Basic Cyber Hygiene is a fairly new term, but I realized we have mentioned it several times over the last few weeks. What do we really intend people to see when we talk about it? That may be helpful if we think it would solve most of our cyber attack problems, huh.
In this episode:
What is Basic Cyber Hygiene – Ep 301
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
The HIPAA Boot Camp
Virtual Edition Aug 17-19, 2021
Great idea! Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
What is Basic Cyber Hygiene
[04:19] Personal hygiene is how you care for your body. If you take a bath, wash your hands, brush your teeth, wear deodorant, etc. your body is usually healthier, you feel better, and the rest of the world sees that you take care of yourself. On the other hand, poor personal hygiene often leads to assumptions that you have some issues because of an inability or unwillingness to care for yourself. There must be a reason for not taking care of yourself.Just like personal hygiene matters so does cyber hygiene. If you don’t take care of your network and devices – they look like there are no doors on it, windows are open and hanging off the hinges, paint is dull and peeling and it’s covered in thick dust – cyber criminals take notice and see you as an easy target.
What do we consider the basic requirements of solid cyber hygiene?
[13:54] The body of your cyber hygiene cares for is your information systems and network. Different parts of the cyber body are cared for by different people in the organization. But at some level each individual is still responsible for some of the hygiene of the cyber body.For managers
[14:35] First, you need to know what you have to protect. Define your valuable information assets. Even if, at first, you don’t think it is valuable, ask these three questions- What if everyone sees it?
- What if I can never trust that this information is correct?
- What if it is lost and you can never get to it again?
Next, know where those things you need to protect live and breath. Create an inventory of all of your equipment and software that supports access to your valuable assets. Understand the impact of attacks against your valuable systems and data. And put plans in place to prevent things from going wrong with your ability to protect what matters.
Does this all sound familiar? Maybe, like a risk analysis?
Now, you need to train the workforce to understand what is valuable to the organization and when and how to report a potential problem they may discover. You need to plan to address things when there is a report of potential problems or violations. And, have a plan of action when things go wrong.
Protections
[21:50] So now that we’ve identified what needs to be protected, what are some of the ways we can protect the things we’ve identified? Well, how about:- Use advanced anti-virus applications
- Patch your operating systems and applications
- Monitor the systems and application logs
- Remove unused devices and software
- Have an password management system and use it effectively
- Test your data restoration ability
- Implement a framework (like HICP, NIST, etc)
- Limit administrative accounts to systems and applications
- Documented scheduled review processes – if you don’t document it, it didn’t happen; you can’t prove it. If you don’t schedule it, it won’t get done.
For individuals – and home networks
[39:30] Whether you are connecting to the office to work from home or even if you are not connecting to an office at your home, you still need to worry about cybersecurity. It’s everybody’s responsibility to actually take the time and interest to learn these things because it does impact all of us.Get educated about cybersecurity at Stop. Think. Connect. Toolkit. CISA has lots of good information for individuals and how to protect your information and home networks. They break it down by audience too. So there is information for children, teachers, parents, older Americans, young professionals, etc. They have information on online gaming systems, mobile banking, protecting yourself online, social media tips, phishing scams and much more. Oh, and understand that scams are more likely to look real than you think – doubt everything.
We are all too connected today to not get better educated about basic cyber hygiene and cybersecurity. It’s the loving, caring of yourself and your environment. That’s what cyber hygiene is all about. It doesn’t mean that if you do all these things you won’t ever fall victim to an attack or have a breach. But at least you can say that we are doing all these things to secure our data and you can prove that you are taking your obligation seriously. You can take good care of yourself, but that doesn’t mean you won’t have health problems.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
