Cyber Hygiene for Businesses
Implement best practices to reduce the risk and impact of cyberattacks

Businesses of all sizes can experience cyberattacks, which is why it’s important for you and your employees or co-workers to understand the role everyone plays in protecting your business. Cyber hygiene involves implementing a variety of best practices to help you:

  • Protect your sensitive data from theft.
  • Reduce your risk of falling victim to an attack.
  • Recover more quickly when an attack occurs.

There is not a one-size-fits-all approach to cyber hygiene. Your implementation may vary significantly based on your business operations and the sensitivity of the data your organization holds, but the following information may serve as a helpful guide.

5 Steps for Reducing Your Risk

Identify your assets and manage vendors

Create an IT asset inventory to track and manage all hardware, software, and customer data your business uses, and implement a vendor management process to ensure your vendors meet your security standards.

Before you can effectily manage risks, it's crucial to have a comprehensive understanding of your assets. An accurate asset inventory allows you to track and manage your resources, ensuring that all components of your system are accounted for and functioning optimally. This proactive approach not only supports cybersecurity efforts but also enhances overall operational performance by enabling better decision-making and resource allocation.

An IT asset inventory might include:

  • Vendors
  • Computers
  • Mobile devices
  • Printers
  • Servers
  • Software licenses
  • Other IT Infrastructure
  • Customer data
  • Employee data
Additional Tips
  • Keep track of hardware, software, and associated details such as ownership, models, and versions.
  • Make sure the inventory covers the entire life cycle from procurement to disposal.
  • Pay close attention to software products that may be nearing their end of life so you can receive support and updates from the vendor. Cybercriminals like to capitalize on these kinds of vulnerabilities.
  • While you can sometimes pay for additional support after a product has reached its end of life, it can be very expensive.
  • Like your fixed asset inventories, your IT asset inventory should be updated on a regular basis to make sure it’s complete and accurate.
  • You can outsource responsibility but not accountability. A strong understanding of your third-party relationships is key.
Learn more

The Components of a Vendor Management Process

Limit access

Implement separation of duty and the least privilege principle, emphasize password hygiene and multi-factor authentication, and regularly review user access.

This step serves a dual purpose: It helps keep cybercriminals out and reduces potential misuse from within your organization. Your efforts to limit access should include the following:

  • Separation of duty — Individuals should not be able to initiate, approve, and review the same action. Lack of separation can lead to errors, unauthorized activities, and fraud.
  • Least privilege principle — Employees should only have the minimum level of access to do their jobs.
  • Password hygiene — Understanding how to create a secure password and the importance of using a password manager.
  • Multifactor authentication — Using two or more authentication factors, such as a password and an authenticator app on your phone, to grant access to systems and accounts.
  • User access reviews — Schedule regular reviews to ensure that users have the appropriate level of access needed to perform their job duties.
Additional Tips
  • Create a plan to regularly review access. Consider more frequent reviews for your critical systems.
Learn more

Understanding Password Security and Multifactor Authentication

Best Practices for Safeguarding Your INTRUST Accounts

Minimize human error

Educate your employees on how to identify and avoid social engineering attempts such as phishing and business email compromise.

Social engineering is when a cybercriminal uses deception to manipulate employees into revealing confidential information, sending money, or taking another action. Educating employees can significantly reduce your business’s risk of this occurring. Consider educating employees on the following:

  • Types of attacks
  • Warning signs and how to spot them
  • Never reveal login credentials to anyone
  • Go slow; think before clicking links
  • Report suspicious communications immediately
Additional Tips
  • Ask your executive team to regularly emphasize the importance of cyber hygiene to employees.
  • Consider implementing phishing simulation exercises.
  • Consider adopting tools that filter and prevent certain emails from arriving in your employees’ inboxes.
  • Ensure your employees are using a secure communication method when sending sensitive information or data outside of your organization. This can include using a secure file upload system or a tool that encrypts your data in transit.
Learn more

The Human Factor in Cybersecurity: Protecting Against Social Engineering Tactics

Identifying and Avoiding Business Email Compromise

Enhance system defenses

Implement a vulnerability and patch management process to help identify and resolve security weaknesses in your network.

A vulnerability management process helps you identify security weaknesses in your network. A patch management process helps you fix or remove those weaknesses and improve your system performance. Together, they create the following vulnerability remediation cycle:

  • Scan — Inspect your IT assets with an automated vulnerability scanning tool or by hiring a third-party service.
  • Assess — Evaluate each vulnerability and understand the impact on your business if the vulnerability were to be exploited by a cybercriminal.
  • Remediate — Apply the latest patch to fix the vulnerability or consider removing or replacing the affected component if a fix isn’t readily available.
  • Monitor — Consider hiring a third-party to check the effectiveness of your vulnerability and patch management program.
Additional Tips
  • Hold your vendors to the same standards. Ask for their vulnerability and patch management program so you can better understand how they are protecting your data.
  • Remember to layer your security controls. If one layer fails, other layers will slow the attack, allowing you to discover and remove the threat before further harm is done.
Learn more

Vulnerability and Patch Management

Build cyber resilience

Create a business continuity and disaster recovery plan and identify workarounds you can implement if you experience a system outage.

Business continuity is how you’ll maintain or restore your critical business functions in the event of a system outage. Disaster recovery focuses on strategic recovery of your IT systems and data. These plans typically include the following:

  • Critical functions, acceptable downtime, and recovery objectives
  • Manual workarounds
  • Prioritization of resources
  • An outline of minimum staffing needs
  • Key employees and their roles and responsibilities
  • Communication plans (Including both external and internal stakeholders. For example, an internal plan might include call tree with employee cell phone numbers.)
Additional Tips
  • Regularly test your business continuity and disaster recovery plans and ensure your employees are trained on their roles and responsibilities.
  • Consider building or outlining an incident response program based on likely threat scenarios.
Learn more

Developing a Business Continuity Plan and a Disaster Recovery Strategy