Originally appeared in Fleet Owner
I learned a new term recently—cyber hygiene. O’Dell Hobson, an information security manager, gave a presentation about it at a recent NationaLease meeting.
I am sure most of us are familiar with the term cyber security, but cyber hygiene might be a new term for many of you.
Let’s start by defining what is meant by cyber security. Hobson defined it as “The art of protecting networks, devices, and data from unauthorized access or criminal use, and the practice of ensuring confidentiality, integrity, and availability of information.”
He went on to explain that cyber hygiene, “encompassed the steps and processes necessary to maintain cyber health of devices, networks, and information.”
When we talk about cyber security, Hobson says we are talking about the following three things:
- Confidentiality: Protecting authorized restrictions on access and disclosure. This includes protecting personal privacy and your company’s proprietary information.
- Integrity: This focuses on guarding against the improper modification of information or the destruction of information. It includes ensuring the authenticity of your information.
- Availability: This ensures having timely and reliable access to information and the use of that information.
A significant part of protecting your company’s information is training and educating your employees.
Hobson says you need a robust training regimen that includes information on safe internet browsing, email security phishing and social engineering, the significance of a complex password, and proper corporate network etiquette and use.
A key element of cyber hygiene is access control. Hobson defines it as “a set of procedures and/or processes, normally automated, which allow access to a controlled area or to information to be controlled, in accordance with pre-established policies and rules.”
He also shared information on zero trust security, which is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network.
He encouraged meeting attendees to identify what information they considered to be most important. He calls this information the crown jewels of an organization. Companies need to develop robust contingency plans that include backup and recovery strategies and incident reporting guidelines.
Hobson believes that cyber hygiene is foundational to organizations because ransomware, phishing, and social engineering are rampant. He says that threats can come from corporate adversaries that “find new and inventive ways to get to your assets.” However, companies also need to be aware of attacks from disgruntled employees or even because of actions by employees who did not realize they were compromising security.
There are many solutions for protecting your data but without good cyber hygiene practices all are doomed to fail.
