Uploaded bytestprojectindia
PPTX, PDF54 views

20220803-Cyber Hygiene Presentation.pptx

This presentation is an excellent document about Cyber Security Tips & Tricks which is very informative.

Embed presentation

Download to read offline
CYBER SECURITY AWARENESS PROGRAM CYBER HYGIENE
CYBER HYGIENE set of habitual practices for ensuring the safe handling of critical data and for securing networks It’s like personal hygiene, where you develop a routine of small, distinct activities to prevent or mitigate health problems. Cyber hygiene practices include the inventory of all endpoints connected to a network, vulnerabilities management, and the patching of software and applications.
1. Cyber hygiene helps prevent cybercriminals from breaching an organization’s network — or at least task can be made so hard that the criminal gives up and goes looking for another victim. 2. Today’s attacks are increasingly sophisticated, relying on social engineering to get a victim to divulge sensitive information, targeting high-level executives, or deploying malware in a supply chain that can then infect hundreds of others. 5. The typical business network includes an array of computers, servers, databases, virtual machines, mobile devices, operating systems, applications, and tools, each of which is a potential attack vector. If these aren’t regularly and properly maintained, it can result in lost or misplaced data, unpatched software, outdated user privileges, and other issues. In this way, an environment grows more vulnerable over time and leaves you with multiple points of exposure. 3. Cyber hygiene helps reduce those vulnerabilities by identifying risks and deploying mechanisms and strategies to reduce or resolve them. 4. By practicing cyber hygiene, organizations can strengthen their security posture and can more effectively defend themselves against devastating breaches. Why is cyber hygiene important
What are the benefits of cyber hygiene Locate unmanaged assets Protect customer data Find outdated administrator privileges Identify rogue software Meet compliance requirements
What are the risks of poor cyber hygiene The results of poor cyber hygiene can cascade through your IT environment, resulting in multiple security vulnerabilities and potential attack vectors. Some of these include: Data loss Misplaced data Software vulnerabilities Malicious software Inadequate vendor risk management Lack of compliance Security breach
Common Principles of Cyber Hygiene
Cyber hygiene is assessed using a performance monitoring solution that scans your IT environment to discover your various assets and to identify vulnerabilities. The results are presented as a score card that quantifies the health of your IT estate. Vulnerabilities are given a severity level of “critical,” “high,” “medium,” or “low” based on the Common Vulnerability Scoring System (CVSS), an open industry standard for rating a computer system’s security vulnerability. These vulnerabilities can be sorted by asset criticality, so you can see which will have the most significant business impact. For example, an unpatched vulnerability on the CEO’s laptop would warrant more immediate attention than one on the intern’s. How do you assess your cyber hygiene
What are some examples of good cyber hygiene One common example of good cyber hygiene would be practicing vigilance when sending or receiving emails. Creating user passwords is another opportunity to practice good cyber hygiene. Rather than using something that could be easily guessed like a child’s birth date, an employee would create a “healthy” password by ensuring it was 10 to 15 characters long; used a combination of letters, numbers, and special characters; and didn’t include the name of a person, fictional character, product, or a word used in a dictionary or one that can be found on their social media feeds Email has become a popular way for cybercriminals to disseminate malware to unsuspecting users. A typical tactic is to pose as a person or business the recipient knows and trick them into clicking on a malicious link that steals their credentials or downloads malware onto their computer. An organization that practices good cyber hygiene would be scanning all incoming emails for viruses and requiring two-factor authentication for all logins so that any stolen credentials would be useless to the attacker It also would have educated all its employees to be wary of suspicious emails with links and attachments, training them not to click on these and to report the email to an IT administrator.
How does business cyber hygiene differ from individual cyber hygiene Individual or personal cyber hygiene is concerned with protecting an individual from security threats while business cyber hygiene mitigates risk for an organization. Some practices are common to both, such as using complex passwords, running antivirus software, being vigilant when responding to emails, and backing up data. Business cyber hygiene, however, is practiced on a much larger scale and addresses a broader range of business concerns, such as securing IT infrastructure, meeting regulatory compliance requirements, and managing vendor risk. Despite these differences, the goal of both personal and business cyber hygiene is to protect computer systems and the integrity of data.
