What Makes Good Cybersecurity Hygiene?
You probably know what you should do and have read about best practices. You may even have consulted with professionals and taken a few action steps. There are numerous resources for the technicalities of good cybersecurity hygiene (like this blog). But we want to address the human factor – how to make sure you actually take the steps and grow the health of your security program. Here are 4 things you need to keep your cyber hygiene squeaky clean, plus some bonus cybersecurity memes.
You need a plan.
You need a plan to guide your cybersecurity hygiene practices. It is astonishing that many businesses ignore their need for cybersecurity, hoping that attackers won't notice them. Business leaders also may assume their IT team has security under control, but not every technical computer person is also trained in security. And in many cases, businesses are just plain uninformed about the cyber risks they are exposed to.
Hope is not a security strategy, and when a breach occurs without a plan, there will be chaos. You need a plan.
Some businesses may think they don't have data to steal. Every business has client information, vendor account numbers, or company documents stored digitally. This means you are taking on new risk each time you add to that information collection, and you need to protect those valuable pieces of data.
If you do business in today's world, you need cybersecurity.
We have guides for making a plan, if you need a starting point: Cyber Maturity Quiz or What Do You Have to Lose? Make sure you are following the advice of trusted professionals who come with experience and references. Without a plan, your cybersecurity hygiene efforts are an aimless guess.
You need training and buy-in.
Without a team who understands and follows the plan, even the best cybersecurity hygiene plan cannot help keep you safe. Each member of your team needs to understand their role in the company’s cybersecurity plan, have the proper access relevant to their role, and be given the knowledge to carry out the role.
People are often the causes of new cybersecurity risks, but they are also your front line of defense. Empowering people to do their jobs and to follow security protocols should be a top priority for leaders.
In addition, your team also needs to care. It’s a leader’s job to cast the vision, maintain quality relationships, and build loyalty so that every team member can understand their role in the company's security and follow the protocols you require. In the creation of systems and plans, it is wise to ask the perspectives of a variety of departments, and to make sure each team member is valued. Read more about the human factor in cybersecurity here.
Over time, it is also important to review protocols with employees and affirm the good steps your team is taking.
You need follow-through.
Here is where many, many plans fail – whether business plans, exercise plans, or cybersecurity hygiene plans -- follow-through is difficult. Follow-through must be part of your plan. Who takes responsibility for each task? Who keeps each person accountable for completing tasks? What are the rewards or consequences if the plan is not followed? This accountability role may fall to a CISO or other staff person -- regardless of who it is, consistency is the key.
Even if you have limited resources and cannot mitigate every cybersecurity risk, it is better to take some steps than do nothing. Even small steps can have a big impact. Get a review from a professional, choose some steps that your team can manage, and follow through.