Cyber Hygiene in the Workplace
Are the cyber hygiene practices followed by your business up to scratch? While a one hundred percent cyber hygiene score would be the ideal goal for any business, unfortunately, this is rarely the case. In fact, confusion around whose job is it to maintain a company’s cyber hygiene is normally where a business can fall short.
So, how exactly is cyber hygiene maintained? And whose job is it to maintain it?
What is cyber hygiene?
Cyber hygiene is a blanket term coined in the early 2000s. It refers to best practice computer activities, specifically best practice cyber security measures when online. It normally looks to the cyber security surrounding everyday business practices such as email best practice and company passwords.
Cyber hygiene is a preventative security approach where best practice security and data protection is seen as an organisational priority.
Whose job is it to maintain cyber hygiene?
It is the role of a Computer Network Administrator or System Administrator to ensure a company has cyber hygiene best practices in place. In smaller companies without such roles, cyber hygiene maintenance falls to the wider cyber security or security team.
What does cyber hygiene best practice look like?
Assessing a company’s cyber hygiene begins with assessing the risk landscape of the business. This means assessing what data is currently being stored, who has access to this data and how the data is being protected.
Adequate data retention policies address two major cyber hygiene factors. Firstly, they assess what data is currently being retained and if this is both necessary to retain and being securely stored. Secondly, it ensures the data that is not necessary to retain is being securely destroyed. Unsurprisingly, many companies can fail to adequately address these two steps.
Remaining on top of user access and permissions is part of effective cyber hygiene practices. This means knowing who falls into the whitelist and blacklist categories. Those in the whitelist are authorised users whereas the blacklist refers to people without authorisation. Cyber hygiene also means ensuring all security blocks, such as firewalls and routers, have been installed correctly and configured effectively.
Looking to employee-specific cyber hygiene, it is the Computer Network Administrator or System Administrator’s job to ensure each employee meets strong password requirements and has their multi-factor authentication enabled. BYOD, or Bring Your Own Device, policies should be strongly considered - prohibiting unauthorised or non-secure devices is highly recommended for all workplaces. By restricting personal devices, it ensures personal and professional data remains separate and reduces any crossover risks.
Finally, these risk reduction assessments are definitely not a one-time practice. Rather it is a substantial process that should be performed on a regular basis. This means it should be a scheduled process that is automated as much as possible.
Are these cyber practices all part of your businesses’ wider cyber landscape? If not, making these activities a priority should not be prolonged further. After all, healthy cyber hygiene is vital to a business’ reputation and longevity.