Digital hygiene key to cyber security

“Cyber hygiene has become an essential part of the cyber security practice to protect against the constantly evolving spectrum of cyber threats,” Fratucello says.

“It is a critical component of a well-thought cybersecurity strategy, as it can reduce risks, promote customer trust, reduce cost and downtime, inhibit unwanted access to systems and reduce the likelihood of data breaches.”

Key elements of a robust cyber hygiene regime include password management, email security, software updates, and antivirus and firewall protection, according to CrowdStrike. They involve a combination of best practice, technological countermeasures and cyber security awareness training to ensure employees are not the weak link in the chain.

Many organisations underestimate the importance of fundamental cyber hygiene, even though it can thwart more than half of the cyber threats they face each day, says Fred Thiele, group CISO of Australian IT services provider Interactive.

As the partner of choice for regulated industries, Interactive’s hyper-specialised cyber expertise – delivered by the recently acquired Slipstream Cyber – includes Active Defence, Digital Forensics and Incident Response, Consulting and Assurance services.

One of the key misconceptions is cyber hygiene is a one-off siloed project rather than a business-wide ongoing effort, Thiele says.

“The fundamental nature of any hygiene initiative, whether it’s washing your hands or ensuring that you don’t click on malicious links, is that in order to be effective it must become a deeply ingrained habit,” says Thiele. “Sometimes this is misunderstood at the board level.”

“Cyber hygiene isn’t a project to be completed or an item to tick off your list, it needs to be woven into the fabric of your organisation, so it becomes second nature for everyone. It’s not hard, but it is complex with a lot of moving parts, so you need to approach it strategically to ensure you don’t spread yourself too thin.”

While protecting the organisation from a wide range of threats, effective cyber hygiene also ensures that IT and security teams spend less time putting out fires, giving them more time to focus on higher value tasks.

One challenge of cyber hygiene is that organisations can struggle to take a step back and fully access their exposure when it comes to vulnerability management and asset management. Another challenge is that organisations often lack the embedded expertise to manage and maintain ongoing cyber hygiene efforts. This is where partnering with a cyber security specialist becomes key, says Thiele.

“It’s not just about deploying technology, it’s about fundamentally changing the way your business operates,” Thiele says. “Successfully managing that kind of change takes far more than technical skills, which is where many organisations can find themselves in need of help from a trusted partner like Interactive.”

Technological defences are not a silver bullet when it comes to cyber security, instead it requires a combination of technology, people and process to strengthen an organisation’s security posture, he says.

Organisations often underestimate the human element of cyber hygiene, Thiele says, such as awareness training to ensure that staff don’t click on malicious links, hand over sensitive information or fall for social engineering tricks like bogus password reset requests.

“A key part of cyber hygiene is ensuring that your frontline staff, whatever their role, understand that they are also the organisation’s first line of defence and their actions have significant consequences,” he says.

“You can invest in a wide range of technical controls, but threats can still slip past your defences if your people aren’t properly trained and fully aware that everyone needs to do their part when it comes to cyber security.”

To learn more, visit www.interactive.com.au.