Cyber Hygiene Actions

Hey you all, Its, Yoav. Thank you for coming back.

On this post I will tell you how simple hygiene actions (with no additional tools required) can be implemented within your network, preventing digital illness and unnecessary disruption exposure.

On our previous post, Cyber Hygiene basics, we saw the similarity between body hygiene and network cyber hygiene. We also realized that the first step towards cleaning our network would be mapping. The depth of your mapping will determine your future ability to implement the coming suggested actions. We recommend to detail as possible, however, we do understand that it consumes time and manpower effort.

Highly important to emphasize is that hygiene does not require spending money on technology and tools. On the contrary, we believe you should start simple with your existing tools and only once processes are controlled and stable, consider automation and enforcement.

How do we proceed? By prioritizing our actions.

Prioritizing

Prioritizing is the place where the organization draws lines between his crucial assets that eventually makes the money and additional services that support the money-making process.  Since we cannot eliminate all risks, prioritization will segment our assets. Here is how to:

1. Use blank new Word file.
2. Define your most important network assets. list the things that can most negatively impact operations or finance in the case of a breach or a harmful event. Those are the places that you will focus when you will act to accomplish Cyber Hygiene approach.
3. While doing the above, bring into account the biggest, most likely risks that can happen to your network. Do so by assessing segments/ volumes / share files and even data vulnerability. Take to account that devices that are connected to the internet are more vulnerable.
4. Set priority to the network areas and devices. Write the most important and sensitive things in the top of the list and minor cases at the bottom. You can split the list into groups of classification and consider each group as an integrated unit to mitigate.

Categorizing network devices and software won’t just help you to get the most important tasks done quickly, it also allows you to better manage the IT and security workloads.

Responding

The ultimate step in the Cyber hygiene methodology is responding. Here are the actions that you can do to secure and reduce the likelihood of a cyber-attack. I divided the list into two categories: permanent actions (more like habits) and actions you should do periodically.

Let’s start with the top five permanent ones:

1. Enforce password policies – change password every 3 months and strive to implement multi factor authentication (MFA). MFA dramatically decreases the ability to hijack access accounts. Also, out of other’s experience, alert your users not to use their home passwords at work.
2. Don’t give access to users that don’t need it – employees who don’t need to have access to certain servers, information or network areas should NOT have access privilege to do so. It will prevent hackers from taking advantage of their permission to navigate through your network assets and steal whatever data they want.
3. Encrypt your data – make data stealing more complicated. Now that your data is mapped, at least start with sensitive data.
4. Monitor network changes. Enable the logs that indicate changes. Stay tuned.
5. Change devices default passwords configurations. First attempt everywhere is using defaults. Don’t let anyone fool you, defaults can be changed, even retroactively.

Here are my top five periodical actions to consider:

You can determine the interval periods and you should set up a task list routine that should be done every period determined.

1. Update Anti-Virus, software and hardware. Periodically check that the devices you think that are being updated actually are. Unfortunately, you may be surprised by what you reveal.
2. Install security patches. Obviously, the critical ones.
3. Restoration tests. Check if you can recover your core network assets backups.
4. Periodical vulnerability assessment. Test your devices configuration.
5. Check your documentation and the device records. Ensure it reflects your current state.

Although it might not be consider as hygiene, another important step is employees training.

Eventually, many attacks start with employees that have legitimate access and do mistakes or being manipulated to mistake. Teach them to avoid mistakes. Make them understand why certain action is a risky one. guide them how to act in the digital world. Here are some massages to pass:

• Do not share passwords. Make them hard to guess.
• Your personal devices should not enter the network, unless controls are implemented.
• Do not press unidentified links and do not click suspicious attachments.
• What is phishing and how to avoid phishing attempts.
• Do not install unauthorized software on company’s assets.

Bottom Line

Implementing Cyber hygiene is not an IT standalone task.

Risks are a business problem and each organization will deal with it differently. The logic is simple, keep the network clean as possible, organized and updated. Once achieved and you will have less problems. If you do have a problem, it will probably be easier to find, analyze and respond to.

I invite you to start implementing cyber hygiene in your organization. If you need assistance or even deeper guidance, we at CST-360 would love to assist. Just contact us.

What are these posts?

These posts are the firsts out of some new series I will write about cyber world fundamentals.

My name is Yoav Berger, and I am an analyst at CST-360. I started a research process on cyber-related topics, and I wish to share what I have learned. Eventually, the goal of these posts is to help anyone who wants to improve his cybersecurity knowledge and give  fundamental cybersecurity tools that can be applied right away.