How do you create a good cyber hygiene policy Every organization will have unique IT environments and business needs, but a basic cyber hygiene policy should outline the specific responsibilities of the organization and individual employees. The organization, in turn, should ensure that employees understand and follow its prescribed cyber hygiene best practices. At the organizational level, there should be standard procedures in place to govern areas such as IT asset inventory and management, network and physical security, threat and vulnerability management, regulatory compliance, incident response, and user education. This means preparing and communicating policies around software updates, data backups, password security, secure network usage, and the handling of sensitive data. It’s also important that the organization provide phishing training and awareness to reduce the risk of social engineering threats.
Challenges of implementing good cyber hygiene One of the biggest challenges of implementing good cyber hygiene is simply knowing what you need to protect. You can’t protect the parts you’re not aware of. Cyberattacks are unrelenting for many organizations, so it’s no longer adequate to scan the network now and then. Performance monitoring must be continuous to detect and remediate threats, and that requires resources many businesses don’t have. Cyber hygiene assessment solutions, however, can continuously monitor for vulnerabilities in your environment so you can understand your security exposure in real-time. A cyber hygiene assessment can help map every corner of your network and identify its most critical vulnerabilities so you can fix them. Another significant challenge is simply maintaining good cyber hygiene over the long term.
5 Pillars of Cyber Hygiene
Cyber Hygiene
Attackers already know multiple ways through which they can enter the network. Anything available in endpoints today is vulnerable, and antivirus software alone cannot act as a shield to secure the system. Cyber Hygiene Misbeliefs Endpoints are well protected using strong antivirus software Vulnerability scanning alone is enough to manage software vulnerabilities Patch only Windows and Microsoft applications to prevent attacks Annual compliance audits provide adequate security to the network Cyber hygiene is complex and costly Usually organizations feel that to implement cyber hygiene, they must purchase many security solutions and deploy Enterprises often assume that it is not a cost-effective approach. This is a significant factor that hinders organizations from orchestrating healthy cyber hygiene routine. Preparing the endpoints a few days before the annual compliance audit does not make the parameters wholly secured. These security benchmarks come with regular upgrades and changes, and the endpoints must always abide by these protocols. Patching is one other essential practice organizations follow to secure their endpoints. In general, enterprises believe that cyber attackers target only Windows and Microsoft applications. This makes organizations assume that it is sufficient to monitor and patch these applications alone, and they often neglect to patch third-party applications. Proper security cannot be achieved only with identification. Further assessment and remediation of these vulnerabilities are necessary to evict the security blind spots.
How is Your Cyber Hygiene Like building a castle, one of the prominent defensive strategies was to limit the access points to the castle similarly In today’s networked world, though, it is not practical to have only one entry point into an organization’s computing environment, but every connection also represents a potential attack channel. Therefore, understanding the avenues by which attackers can access your system is critical in the defense of your cyber environment. Do you know what is connected to your systems and networks? Do you know what software is running (or trying to run) on your systems and networks? Are you continuously managing your systems using “known good” configurations? Are you continuously looking for and managing “known bad” software? Do you limit and track the people who have the administrative privileges to change, bypass or over- ride your security settings?
Ensure you’re connecting to the right Wi-Fi network Never use the “automatic connect” feature Always connect to your company’s Virtual Private Network Protect your phone and other devices Beware of shoulder surfers Lock your phone when you’re not using it Beware of phishing attempts Cyber Hygiene Tips for working remotely
What is an ideal cyber hygiene checklist Create and maintain an inventory of all hardware and software on the organization’s network. Identify your CRITICAL data, where it’s located, and who has access to it. Set and enforce strong password policies. Limit administrative-level privileges to those who need them. Regulate how end users install software, either by limiting their access to only trusted programs or requiring IT approval for any installation. Keep operating systems and software applications up-to-date and apply patches promptly. Implement a process for regularly performing, verifying, and testing data backups. Keep multiple copies and back up both on-premises and in the cloud Track end-of-life systems and remove them from use Create a vendor risk-management plan outlining agreed-upon behaviors, access, and service levels. Educate employees on good cyber hygiene practices, including password management, email vigilance, and how to use the organization’s network securely.
Thank You

