Cyber hygiene. It’s something all businesses and governments strive for, yet few really attain. I like to counsel leaders of companies on six important activities they can undertake to maintain proper cyber hygiene.
First, know your assets. Conduct assessments, and know what you have in your environment.
Second, patch and manage asset vulnerabilities. Asset vulnerabilities are things like technical defects, CVEs, configuration defects, logical defects ( the way data flows through an application, sessions, that kind of stuff) and residue that you have on these systems.
Third. Reduce your attack surface. All companies that practice good cyber hygiene do a good job of this. They segment, they prune and they repair. So create segmentation, prune the assets off in the environment that you don’t need and repair the ones that need repairing.
Fourth. Respond, automate, and patrol. You want to respond to the real-time threats, critically important. Think of this as live-fire: the bad guys are shooting at you – are you’re responding to them? Automate the daily routine. So an example of this would be your weapons inspections. You have a bunch of cyber weapons in the environment, make sure they’re functioning properly. And then patrol your data. So get your teams involved in threat hunts, looking for things that don’t belong in places or things that look out of place.
Fifth. You want to develop layers of defense. Deploy enforcement assets, think north and south, think east and west, and then think endpoint. Get some protection on those endpoints.
And then the final thing is to obtain and examine threat intelligence. So the types of threat intelligence that you want to obtain or asset-specific threat intelligence, sentiment-related intelligence, industry-vertical threat intelligence and threat actor threat intelligence. So I hope these tips help you maintain proper cyber hygiene.
If you want to learn more, visit our website at guardsight.com or give us a call to schedule a free consultation.