October is national cybersecurity awareness month, and with the recent hacks at Door Dash, the discovery of a large-scale iOS hacking campaign, and a database containing 419 million phone numbers associated with Facebook accounts, we’re all likely feeling a little dirty. So, I decided to share my perspectives on cyber hygiene.

The dictionary defines hygiene as “conditions or practices conducive to maintaining health and preventing disease, especially through cleanliness.” In IT terms, “disease” would be breaches or other IT violations and the “practices conducive to maintaining health and preventing disease” would represent the set of controls that can help organizations avoid 80 percent of breaches and minimize business impact during a cybersecurity event when applied throughout your IT environment.

AWS Builder Community Hub

Even organizations that have met compliance or regulatory obligations can improve their cyber hygiene, as the above mentioned recent examples can attest.

Breach data shows an overwhelming number of hacks occur due to poor controls in areas such as patch, password and device management, and many result from poor user security awareness and training. I have heard many of my colleagues, read many articles, and listened to speakers describing the difficulties in establishing hygiene-related practices.

This is not an easy challenge, and while we can also seek other paths to improve cybersecurity like expecting vendors to do a better job securing their products, as cybersecurity professionals it is our responsibility, our “sworn oath,” to protect critical infrastructure along with private and protected information. This begins “at home” with good cyber hygiene.

I have been in IT for over 30 years, and this problem is not new.

In the 90s, I worked for a large energy company in Houston with assets and operations across 18 states. Our organization did not understand the concept of change management, and as a (Read more...)