More Related Content

PPTX
Cyber Hygiene
byGAURAV. H .TANDON
 
PPTX
Digital Security and Hygiene.pptx
byUltimate Multimedia Consult
 
PPTX
cyberhygiene-itwork shop lab cse task.pptx
byRajasekhar364622
 
PPTX
cyberhygiene regular hygien of computer at office
byRajeshKumarSharma71
 
PPTX
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
byAwodiranOlumide
 
DOCX
Creating And Enforcing Anti Malware Practices
byDiane M. Metcalf
 
PDF
Why Smart Cyber Hygiene Matters More Than Expensive Security Tools
byBluechip Advanced Technologies
 
PPTX
What is Cyber & information security.pptx
byamnamahfooz615
 
Cyber Hygiene
byGAURAV. H .TANDON
 
Digital Security and Hygiene.pptx
byUltimate Multimedia Consult
 
cyberhygiene-itwork shop lab cse task.pptx
byRajasekhar364622
 
cyberhygiene regular hygien of computer at office
byRajeshKumarSharma71
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
byAwodiranOlumide
 
Creating And Enforcing Anti Malware Practices
byDiane M. Metcalf
 
Why Smart Cyber Hygiene Matters More Than Expensive Security Tools
byBluechip Advanced Technologies
 
What is Cyber & information security.pptx
byamnamahfooz615
 

Similar to 20220803-Cyber Hygiene Presentation.pptx

PDF
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
byEnterprise Insider
 
PPTX
Advanced data security and confidentiality strategies Final Version --.pptx
byFedralKha
 
PPTX
Certificate in Cyber Security: Explore Top Cybersecurity Degrees & CEH Certif...
byJudeIsaac1
 
PPTX
Webinar cybersecurity presentation-6-2018 (final)
byAT-NET Services, Inc. - Charleston Division
 
PDF
Managing A Network Vulnerability Assessment 1st Edition Thomas R Peltier
byschapalandhf
 
PDF
ACS Computer Forum
byShayne O'Brien
 
PPTX
Cyber security # Lec 1
byKabul Education University
 
PPTX
Cyber Security for Financial Planners
byMichael O'Phelan
 
PDF
The Importance of Cyber Security.pptx (1).pdf
byapurvar399
 
PDF
The Importance of Cyber Security.pptx.pdf
byapurvar399
 
PDF
The Vigilant Enterprise
byBooz Allen Hamilton
 
PDF
Information Security And The Healthcare
byTracy Berry
 
PDF
Why is Cybersecurity Important in the Digital World
byExpeed Software
 
PDF
The uncool-security-hygiene
byThiagu Haldurai
 
PDF
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
byWPICPE
 
PPTX
Cyber Security and Healthcare
byJonathon Coulter
 
DOCX
COMPUTER SYSTEM SECURITY.docx
byToobaTanvir3
 
PPT
It security in healthcare
byNicholas Davis
 
PDF
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
byInvincea, Inc.
 
PPTX
Introduction of ethical hacking.........
byAalyanAbid
 
Four Steps to Boosting Cybersecurity Hygiene - ITSecurityWire.pdf
byEnterprise Insider
 
Advanced data security and confidentiality strategies Final Version --.pptx
byFedralKha
 
Certificate in Cyber Security: Explore Top Cybersecurity Degrees & CEH Certif...
byJudeIsaac1
 
Webinar cybersecurity presentation-6-2018 (final)
byAT-NET Services, Inc. - Charleston Division
 
Managing A Network Vulnerability Assessment 1st Edition Thomas R Peltier
byschapalandhf
 
ACS Computer Forum
byShayne O'Brien
 
Cyber security # Lec 1
byKabul Education University
 
Cyber Security for Financial Planners
byMichael O'Phelan
 
The Importance of Cyber Security.pptx (1).pdf
byapurvar399
 
The Importance of Cyber Security.pptx.pdf
byapurvar399
 
The Vigilant Enterprise
byBooz Allen Hamilton
 
Information Security And The Healthcare
byTracy Berry
 
Why is Cybersecurity Important in the Digital World
byExpeed Software
 
The uncool-security-hygiene
byThiagu Haldurai
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
byWPICPE
 
Cyber Security and Healthcare
byJonathon Coulter
 
COMPUTER SYSTEM SECURITY.docx
byToobaTanvir3
 
It security in healthcare
byNicholas Davis
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
byInvincea, Inc.
 
Introduction of ethical hacking.........
byAalyanAbid
 

Recently uploaded

PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PPTX
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
Chapter 1: Introduction to Economics - Macroeconomics and Microeconomics.pptx
byFJ M
 
PDF
RAJAT ARORA SIR PHYSICAL EDUCATION NOTES ALL CHAPTERS .pdf
bysumitkannoujiya74
 
PPTX
ENGLISH-7-Quarter-4-Week-3 Matatag .pptx
byKimberlyJadeCuyos
 
PPTX
How to Configure Dispatch Management System in Odoo 18 Inventory
byCeline George
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PPTX
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PPTX
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PPTX
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Chapter 1: Introduction to Economics - Macroeconomics and Microeconomics.pptx
byFJ M
 
RAJAT ARORA SIR PHYSICAL EDUCATION NOTES ALL CHAPTERS .pdf
bysumitkannoujiya74
 
ENGLISH-7-Quarter-4-Week-3 Matatag .pptx
byKimberlyJadeCuyos
 
How to Configure Dispatch Management System in Odoo 18 Inventory
byCeline George
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Greengnorance Toolkit Module 2 Energy saving
byKarl Donert
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 

