Originally a CIO article by Jason English
Cyber hygiene offers a preventative approach to future attacks in order to avoid costly remediation and recovery incidents – much like dental hygiene recommends flossing and brushing to avoid later cavities and painful procedures.
Asking a good CISO which applications and devices should be inventoried and secured is like asking a dentist which teeth you should floss between. Four out of five will tell you, “Only the ones you want to keep.”
Cyber hygiene, while considered a key aspect of cybersecurity, is also a distinct preventative practice that uncovers data, application, infrastructure and network risks – especially the ones we’re not looking for.
A SecOps pro shared a story with me about their first sitewide inventory exercise, which discovered a PlayStation 5 running in a break room in the headquarters. That may not sound like a big deal, but that game console is also a full-fledged computer that can see file systems and devices on the corporate network, capture pictures and sound from the room, surf websites and download automatic software updates.
Prevention is easier than treatment if we can remember to do it. We all know it would be safer to prevent risks and breaches through cyber hygiene across all of our endpoints rather than remediate them once they are deployed across production and exposed to attackers.
So why isn’t cyber hygiene a good habit all enterprises can stick to?
