Creating A Security Hygiene Checklist


In my previous post, I briefly mentioned the importance of having good security hygiene. But what does that really mean?

Every day to help keep yourself healthy, there are a series of tasks you perform and habits that you have. You brush and floss your teeth at least twice a day, you shower, and hopefully you put vaguely clean clothes on. Why? To keep yourself healthy. The same is true for keeping your security program healthy and your company secure.

There are a few, very simple things everyone should make habits out of that can go far in keeping your security in fit and fighting form. Increasing awareness and consistent performance of these habits within your organization really is in your best interest. Many people don’t realize or are unsure of what to do, and recent leading industry and government reports have revealed 90 percent of successful data breaches and cyber attacks result from unknowing employee error.

Below are a few questions and thoughts to get you started on establishing simple practices to help improve security hygiene for you and your organization:

When was the last time you made sure you have strong passwords (or better yet a passphrase) for all of your important accounts, and haven’t duplicated passwords across multiple applications?

I could sit here and say every application should use a complex password, but let’s be honest with each other. The truth is that you are not going to follow that piece of advice. The next best thing is to understand what is valuable (not just to you, but to a data thief), and protect it with a strong complex password or better yet, a passphrase you can actually remember.

Have you used the same password across 20 sites for the last 10 years? What would happen if (when) that password is compromised? Time to change them, and sooner rather than later. Start by making a habit of re-evaluating the password you use for an app the next time you log in, and create a new one with a password generator.

Have you enabled multi-factor authentication on all accounts and checked the ever-changing list of which apps now support it?

It’s been said many times, but it’s worth repeating. Multi-factor authentication (MFA) is one of the best things you can do to prevent someone gaining access using your credentials. MFA layers security so you can make sure that a single compromised password doesn't grant malicious actors full access to your account. As vendors prioritize the security of their customers, and users demand more robust protection, the list of tools that integrate with all of the various MFA providers continues to grow. Stay on top of this added functionality by making it a regular habit to cross-check your apps with this list.

When was the last time you reset your passwords?

Great, you have a complex password or passphrase, and while we've questioned the value of resetting passwords reactively to protect your online accounts, regular resets do keep a fresh line of defense between your accounts and attackers by creating a shelf-life if they are breached. Remember it's important to prioritize quality over quantity here; the frequency of resets should be balanced with the level of thoughtfulness required to create strong credential sets. Know when to outsource access management, too; there are password managers to take on the memorization work and identity platforms that automate resets for you.

Do you know how many cloud apps are being used within your company? Or how many seats are being shared by multiple people?

80% of IT Pros say users set up unapproved cloud services. Shadow IT undermines the extensive security policies and access frameworks put in place by professionals well-versed in the related risks. Visibility into all of the accounts and solutions being used in your organization helps ensure security provisions have their desired impact on protecting privileged data and information.