Expert Speak
Cyber Hygiene: Elements to Enhance Your Cybersecurity Strategy

Written by David Brown, Security Operations Director from Axon Technologies
The security strategy of an enterprise is a blend of traditional best practices and those that it develops based on multiple other internal drivers. This could include the experience baseline of the CISO, the number and level of skilled resources available within the enterprise, the culture of the organization, the market segment in which it operates, and lastly, its previous track record of managing cyber security incidents.
A typical list of best practices that every enterprise must follow includes ensuring that routers and firewalls are installed and properly configured; updating whitelists of authorized users and blacklists of prohibited or unauthorized users; ensuring that anti-malware protection software is functional and correctly configured; updating all operating systems, business applications, web browsers, and firmware with latest security patches; and activating strong password rules with two factor or multi-factor authorization procedures.
However, despite the rigorous implementation of these activities, threats from unanticipated sources and entry points are possible. Here are five other areas that if proactively maintained, go a long way in boosting the cyber hygiene of an enterprise.
#1 Disaster Recovery – How Quickly Can You Respond to and Recover from an Attack?
Disaster recovery processes are the foundation for a resilient security strategy. By default, backups are thought to be successful once completed but may become a source of failure at a late stage. Typically, parts of the backup process may fail and go unnoticed by administrators.
More seriously, threat actors may be successful in purging on-premises and cloud backups, while disaster recovery processes may never have included off-line backups or tape-based data backups. Going forward, best practices for disaster recovery should include routine exercises to detect backup failures and must follow the 3-2-1 backup rule.
#2 Digital Footprint – Keeping the Big Bad Wolves Away from your Door
One of the most vulnerable areas for an enterprise is leaving doors open that are facing the Internet. Typical examples include expired domain names; expired SSL Certificates; forgotten cloud servers or buckets; demo web services left running; exposed services and ports. A digital footprint audit gives deep visibility beyond a typical network boundary into areas that may provide a backdoor Internet entry into the enterprise. Knowing everything that you are exposed to will show not only where there are holes, but also where duplication exists.
Having one Windows Remote Desktop Server open to the Internet is never good but learning that you have twelve of them is eye-opening. By using security gateways and terminating nonessential and redundant Internet-facing services, the defensive profile of an enterprise is vastly improved. A well-maintained digital footprint consolidates Internet-facing assets, known and unknown, into a manageable inventory.
#3 User Policies – Clarity and Transparency Are Key to Security
The enterprise must define at an early stage what is allowed and not allowed inside the information technology and networking system. Certain practices can be detrimental to the well-being of an organization’s workflow and create additional challenges for administrators. For example, unrestricted usage of the Internet for e-commerce, file storage, social media, and media streaming, is mostly unrelated to business processes.
Continuous usage by employees, by adding notifications and popups from third-party interfaces, cloud the cyber hygiene of an enterprise. The enterprise must also have clearly defined policies about not allowing removable media such as USBs, external hard drives, mobile phones, and personal devices to be plugged into the enterprise network.
#4 Network Segmentation – Restricted Access: Authorized Personnel Only
At one stage industrial enterprises physically separated industrial control systems and information systems. However, with industrial enterprises also adopting digital transformations solutions post-pandemic, this is no longer feasible. Enterprises need to proactively segment their networks with built-in Zero privileges, while moving from one network segment to another, as well as setting up alerts in case there is an attempt to breach these segments.
Does a library PC in a remote university location need to access the central database server farm? Limiting access privileges exclusively to those who need it protects the enterprise network from widespread cyberattacks and enables better performance as it reduces the volume of users in specific zones.
#5 Data Encryption and Classification – An Organized Enterprise is a Secure Enterprise
Data should be classified based on importance and usage. Classification allows the internal security team to understand how to protect the data and locate it within the enterprise. If data is stolen from the enterprise, classification marks help to make it identifiable to the administrators. Any data that has a high classification level should be encrypted both in storage and transport. This ensures that an enterprises’ most valuable data is encrypted when it is travelling across the network.
These five processes, amongst others, are critical to reducing the risks and exposure of an enterprise. It leads to a huge improvement in cyber hygiene while building a resilient security strategy.
Expert Speak
Blind Spots and Wishful Thinking – Why Data Resilience Needs a Reality Check

Written by Dave Russell, Senior Vice President, Head of Strategy at Veeam (more…)
Artificial Intelligence
As Adversarial GenAI Takes Off, Threat Intel Must Modernize

Written by Bart Lenaerts, Senior Product Marketing Manager, Infoblox (more…)
Expert Speak
2025 Threat Trend Spotlight: Edge Devices

Written by Antoinette Hodes, Evangelist & Global Solution Architect | Office of The CTO at Check Point Software (more…)
-
Cyber Security7 days ago
Beyond Blocklists: How Behavioural Intent Analysis Can Safeguard Middle East Businesses from Rising AI-Driven Bot Threats
-
Cyber Security7 days ago
Honeywell Report Reveals 46% Quarterly Spike in Industrial Ransomware
-
Cyber Security1 week ago
Labubu Doll Craze: How Cybercriminals Are Exploiting the Hype
-
Cyber Security7 days ago
Sophos Boosts Firewall with New Protection and Incident Response Features
-
Cloud4 days ago
SentinelOne Simplifies Secure Cloud Migrations on AWS
-
News4 days ago
Versa and OPSWAT Partner to Strengthen SASE Security with Real-Time Device Defense
-
Cyber Security14 hours ago
ESET Research Uncovers Iran-Aligned BladedFeline Spying on Iraqi, Kurdish Officials
-
News14 hours ago
Axis Intros Next-Gen AI-Powered Dome Cameras