In this digital age, we depend on our computers and devices for so much that we need to be constantly proactive to protect against cyber threats and attacks. Multiple studies show that government, corporations, and individuals are being increasingly targeted. The Office of Management and Budget (OMB) for example, said federal cybersecurity incidents were up 15% in 2014 from the previous year, hitting a record high of 70,000 in FY2014.
Whether at work in the public or private sector, or on personal computers and devices, there is a greater need than ever to be vigilant. In order to accomplish this, we must practice good cyber hygiene daily. How do you implement cyber hygiene practices today and what can you do to prevent the vulnerabilities of tomorrow? Below are several best practice strategies for strengthening defenses that you can do on personal computers and devices or that public and private sector IT departments are doing behind the scenes:
1. Update your Applications, Software and Operating Systems
Update your anti-virus software regularly. Keeping applications, software, and operating systems patched will provide you with the most recent and secure versions.
2. Securely Configure your Systems and Devices
The “out-of-the-box” configurations of many devices and system components are default settings that are often set for ease-of-use rather than security. To mitigate risk, systems and devices should be configured according to industry-accepted system hardening standards. You can get a checklist related to security standards for your product from the National Institute of Standards and Technology’s (NIST) National Vulnerability Database at this link: https://web.nvd.nist.gov/view/ncp/repository
3. Secure your Browser and Browser Add-ons
To minimize risks, keep your browser(s) updated and patched, and set to auto update. Keep programs (known as plug-ins) updated and patched, block pop-up windows, and consider disabling JavaScript, Java, and ActiveX controls when not being used. Activate only when necessary.
4. Back-Up your Data
Be sure to back up your important data off line. Remember to back up data at regular intervals and periodically review your backups to determine if all your data has been backed up accurately.
5. Secure your Wireless Network
The first step is to lock down your wireless network with a strong password and encryption. Second, connect to your router (refer to the manufacturer’s user guide); if there are devices you don’t recognize, change your security settings and passwords. Don’t forget about your printers, which can connect to your network and are Wi-Fi enabled.
6. Protect your Administrative Accounts
It is important to change the default password on your administrative accounts and on your devices (routers, wireless access points and other networked devices). Many default passwords are published on the Internet, so be sure to change them to something unique and strong. If you want the list of default passwords simply type “default passwords list” in the search line of your browser.
7. Use Firewalls
It is recommended that you set the firewall to the securest level you think is appropriate. You can always relax the controls if necessary.
8. Equip yourself, your employees, and IT Team with the right tools
Because security professionals cannot be everywhere, equip and train the organization with policies and procedures. A good resource would be to sign up for bulletins and alerts at www.US-CERT.gov.
Following the above steps for good cyber hygiene will not make you or your organization immune from cyber attacks but it will make your network more resistant and resilient and improve your cyber posture.