Client Pay Portal
 cyber hygiene

Cyber Hygiene: Secure Development of IT Products

It’s October, and that means National Cyber Security Awareness Month a program sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center. This month-long focus is a nationwide conversation that is meant to raise awareness and draw attention to cybersecurity and increase resiliency of the nation’s cyber infrastructure.

On October 3rd I attended iTenWired a conference supported by IT Gulf Coast and designed to foster local economic development, innovation, and entrepreneurship in technology. I had the opportunity to hear from the Deputy Assistant Secretary for Cybersecurity Operations and Programs Gregory J. Touhill. While sharing with us the various aspects of the Office of Cybersecurity and Communications Department of Homeland Security, Brigadier General (retired) Gregory J. Touhill expanded on the topic of Cyber Hygiene. Cyber Hygiene is the idea that by following a few core concepts with your IT assets and configurations you can improve security and better protect yourself from cyber-attacks. Since we now live in a very connected world, by practicing some basic steps with your IT, you can help the nation have a stronger cyber infrastructure. Performing a few core routines with your IT assets and configurations can improve security and better protect your company from cyber-attacks. I came up with some steps you can take to implement regular Cyber Hygiene in your business. 
 

What Can You Do

Each week during October there is a different “cyber topic focus.” This week the focus is Secure Development of IT Products; that means consistently paying attention to the devices you have in your organization and making sure they are up-to-date and secure. Tasks such as patches and updates to the operating systems and maintaining a list of the software on your devices. Make sure to confirm that any software you are using is up-to-date and is currently under a support agreement to maintain any vulnerabilities. For example, Microsoft has end-of-support dates, this is the date that the product will no longer receive critical security patches and updates. Windows Server 2003 end-of-support is July 14, 2015. If you are running any servers on this operating system, make sure you are planning to upgrade or decommission them by that date or you could have some major vulnerabilities in your future. Microsoft Windows XP’s end-of-support date was April 8th of this year so at this point you really need to move off that operating system or plan to upgrade any systems running this legacy OS.
 

Not Just for PCs

Cyber Hygiene does not just apply to traditional desktop computers and servers it also applies to smart phones, tablets, and network devices like firewalls and switches. Often, the network connecting device to the internet is behind on service and support tasks. These days, devices like these can be exploited just like a computer can. Remember to keep them up–to-date and check them on a regular basis for new firmware releases. 

I know what you’re thinking, everyone knows to keep their system up-to-date and install patches. Well, we wouldn’t be talking about it so much these days if everyone were doing such a good job. Check this out, according to the 2014 Verizon Data Breach Investigation Report, the initial step for attackers is often to simply find common vulnerabilities with browsers, Operating Systems, and third-party software (e.g. Flash and Java). And typically they use same patterns over and over. The report goes on to say that, “92% of security incidents analyzed are covered by just nine attack patterns.” Content Management Systems (CMS) are the primary web application target not specifically the CMS code (Open Source -Joomla!, Drupal, and WordPress) but more so in the added pluggins. Even your CMS needs to be patched, kept up to date, and monitored. Enterprise CMS systems like Kentico, Sitcore, EPIServer often have the plugins you need built in and provide regular updates and patches. If you do not have a way to monitor your updates and patches across your network or you do not have a working inventory of all your IT assets; this is a great place to start!

Set up a regular monthly time to revisit all your business infrastructure and make sure it is up-to-date. Although hacking stolen credentials may be the leading cause of infiltrations, (Check out Sam's Blog) it’s better to have security in multiple layers of defense.

Bit-Wizards cloud managed IT solutions keep your IT systems available and secure.

Author

Wiz E. Wig, Mascot & Director of Magic
Wiz E. Wig

Director of Magic