6, September 2023
Digital Hygiene for Organisations
Like your body, digital devices need to be taken care of to ensure they continue to run at their most optimal level. In this post, we’ll explore the ins and outs of good digital hygiene. Our handy guide by Stephanie Marinova, IP Paralegal at Abion and BRANDIT, outlines what you need to know to keep your organisation and data safe.
In today’s digital age, passwords continue to be low-hanging fruit for cybercriminals. This is largely due to the lack of password enforcement policies and continues to pose significant risks, leaving organisation vulnerable to data breaches. To combat this issue effectively and prevent information leaks, it is crucial to implemented hygiene standards and security awareness into a company’s cybersecurity strategies which employees can follow in their day-to-day routines.
By continuously fostering a strong commitment to cybersecurity awareness, organisations can securely fortify their defences, mitigate risks and safeguard their valuable digital assets. This proactive approach ensures a safer and more secure digital environment, safeguarding sensitive information from potential threats.
What is the theory behind Digital Hygiene?
The analogy of a “strong password” being the “wear sunscreen” of the online world is used by many – everyone recognises its importance but only a few consistently adhere to it. Digital hygiene provides a solution to this problem by enabling users to establish a protective environment for their data and devices safe, organised and secured, through specific practices and steps that can easily be followed. By incorporating these practices into their routines, users, and the organisation forms a strong barrier to safeguards against data being stolen, corrupted or deteriorated in case of malware, phishing, data corruption and other types of functionality breaches. In essence, digital hygiene acts as a shield, keeping users safe in the vast online landscape. More specifically, digital hygiene ensures that company passwords are unique, hard to guess and extremely difficult to crack.
It is this vulnerability of passwords to such attacks that is of significant concern. These attacks present themselves in a number of forms, including:
- brute force attacks, where attackers relentlessly try different combinations until the password is guessed correctly
- phishing attacks, where malicious actors impersonate legitimate companies to trick users into revealing sensitive data or login credentials
- credential stuffing involves exploiting credentials obtained from a data breach to gain unauthorised access to devices or accounts
Why is Password Hygiene so important?
The importance of a secure password has sparked intense discussion across various industries. It comes as no surprise that organisations have fallen subject of cyberattacks in cases when employees utilise personal passwords for their company account logins. In situations of data stuffing, the attacker usually exploits previously leaked credentials from a separate breach in order to get access to the employee’s accounts. Passwords serve as the cornerstone of a company’s defence against cybercrimes.
Therefore, if employees fail to implement strong and secure passwords or simply have poor password habits, this can significantly increase the vulnerability of a business to cyber threats.
How does a safe or strong password protect your business?
Passwords are the first point of point to one’s information. Consequently, implementing robust safety mechanisms should be considered one of the fundamental ways to protect your business. By proactively taking preventive measures to ensure secure passwords within an organisation, not only can the risks of cyber incidents be reduced, but it can also increase considerable cost savings by minimising the resources needed in incident response procedures.
What has been recently acknowledged is that cybercriminals have shifted their focus from targeting software and hardware tools to focussing on exploiting humans as the weakest link and most vulnerable point in data breaches.
It has been proven that in the absence of oversight or strict company policies, individuals often exhibit risky password practices, such as:
- reusing same passwords across multiple platforms
- changing only a few characters from previously used passwords
- relying on familiar and easy to remember ones, or even
- having them written down or saved in an Excel spreadsheet
All of which pose significant and multiple security risks.
Businesses should consider incentivising password protection as an essential part of their cyber security strategies. By doing so, all safety concerns would be addressed by ensuring employees do not use weak or easy to guess passwords. By implementing effective password mechanisms, organisations would be able to provide user-friendly access to information and accounts, offer a safe space for employees to work in, and keep corporate and personal information well-protected.
Ways to avoid password-related incidents
Establishing a foundation for password hygiene starts with drafting a comprehensive company policy which specifically addresses this issue. The main idea behind a policy is to define standards for password length, complexity, storage and management.
The next vital step is to equip employees with the essential knowledge and training needed to effectively implement the password policy in their daily practices. Ensuring they have a thorough understanding of the policy and its practical applications is essential to its success.
To assist companies and employees in adopting better password habits, there are several steps to be followed:
4 steps towards a better password safety
- Use strong passwords or passphrases While it may be easier for employees to choose a password based on personal information such as birthdays, or family members’ names, such choices are much more susceptible to being cracked by malicious software. For this reason, when creating a password, it is advisable to use combination of words, symbols, lower and uppercase letters, or passphrases. In light of the prevalence of data breaches, it is also crucial to avoid reusing password on business accounts and update them on a regular basis.
- Password manager Implementing a password manager provides for a secure and convenient solution for recording and managing an organisation’s passwords in one centralised place. This valuable tool prevents employees who may have a poor cyber hygiene from unintentionally leaking data. Not only this but it also serves an efficient means of disabling access for former employees without having to carry out an overall password reset for the company.
- Multi-factor authentication (MFA) The MFA boosts security by necessitating users to identify themselves with more than a username and a password. With MFA, users are required to provide an additional authentication code each time they log into a platform. This code is changed at regular intervals, usually every 30 seconds, in order to verify the account’s legitimacy. By adopting an MFA, together with a robust password, the chances of being hacked can be greatly minimised. Embracing a layered security approach adds an extra level of protection, making it more challenging for unauthorised individuals to gain access to user accounts.
- Develop a zero-trust approach With a zero-trust approach, there is an assumption that every user of a device could potentially be compromised. Therefore, every person or device has to be verified prior to accessing the network. By employing a zero-trust architecture, movement within the network is restricted through segmentation.
In the event where a cybercriminal manages to gain access through an unauthorised access point, the continuous verification enforced by the zero-trust model would prevent the potential hacker from navigating further through the network. This is because network segmentation plays a crucial role helps in reducing the amount of damage that could arise from a possible attack.
Recent data breaches have highlighted poor password management in organisations as the leading cause of recent data breaches. Incorporating the necessary steps to ensure digital hygiene is a way to further a company’s cybersecurity strategy and limit the risk of unauthorised data access. Employees play a crucial role as the first line of defence, making it essential for organisations to place significant emphasis on fostering awareness and providing training on digital password hygiene. While the implementation of a password policy may seem complex and time consuming, the advantages it brings in strengthening the overall security, make it a valuable and timely investment for companies.
By promoting strong password practices, organisations can significantly reduce the likelihood of successful cyberattacks and protect sensitive information from potential threats. Emphasising digital hygiene and cultivating a security-conscious culture can go a long way in safeguarding a company’s digital assets, brand and reputation.