What is the Difference Between Cyber Hygiene and Resiliency, and Why Are They Important?
How We Arrived at Today’s Perspective on Cybersecurity
Across all industries, concerns of bad actors, advanced persistent threats and cyberwarfare have brought us to an interesting place in cybersecurity, combining proactivity and a kind of “planned reactivity,” if you will. Both in the government and commercial space, it seems that organizations have reached a place of acceptance in terms of the fact that attacks and breaches are inevitable. Since cyberthreats have become more frequent and targeted, there’s a better understanding of what a security threat really is and how to guard against it, which has led to the inception of cyber hygiene and resiliency.
How to Practice Cyber Hygiene
Cyber hygiene is the concept of training your organization to be proactive about cybersecurity in order to offset the risk of cyberthreats and security issues (Norton). Ultimately, it covers the precautions users should be taking in order to keep sensitive data secure from attack (Digital Guardian), including the practices and steps everyone should be taking in order to uphold online security and system health—usually presented as part of an overall routine. Cyber hygiene is conducted regularly and cyclically, put in place to safeguard identities and other sensitive information that has the potential to be corrupted or stolen.
Cyber hygiene can be boiled down to two primary benefits: maintenance and security.
The only way for software and the computers that run it to be efficient is through regular maintenance; otherwise, programs become outdated and files fragmented, which increases risk. Regular maintenance identifies potential issues early, before cybersecurity risks become a problem.
Security is arguably the more critical objective of cyber hygiene. A solid security program protects your organization from viruses, malware and malicious actors that pervade the threat landscape of today.
A few recommendations for practicing great cyber hygiene:
- Create an organization-wide cyber hygiene policy.
You need a common set of practices to properly maintain cyber hygiene. Document them into a policy that all who access the network need to follow. This includes: data backups, software and hardware updates, regular password changes and managing new installs.
- Document all programs and equipment, including applications, software and hardware.
- Scrutinize your audit of programs and equipment for potential vulnerabilities.
User passwords should be changed regularly. Out-of-date applications and software should be updated. Unused equipment needs to be disposed of.
- Continuously reinforce these guidelines through rigorous enforcement and awareness.
“The point of cyber hygiene is to get your security house in order. You need to put the proper tools and controls in place and make sure your people are aware of the typical types of attacks that are out there.”
-Ron Flax, CTO at August Schell
How to Be Cyber Resilient
Cyber resiliency is an equally important concept that comes on the heels of the inception of cyber hygiene. Today, organizations have accepted that being hacked is inevitable, which is why the concept of cyber resiliency focuses on achieving a posture that allows for continuity of operations through a security event. Cyber resiliency is all about ensuring that you can continue to operate your business successfully, even if you’re experiencing an issue.
This allows organizations to think critically about how to effectively recover from a security incident across multiple areas: organization operations, cybersecurity and business continuity (CSO Online). Ultimately, organizations need to be in a position which allows them to adapt to a security disruption and continue with service delivery, even in the midst of an event like a data breach. This includes the necessary processes for maintaining or restoring business operations post-incident.
Just a few resiliency techniques that can increase your ability to continue service delivery during a security event:
- Analytic monitoring
- Privilege restriction
Putting Together Your Cyber Hygiene and Resiliency Strategies
How is your organization doing with cyber hygiene and resiliency? Ensuring you have the right practices in place for preventing security events, as well as reacting to them, is key to a strong security posture overall. If you’re looking for feedback on how you can practice cyber hygiene and establish resiliency, get in touch with August Schell. We’ll walk you through the process. To speak to someone today, call us at (301)-838-9470.