When you were growing up, well when I was growing up and kids had some leeway for exploration, mom would always make me wash my hands before coming to the dinner table. At some point after the meal it would be time to take a bath, brush my teeth and go to bed. In addition, I was always instructed to wash my hands before leaving the restroom. This advice continues into adulthood as these are all part of maintaining your personal hygiene. Mom, or dad, would harp on these simple things to make sure I stayed as healthy as possible. Today, we need to continue to take these simple steps to care for our physical health. Likewise, now we need to follow a few simple steps taking the same, or better, care of the health of our electronic devices and networks to keep them healthy.
When looking at your county’s cyber hygiene, as you do when looking at your personal hygiene, the first step is to look at your vulnerabilities and perceived risks. I say perceived risks as it can be very challenging to properly assign risk ratings. For example, it is actually more likely that you will be killed in your car on the way to the airport than die in a plane crash. However, we think the risk is higher that the plane will crash.
So what are typically the highest risk areas, and what can we do to help significantly reduce the risk to county information that can be accessed through a network connection? Some of these areas to focus on for better hygiene are well known. Others, may not make sense initially but have been shown to significantly reduce risk. Risk reduction and minimization of vulnerabilities are what it takes to enhance cyber hygiene.
The list starts with our highest risk and most unpredictable vulnerability: the people who use the network or use services hosted on the network. People, through social engineering and short term memory, are more likely to inadvertently do something that is contrary to keeping the network, and systems attached to the network, clean. For years, access to networks have been accessed by unauthorized individuals who convince someone to give up their user name and password. Today the risk has increased, as unknown actors trick people into downloading code by clicking on what appears to be a legitimate link in an email or even through a legitimate web site that has been compromised. Cyber hygiene can be enhanced by conducting regular and reoccurring training on how to safely use the internet and other network attached systems. This training needs to include a focus on the highest risk behaviors: clicking on links, password best practices and understanding that not all communication is private (talking in public, messaging, email, web surfing, locking your system, signing off applications, etc.). The training needs to be repeated often, or continuously, to remind everyone what good behavior is and what is expected. User training can also be a great outreach to employees’ families and the community.
Next on the list is knowing what you need to control. You need an accurate inventory and current network maps. With an accurate inventory you can remove devices that should not be on your network. This also makes patching become easier, and normal traffic patterns can be established and used to identify activities that may be harmful to the data traveling through, or stored on devices attached to your network. Having the accurate inventory will help you to reduce risks, and hence, stay cleaner, by keeping patches on your hardware and systems up to date, and harder to exploit. Knowing what and where your information is can also help maintain and assess a control framework.
With ransomware being such a high risk and having significant and almost immediate impacts on your operations, backing up your configurations and data is the third area to focus on. This means backing up your data, including configuration information, daily, storing it for six months to a year, and testing the restoration of that data on a regular basis. This won’t eliminate possible losses. However, it will help to allow you to quickly restore systems to a clean configuration and restore as much of your data as possible
The final place to pay attention to are your endpoints. An endpoint is a server, computer (PC / Laptop), and smart phone or tablet which provides direct access to your systems and the data contained on them. By making sure device firewalls, anti-virus, and other off the shelf tools are installed, up to date and used automatically, it will also help you to keep your network cleaner.
This is not a complete list of the things you can do, it is a list of the items that will help to significantly reduce your risks and help to promote cyber hygiene within the county’s network environment. Network hygiene, like personal hygiene, requires a few things to be performed regularly to help to reduce the risk of infection significantly. Now go blow your nose, wash your hands and please take a shower.