Risk & Security

Cyber Hygiene 101

After a supply chain attack hit software provider Kaseya, infecting some 1,500 downstream organizations, companies are inspecting their cyber hygiene practices.

By now, the words cyberattack and crisis are well-acquainted.

The list of virtual break-ins on U.S. businesses, infrastructure, and federal agencies seems to grow each week. The most recent victim: a cyberattack on the U.S.-based software firm Kaseya, which infected 1,500 downstream organizations with ransomware and locked down vital computer systems across the world.

While fatalists believe any cybergang or nation-state bent on hacking you will succeed, the truth is that in most cases, basic cyber hygiene can send attackers looking for a new victim.

No company wants to be the next headline. Pretending the issue will go away is not an option. Neither is investing in costly and complex IT and security tools. More tools can actually lead to less network visibility and thus more places for hackers to hide.

Tanium’s Cyber Hygiene Assessment: An actionable path to better endpoint management and security

The solution is to focus on the basics. As with taking care of your health to avoid illness, you must adopt good habits. Going back to these seven cyber hygiene principles will make your enterprise a simpler, cleaner, and less-inviting target for cybercriminals.

Know thy assets

You can’t manage what you can’t see. Without a clear understanding of the number, type, and operational status of endpoints connected to your network, you can’t accurately assess your risks. That’s why basic cyber hygiene must start with a full asset discovery and inventory. This is the process of cataloging the hardware (and the hardware’s software) connected to your enterprise’s network.

By regularly monitoring these devices, you can detect potential vulnerabilities and active threats. This is especially important as organizations—no matter their size—emerge from the pandemic lockdown. It is crucial to install discovery protocols to identify the hodgepodge of unknown devices inserted into your network by employees working from home.

Manage your software

Traditional software management tools struggle to keep pace with the burgeoning number of apps and devices that have proliferated during the work-from-home era. The variety of off-the-shelf and custom software applications installed on company devices worldwide has soared and can number 1,000 or more. Software management solutions help businesses detect, monitor, update, and secure enterprise applications from one console—at scale. 

These solutions aim to improve software efficiency while reducing the cost and complexity of administering applications scattered across employee devices. As illustrated by the Kaseya hack, it is also important that these solutions are themselves closely monitored for vulnerabilities—otherwise hackers can seek to use them as a distribution tool for their malware.

Monitor performance

Enterprise organizations typically estimate they have anywhere from 200,000 to 300,000 endpoints in their environments. (In fact, they often have 30% to 60% more than that.) Legacy monitoring tools weren’t made to identify and troubleshoot large-scale performance issues remotely or quickly enough to head them off in highly distributed workplaces

What’s more, since traditional tools typically are designed as point solutions addressing a specific issue, companies can end up paying more than they should by the time they have assembled all the necessary capabilities. Advanced performance-monitoring tools, sometimes offered through endpoint management (EM) platforms, provide a more comprehensive approach to uncovering and resolving security issues within dynamic, distributed endpoint environments.

Manage software patching

The surging number of endpoints makes applying patches time-consuming and cumbersome, leaving vulnerabilities susceptible to cyberattack for months on end. Unpatched vulnerabilities expose your enterprise to malware infections, data breaches, and other threats—all of which siphon valuable time, money, and resources.

Automated patch management allows businesses to scan their network environments for devices and applications with missing patches, automatically downloading patches that are released by application vendors, and distributing other patches based on deployment policies. Again, as with all automated management systems, the integrity of the patching system must be constantly monitored to ensure the platform doesn’t get breached.

[Read also: Ten ways to improve patch management]

Manage configurations

Many IT operations teams struggle with the cost and complexity of managing configuration policies in a unified way across hybrid systems composed of on-premises, remote, and cloud environments. But misconfigurations and “configuration drift” away from the desired settings can open the door to data breaches and cyberattacks.

Also risky: Manufacturers of routers and operating systems can set the default configurations with predefined passwords or preinstalled applications, which can make it easy for attackers to gain unauthorized access to an organization’s data.

Traditional configuration systems were built for pre-cloud computing environments, homogenous devices, and on-premises deployment, and these systems can find it difficult to identify and connect the many endpoints spread across physical and digital locations.

Newer configuration management tools use modern architectures to continuously scan endpoint environments for misconfigurations or policy conflicts that could lead to breaches. They can push out tailored controls to specific parts of an organization without having to manually target thousands of individual areas using sometimes difficult-to-navigate directories.

Respond to incidents rapidly

Organizations must be prepared to act quickly and effectively when a cyberattack strikes. The goal is to manage the situation in a way that reduces damage, limits recovery time and costs, and minimizes the impact to a company’s reputation. Without an incident response plan to  detect, respond to, and recover from security incidents, the consequences can be catastrophic.

[Read also: Mitigating the supply chain attack that hit Kaseya]

These procedures are usually the responsibility of a computer incident response team, which is composed of security and IT staff as well as staff members from human resources, public relations, and legal departments. Because security threats are constantly changing, the best plans and tools are those that are frequently refined.

Protect data and privacy

Businesses are under considerable pressure not only to manage their growing number of endpoints, but also to secure the sensitive data these endpoints collect—from customer Social Security numbers and addresses to a business partner’s intellectual property. Data privacy management enables organizations to secure sensitive data and remediate privacy breaches. The best tools assess the impact of technical changes on privacy, match IT activities against privacy regulations, and track incidents that can lead to unauthorized disclosures of personal information.

[Read also: Ten ways to improve data risk and privacy]

Data privacy management solutions typically handle tasks including locating sensitive data, automating data discovery and clarification, enabling compliance with privacy laws, and handling remediation.

Ben Livesey
Ben Livesey is an award-winning finance and business journalist. He worked as a writer and editor at Bloomberg News in London and San Francisco, covering business and technology, financial services and capital markets. Prior to that he was the editor of Moneywise, the U.K.’s best-selling personal finance magazine.