20220803-Cyber Hygiene Presentation.pptx

  • 1.
    CYBER SECURITY AWARENESSPROGRAM CYBER HYGIENE
  • 2.
    CYBER HYGIENE set ofhabitual practices for ensuring the safe handling of critical data and for securing networks It’s like personal hygiene, where you develop a routine of small, distinct activities to prevent or mitigate health problems. Cyber hygiene practices include the inventory of all endpoints connected to a network, vulnerabilities management, and the patching of software and applications.
  • 3.
    1. Cyber hygienehelps prevent cybercriminals from breaching an organization’s network — or at least task can be made so hard that the criminal gives up and goes looking for another victim. 2. Today’s attacks are increasingly sophisticated, relying on social engineering to get a victim to divulge sensitive information, targeting high-level executives, or deploying malware in a supply chain that can then infect hundreds of others. 5. The typical business network includes an array of computers, servers, databases, virtual machines, mobile devices, operating systems, applications, and tools, each of which is a potential attack vector. If these aren’t regularly and properly maintained, it can result in lost or misplaced data, unpatched software, outdated user privileges, and other issues. In this way, an environment grows more vulnerable over time and leaves you with multiple points of exposure. 3. Cyber hygiene helps reduce those vulnerabilities by identifying risks and deploying mechanisms and strategies to reduce or resolve them. 4. By practicing cyber hygiene, organizations can strengthen their security posture and can more effectively defend themselves against devastating breaches. Why is cyber hygiene important
  • 4.
    What are thebenefits of cyber hygiene Locate unmanaged assets Protect customer data Find outdated administrator privileges Identify rogue software Meet compliance requirements
  • 5.
    What are therisks of poor cyber hygiene The results of poor cyber hygiene can cascade through your IT environment, resulting in multiple security vulnerabilities and potential attack vectors. Some of these include: Data loss Misplaced data Software vulnerabilities Malicious software Inadequate vendor risk management Lack of compliance Security breach
  • 7.
    Common Principles ofCyber Hygiene
  • 8.
    Cyber hygiene isassessed using a performance monitoring solution that scans your IT environment to discover your various assets and to identify vulnerabilities. The results are presented as a score card that quantifies the health of your IT estate. Vulnerabilities are given a severity level of “critical,” “high,” “medium,” or “low” based on the Common Vulnerability Scoring System (CVSS), an open industry standard for rating a computer system’s security vulnerability. These vulnerabilities can be sorted by asset criticality, so you can see which will have the most significant business impact. For example, an unpatched vulnerability on the CEO’s laptop would warrant more immediate attention than one on the intern’s. How do you assess your cyber hygiene
  • 9.
    What are someexamples of good cyber hygiene One common example of good cyber hygiene would be practicing vigilance when sending or receiving emails. Creating user passwords is another opportunity to practice good cyber hygiene. Rather than using something that could be easily guessed like a child’s birth date, an employee would create a “healthy” password by ensuring it was 10 to 15 characters long; used a combination of letters, numbers, and special characters; and didn’t include the name of a person, fictional character, product, or a word used in a dictionary or one that can be found on their social media feeds Email has become a popular way for cybercriminals to disseminate malware to unsuspecting users. A typical tactic is to pose as a person or business the recipient knows and trick them into clicking on a malicious link that steals their credentials or downloads malware onto their computer. An organization that practices good cyber hygiene would be scanning all incoming emails for viruses and requiring two-factor authentication for all logins so that any stolen credentials would be useless to the attacker It also would have educated all its employees to be wary of suspicious emails with links and attachments, training them not to click on these and to report the email to an IT administrator.
  • 10.
    How does businesscyber hygiene differ from individual cyber hygiene Individual or personal cyber hygiene is concerned with protecting an individual from security threats while business cyber hygiene mitigates risk for an organization. Some practices are common to both, such as using complex passwords, running antivirus software, being vigilant when responding to emails, and backing up data. Business cyber hygiene, however, is practiced on a much larger scale and addresses a broader range of business concerns, such as securing IT infrastructure, meeting regulatory compliance requirements, and managing vendor risk. Despite these differences, the goal of both personal and business cyber hygiene is to protect computer systems and the integrity of data.
  • 11.
    How do youcreate a good cyber hygiene policy Every organization will have unique IT environments and business needs, but a basic cyber hygiene policy should outline the specific responsibilities of the organization and individual employees. The organization, in turn, should ensure that employees understand and follow its prescribed cyber hygiene best practices. At the organizational level, there should be standard procedures in place to govern areas such as IT asset inventory and management, network and physical security, threat and vulnerability management, regulatory compliance, incident response, and user education. This means preparing and communicating policies around software updates, data backups, password security, secure network usage, and the handling of sensitive data. It’s also important that the organization provide phishing training and awareness to reduce the risk of social engineering threats.
  • 12.
    Challenges of implementinggood cyber hygiene One of the biggest challenges of implementing good cyber hygiene is simply knowing what you need to protect. You can’t protect the parts you’re not aware of. