It is the best time to understand Personal and Security Hygiene at once. “Cutting out bad habits is far more effective than cutting out organs.” — Herbert M. Shelton One year ago, in Hong Kong, we heard about an unknown virus causing viral infections in Wuhan, China. As we experienced in 2003 with the SARS, people in Hong Kong started buying detergent, disinfectants, and masks in early 2020, which was also my first time to learn about all the specifications of medical masks. I can now tell you the difference between VFE, BFE, AMSL, 3-layers, and N95… Hong Kongers were forced to become experts on medical masks. Yet, we are still struggling every day and trying not to get sick. As individuals are a part of a society, we must remind ourselves that staying in good personal hygiene is what we should keep maintaining. A healthy lifestyle (have enough sleep, maintain good nutrition, etc.) and handwashing can prevent us from getting infected. And for the love of all, stay home if you feel ill not to infect others. Just as we are practicing good personal, we should be practicing good security hygiene. Here’s The Security Silver Bullet Scenario A state-sponsored hacker group uses a zero-day exploit to breach the environment. This foothold lets them run a brunch of previously unknown, file-less attacks. The security team does not know it is happening. Fortunately, their evil plan is defeated by a security tool that detected and prevented it within nanoseconds! Sound too good to be true? ; even if you have the most advanced technology assistance. next-generation, AI-powered, and automated Sadly, isn't possible While silver bullets shine radiantly, unfortunately, they work mostly against werewolves, As I always say, security is about a perfect mindset in which security professionals are required to (PPT, PDC…) — not real-life cybersecurity incidents. consider the situation from different perspectives attackers will always take the easiest path to breach your cyber defenses. We should promote and implement a comparable model globally, . Keeping good cyber hygiene is the best measure to help stay safe online. making basic cyber hygiene the norm for cybersecurity Cyber Hygiene vs. Personal Hygiene How can we do better with hygiene? People are now more aware of the , such as patient-zero, quarantine, and screening tests. So that is why there is . principle of prevention and control of diseases no better time to explain the analogy of it — Cyber Hygiene It may be difficult for people to imagine washing hands and taking showers to stay safe online. The term is a metaphor, as we defined malicious and the a long time ago. software as a “virus” malfunctioning machine as “patient” Suppose you consider the analogy of personal hygiene. In that case, (Security Mindset), similar to what you are doing every day to prevent the COVID-19, to reduce the risks of cyber threats and online security events. Cyber Hygiene is about equipping yourself to think proactively about your cybersecurity As a human, we all know, getting sick is inevitable. As a security professional, our primary goal is not to make sure everything is running as expected but to . make sure the unexpected or unknown are minimized or mitigated Cyber Hygiene addresses uncomplicated actions that everyone can practice to help reduce cybersecurity risks. It is about day-to-day activities on prevention. By that, let’s walk through a basic concept. Leavell and Clark’s Levels of Prevention I would begin by explaining the similarity between Medical Hygiene and Cyber Hygiene. First, here is the concept of public health — Leavell and Clark’s Three Levels of Prevention : — Seeks to prevent a disease or condition at a pre-pathologic state; to stop something from ever happening. Primary Prevention — Seeks to identify specific illnesses or conditions early with prompt intervention to prevent disability. Secondary Prevention Occurs after a disease or disability has occurred and the recovery process has begun. Tertiary Prevention — Next, below is the methodology I mentioned previously as : PDC — Prevent, Detect, Correct in IR Triage — Preventive controls are designed to keep attacks from occurring in the first place Controls may be automated, manual, or hybrid. BEFORE . — Detective controls are designed to detect attacks that may have occurred. DURING — On the other hand, correct controls are designed to correct attacks that have been detected. AFTER As you can see, they are analogous by nature. Therefore, I am sure that by learning one of them, we can equip these concepts in both the digital and physical environments. Prevention, by all means, should be the focus as it keeps attacks from occurring in the first place. How To Wash Your Hands Online Washing your phone with running water would not help you to secure your email account. To prevent diseases, we need to know how they are transmitted first. Let’s think about cybersecurity as an analogy of personal healthcare. What you do good in daily healthcare routines should also move into your cyber self. In this case, washing your hands can be interpreted as the action of logging out of your account and shut down the machines after using it. Let’s walk through the factors one by one. #1 Keep the virus out — Minimize the attack vector Similar to the WHO recommendation of wearing masks in public areas, please wash your hands more frequently. It may give you a minute or two of discomfort, but it also dramatically reduces the chances of a virus getting into your body. This kind of measure is fundamental to every security policy. In cybersecurity, we also have proactive measures to follow so we can minimize the chance of “infections,” such as: Do not use public WiFi with weak or entirely without authentication. Never share your password or re-use the default password. Log out or shut down the computer when not in-use. Install Firewall and