Share this article on:
As they understand that preventing all cyber attacks is essentially impossible, today most security teams instead focus on lowering the percentage that can penetrate their infrastructure, writes Mark Lukie, director of Solution Architects - APAC, Barracuda.
Reducing the likelihood that attackers can successfully access networks, applications, and data requires ongoing vigilance and the use of sophisticated monitoring tools that can alert teams of potential intrusions.
Of course, the responsibility for achieving effective IT security extends well beyond the IT department and involves all staff within an organisation. However, The State of Cyber Resilience in Australia 2022 revealed that 33 per cent of respondents admit to bending the rules to get a job done. This includes using a non-approved browser (31 per cent), running traffic through a private VPN (29 per cent), and using unauthorised third-party software (22 per cent).
Each person needs to follow effective cyber security hygiene behaviours as part of their day-to-day activity.
Being ‘cyber hygienic’
The concept of good cyber hygiene relates to a range of behaviours that should be undertaken on a regular basis to reduce the chances of a successful cyber attack. It also covers an organisation’s cultural disposition to maintaining good security practices.
For individual staff members, there are a range of recommended steps that can help to achieve good cyber hygiene practices. These steps include setting up multi-factor authentication (MFA) for all online accounts and only using secure payment methods when shopping online.
Other steps include not opening attachments from unknown sources or clicking on suspicious links in emails. Individuals should also ensure that all their digital devices are password protected and software patches are installed as soon as they are released.
By following these basic guidelines consistently and making them a habit that comes naturally whenever operating online, individuals can significantly reduce their risk of suffering identity theft.
How IT teams can improve cyber hygiene
There are a range of steps that can also be undertaken by an organisation’s IT security team to improve their level of cyber hygiene. They include:
Develop a hygiene culture
Even when all these steps are taken, there is still considerable responsibility resting on individual staff members to do the right thing. To achieve this, it’s important to create an organisational culture that recognises the importance of cyber hygiene and celebrates good habits and practices.
It requires a combination of leading by example, communicating expectations clearly, and maintaining a steady cadence of reminders that can drive universal buy-in.
Regular training sessions should be conducted to ensure all staff are aware of the risks that exist and the steps they can take to reduce their likelihood of falling victim. Understanding the important role they play when it comes to security is a vital part of the overall culture.
Indeed, The State of Cyber Resilience in Australia 2022 found that 61 per cent of those surveyed received three hours or less a year of training, and 14 per cent received no security awareness training at all in the last year.
To effectively educate users on cyber security hygiene, organisations should ideally provide around 30 minutes of security awareness training per month. This regular approach helps to build and maintain a cyber security culture in the workplace and turn employees into a line of defense.
Achieving strong security hygiene will deliver significant benefits for all organisations. Consider how your organisation can begin developing one today.