Maintaining cybersecurity hygiene in an isolated economy

Businesses are now in a lockdown or work from home mode. Even after opening from the lockdown, business is no longer as normal. This makes access to critical systems more challenging. Working remotely and from home exposes more risk in managing cybersecurity than in a controlled enterprise environment.

Typical cyber hygiene problems

Some of the typical attack or breach of data are result of simple things;

• Malware infection or ransomware attack result of a phishing attack
• Security breach due to outdated software, infra, and systems
• Unchecked privileged user or internal user risk abuse
• Cyber attack discovered too late from lack of visibility

Maintaining good cybersecurity hygiene

Cybersecurity hygiene and maintaining it relates to implementing best practices for IT systems, which include but not limited to;

• Ensuring devices, systems, applications, etc are kept properly configured
• They are kept up-to-date to prevent exploits and vulnerabilities
• Ensure properly installed, functioning and updated anti-malware solution
• Enforcing strong password and 2FA
• Consistent monitoring for threats, vulnerability, and exploits

These look straight forward but they are the most often overlooked due to lack in resources or discipline to keep track.

Keeping track of your cybersecurity posture

To effectively manage and maintain the organization’s cybersecurity hygiene,

• Know your maturity level, risk and risk acceptance level
• Have strategy and controls measures to mitigate cybersecurity risk mapped out
• Have a good information security management system to guide reduction of risk
• Gain good visibility into the posture and threats within your organization

Your CISO or an outsource vCISO can help in determining your organization’s risk, areas to improve on, and propose controls for those areas, and a dedicated team or outsourced SecOps can help to track security operations and monitoring to maintain your operational cyber hygiene health.

For organizations with a larger infrastructure systems footprint, a comprehensive tool to keep track of compliance and health of systems, such as Cyber Observer will help C level and senior managers/directors keep track of risk, and compliance will help with keeping score of the company’s risk.