anti-malware applications. should ensure these best practices are followed. As the threat landscape changes, content and approaches are also adjusted (i.e., new applications, new technologies, and new users). Continuing awareness education It should be understood that Like in The Transformers, Optimus Prime is there to fight the new enemies; he always has new weapons or a new look. security landscapes are always advance. What you just did flawlessly will be outdated one day. Therefore, an open, creative, and flexible mindset is nonnegotiable. A periodic update and review should be put into consideration at all times. To wash hand online = to minimize the attack vector wtih a fundamentals-first strategy. Key Point: #2 Illness Screening — Regular Health-check Some diseases are only vulnerable to particular gene expression. That is why DNA tests could screen out native gene defects before the development of illness. Regular health checks can help us to spots the early symptoms and do the treatment. Countries are launching COVID-19 tests in high-risk areas. The objective is the same as regular scanning of computers against known vulnerabilities — to keep the security visibility as wide as possible to locate and fix the weak spots before a security event. No one wants to get sick, but we need to know it before we can act. When cancer is diagnosed at an early stage, treatment is often more likely to be effective. For example, 9 out of 10 people survive bowel cancer when diagnosed early. It is the same for the idea of “shift-left” in cybersecurity. Scanning the source code for problems is great for reducing not only security risks but also cost. " Shift-left " security is moving security to the earliest possible stage in the development process. To find potential health problems, do regular a health-check: regular vulnerabilities scanning + shift-left. Key Point: #3 Stay healthy — Software updates and patches Keeping the body fit also helps to strengthen the immune system. By doing that, the chances of virus infection are much lower. The chances of survival of a healthy individual are much higher. But how to stay healthy in a digital world? Can you get your computer working out at the gym? You can do it by doing On the one hand, we need to check if there is any weakness in the system. On the other hand, patching it once it is available is also essential. software updates and patching. Sadly, we all know no system is perfect. Is there anything we can do, just like our immune cells in our body, to fight back or reduce the impact? Yes, for sure, there are things that we can do. What if the hacker is already in? For starters, data could be protected by . For example, that data loss can be minimized if the USB drive you lost on the bus was encrypted. encryption Also, status of websites, especially with input, e.g., online banking and company mail, to minimize interception risk on public networks. check the HTTPS certification The best way to return systems and devices to normal after a successful ransomware attack is to restore a clean backup. This is why are crucial to counter aggressive ransomware attacks. Back up the critical devices, emails, and other data regularly. Keep backups in multiple physical locations, if possible. data backups With limited time and resources during the incident handling window, a more comprehensive, systematic approach is essential during event verification. could also shorten the response time and reduce impact. Adopting a streamlined, well-tested, and predefined Incident Response process To keep fit = Security updates and patches To get well soon = Encryption + Backup + IR process Key Point: Final Words: . Bring up the importance of cybersecurity hygiene. It goes a long way Until you get the security basics right, all the fancy and most advanced technology in the world cannot protect us from cyber-attacks. We keep washing our hands over the fear of the deadly viral pandemic. Yet, we fail to do basic things to our “cyber self”, like security updates and strong passwords. We are still struggling to make people and companies do the fundamentals to protect themselves from cyber threats. People continue using one password for multiple logins, clicking the spammy “lottery email,” and forgetting data backups. All of these turn out to be individual incidents and create a massive burden for the security team. is no surprise to experienced security professionals. Meanwhile, we relied heavily on advanced threat detection tools, AI-assisted SOC indicating the usefulness of those techniques, but do not help remove the cybersecurity risks. This fundamentals-first strategy Good Cybersecurity hygiene — keeping the attack vector minimal, continuing education, maximizing visibility to the system, and patching — should be the real “Silver Bullet” that can of . dramatically reduce the risk the weakness link in the picture (the people pillar)

Different

Keep

Why You Should Try Nasal Breathing While Running

Corporate Cybersecurity Should Include Trust, Accountability, and Culture

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

Washing Your Hands Online: Applying COVID-19 Lessons to Cybersecurity

Washing Your Hands Online: Applying COVID-19 Lessons to Cybersecurity

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Bollinger Bands: A Trader's Guide

10 Podcasts That (Happily) Steal 15+ Hours From Me Every Week

10 Early Indicators of a Toxic Workplace

The Noonification: Prisoners on the Electron (11/7/2022)

25 Things that Won’t Exist in 25 Years

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Bollinger Bands: A Trader's Guide

10 Podcasts That (Happily) Steal 15+ Hours From Me Every Week

10 Early Indicators of a Toxic Workplace

The Noonification: Prisoners on the Electron (11/7/2022)

25 Things that Won’t Exist in 25 Years

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps