputation causing customers to lose trust in the owners’ capabilities of protecting its customers’ sensitive information. Which directly evolves into a loss of business, as well as the destruction of the brand you’ve diligently worked so hard to build. Cyber Security should be taken seriously and creating routine cyber hygiene practices should be at the top of senior leadership’s agenda.

Making a routine of Cyber Hygiene

Actively monitoring your cybersecurity regularly may decrease your chances of malicious attacks to your business. The key to accomplish this is by creating habits of reputation to establish a routine.

You can start with the basics such as:

  • Setting reminders to have systems scanned for vulnerabilities on a regular basis
  • Updating Anti-Virus and Anti-Malware regularly
  • Establishing password best practice
  • Changing passwords at least every 90 days
  • Using complex passwords (Numbers, symbols, Upper and lower cases)
  • Password length between 12–16 characters
  • Updating outdated hardware and software when possible
  • Protect and securing your wireless network

Cyber hygiene practices can help keep you safe and secure, but most importantly build a level of trust between you, your employees, and your customers. Once you’ve mastered the basics, more advance practices will be easier to implement into your environment such as:

  • Using network firewalls — security devices used to stop or mitigate unauthorized access to private networks connected to the Internet, especially intranets. The only traffic allowed on the network is defined via firewall policies any other traffic attempting to access the network is blocked.
  • Using multi-factor authentication — is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, an online account, or a VPN.
  • Encryption Techniques — the method by which information is converted into a secret code that hides the information’s true meaning.
  • Back up regularly — preferably daily or weekly, saves your important files from inevitable data loss situations due to common events such as system crash, malware infection, hard drive corruption, and failure.

In Conclusion

Cyber Security awareness starts with you. Educating yourself and others on what cyber threats are, the potential impact a cyber-attack will have on their business, and the steps required to reduce risk and prevent cyber-crime infiltrating is valuable to your business. Creating good cyber hygiene habits are essential to the safety of your business’s data and information. Starting with the basics is the first step in obtaining a more mature security environment. Keep everything “clean”, you’ll be on your way to creating cyber routines, increasing awareness, and strengthening your information security capabilities.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Antonio Benson Jr

Antonio Benson Jr

Certified security professional with experience in risk management, information security, data protection, and internal control evaluations.