Cybersecurity Hygiene
In recent months, I’ve noticed a spate of cybersecurity incidents within various sectors. Here are some that caught my eye:
-
East Lothian Social Care Service: A cyberattack on Nottingham Rehab Supplies, a supplier for the Community Equipment Loan Service, led to warnings for service users to be vigilant about potential scams. Link
-
London Drugs: A cyberattack resulted in data leaks, impacting customer information and highlighting the need for stronger security measures in retail. Link
-
Kent Schools Data Breach: A breach exposed sensitive information about pupils, illustrating the risks associated with educational institutions and the need for robust data protection practices. Link
-
Cencora Health Data Breach: Cencora, a health service provider, experienced a significant breach, compromising Americans’ health data. This incident underscores the high value of health data to cybercriminals. Link
-
MediSecure Data Breach: Health data continues to be a prime target for hackers, as evidenced by a recent breach at MediSecure, emphasizing the lucrative nature of such information. Link
Achieving Good Cyber Hygiene
It is quite easy to take an approach of ‘This is how I would fix it and this could have been preventable’. However, that is not productive nor conducive to helping individuals/companies out there to protect themselves against breaches.
So, the following points are my ‘10 cents’ on what individuals/companies could do to help improve cyber hygiene/security posture:
-
Regular Software Updates and Patching: Ensure all software, especially critical systems, is regularly updated and patched.
-
Strong Password Policies: Implement and enforce strong password policies, and consider multi-factor authentication (MFA).
-
Employee Training and Awareness: Conduct regular cybersecurity training for employees to prevent phishing and other social engineering attacks.
-
Network Segmentation: Segmenting networks can limit the spread of malware and restrict access to sensitive information.
-
Regular Backups: Maintain regular backups of critical data and systems, ensuring they are stored securely and not directly connected to the main network.
-
Incident Response Plan: Develop and regularly update an incident response plan for identifying, containing, and eradicating threats, as well as recovering from attacks.
-
Use of Security Tools: Utilize advanced security tools such as antivirus software, firewalls, and intrusion detection systems.
-
Vendor Management: Thoroughly vet third-party vendors to ensure they adhere to your cybersecurity standards.
-
Continuous Monitoring and Assessment: Implement continuous monitoring for suspicious activity and regularly audit your security posture.
Hopefully an individual/company could follow these are start taking action immediately to minimise the risk to their business; infrastructure and equally their image/reputation.