…but I would rather the thief was not in my home.
Andrew Smith – Chief Information Security Officer – Kyocera Document Solutions UK
The point I am making rather, is the importance of Cyber Hygiene.
I would not leave my front and back door open and be surprised when someone enters to have a look around and take what they want.
I see customers regularly spending huge amounts of money on the latest tools that produce thousands of alerts – which they only look at when they have time during the day because they do not have a managed service – yet they fail to address the fundamental hygiene items in their environment.
Even where I see customers with hygiene activity. I often see blind spots due to the lack of framework best practices or a structured programme across their hygiene efforts. Of course time plays a big part and many IT professionals in SMBs have had “Cyber” tagged on to the day job, but the point remains whether it is time or lack of structure, do you have a blind spot?
I am a strong believer in doing everything possible to stop the thief firstly seeing me as a target, but secondly from walking straight in through an unlocked door.
The NIST framework provides strong guidance and structure to activities relating to a company’s overall cyber security and risk position.
With this in mind:
I am not suggesting this as an exhaustive list, of course we could all build a moat around our houses, but it certainly provides the foundational hygiene items. Build time for the checks, balances and controls to ensure items are actually being done. Once it becomes routine, beware – it is often when items get missed.
Of course, there are approaches to detect and react when/if an attacker gets in – perhaps I will write another entry on ‘They got in, how did I know and what do I do’ – but here I focus on the hygiene items that prevent them trying and if they do try, making it as difficult as possible for them to enter.
So do not delay, focus on your hygiene and make sure they look to the next house instead of yours!
We don’t spam, we’ll never sell your email address; find out more on our privacy page.
© 2024 Midshire Communications Limited Registered in England No. 02713035 VAT Registration No. GB589366280