5 essential cyber hygiene practices for CISOs

Jan. 4, 2023
Cyber hygiene is a set of practices that are put in place to ensure that data and networks are safe

Cybercriminals can hack 93% of local company networks. Startling, isn’t it?

This report from Positive Technologies is just one among many alarming reports that paint a picture of an increasingly vulnerable online world. And this vulnerability continues, despite all the tools and technology we have on hand to try to prevent cyber-attacks.

Ironically, that’s also the point. Tools and technology are not enough on their own. What’s needed is a solid set of cyber hygiene practices that utilize these tools skillfully.

What is Cyber Hygiene?

Cyber hygiene is a set of practices that are put in place to ensure that data and networks are safe. And as with personal hygiene, cyber hygiene necessitates the development of habits in order to have the most optimal effect.

As attacks become more sophisticated and engineered to near perfection, it’s pertinent to incorporate cyber hygiene practices that will enable you to stay at least one step ahead of cyber attackers, if not more. Here are five of them.

Get Asset Visibility

Do a periodic inventory of your IT assets. What networked devices do you have? How is your staff managing the data? Who has access? Asking questions, getting asset visibility, and reviewing the state of IT helps deepen sensitivity and secure your IT landscape. This is particularly useful if your organization comprises a mix of old and new systems and if they are on or off-premises.

Additionally, it’s important to have a classification in place for internal versus external facing systems to identify what’s business critical.

Use Automation and AI

A survey by PwC found that 75% of executives feel that their organizations are too complex, leading to cyber security risks. One of their biggest concerns was that they couldn’t monitor networks in real time. Security teams are most often bogged down with incident queues and other immediate tasks, and they just don’t have the time to analyze incidents and threats.

And anyway, human monitoring of endpoints is impossible as the scale and source of attacks widen.

But threats can be prevented with constant real-time scanning. This is where you need automation. Leveraging AI and automation enables you to detect and intercept in real time and defend your systems proactively. It also gives you comprehensive reports and you can even write custom detection rules specific to your business to further reduce risks.

Build a Cybersecurity-First Culture

Knowing what you can do for cyber hygiene is fine, but if your employees don’t practice it along with you, your efforts will come to naught.

Hold cybersecurity training and practice drills to help your employees understand the different ways in which they are putting themselves and the organization at risk.

There are also many other simple ways to enable employees to practice better cyber hygiene:

  • Give them a good password manager and guide them on how to generate stronger passwords.
  • Implement Multi-Factor Authentication (MFA) and Single Sign-On (SSO).
  • Run updates regularly and configure employee systems to update automatically to ensure the latest bug fixes or software patches are pushed to devices instantly.

Lastly, social engineering attacks are on the rise. Make sure your employees are both aware of the different shapes and form these attacks take and how to avoid them.

Implement a Robust Cybersecurity Policy Framework

A formal cybersecurity policy framework would define systems, standards, and best practices to manage risks. Design one that suits your organization’s security goals and helps you maintain your cyber hygiene.

Very often, companies are required to have certain policies in place to meet compliance standards and international cybersecurity guidelines. There are various frameworks to choose from: control, program, risk, etc., and it’s up to you and your security team to develop one that enables your business to develop a good security posture.

Conduct Regular Reviews and Assessments

Implementing several strategies is great, but you also need to constantly stay updated on their progress. Frequent cybersecurity reviews like conducting a Vulnerability Assessment and Penetration Testing (VAPT) help you understand your weaknesses and be prepared against vulnerabilities before they happen.

It’s also critical to take assessments of your software, network, and vendors and suppliers. A large number of attacks happen through the supply chain and it’s imperative to have regular audits to reduce third-party risk.

As we enter this new year, let’s prioritize creating a set of cyber hygiene practices and following them rigorously to effectively combat or anticipate security threats.

About the author: Nikhil Gupta, Co-founder and CEO of ArmorCode, and one of the creators of The Purple Book Community

Nikhil Gupta is the founder and CEO of ArmorCode, the Silicon Valley startup delivering application security at the speed of DevOps. Gupta is a successful serial entrepreneur with more than 25 years of experience leading high-growth security teams. Prior to founding ArmorCode, Gupta was the CEO and Co-founder of Avid Secure (acquired by Sophos), a market-leading AI-powered multi-cloud security and compliance platform.

Gupta is also one of the creators of The Purple Book Community (thepurplebook.club), a diverse community of security leaders who are examining issues related to software security, a topic that has sparked immense interest given recent high-profile cyberattacks on government entities, public sector organizations, and private companies. It started out as a project to author a book on best practices in software security but due to the tremendous interest in the subject, it grew into a community of hundreds of software security leaders. With the launch of AppSecCon 2022 (www.thepurplebook.club/appsecon), the world’s premier AppSec conference, it is now morphing into a movement by security leaders, for security leaders

About the Author

Nikhil Gupta | co-founder and CEO of ArmorCode

Nikhil Gupta, Co-founder and CEO of ArmorCode, and one of the creators of The Purple Book Community

Nikhil Gupta is the founder and CEO of ArmorCode, the Silicon Valley startup delivering application security at the speed of DevOps. Gupta is a successful serial entrepreneur with more than 25 years of experience leading high-growth security teams. Prior to founding ArmorCode, Gupta was the CEO and Co-founder of Avid Secure (acquired by Sophos), a market-leading AI-powered multi-cloud security and compliance platform.

Gupta is also one of the creators of The Purple Book Community (thepurplebook.club), a diverse community of security leaders who are examining issues related to software security, a topic that has sparked immense interest given recent high-profile cyberattacks on government entities, public sector organizations, and private companies. It started out as a project to author a book on best practices in software security but due to the tremendous interest in the subject, it grew into a community of hundreds of software security leaders. With the launch of AppSecCon 2022 (www.thepurplebook.club/appsecon), the world’s premier AppSec conference, it is now morphing into a movement by security leaders, for security leaders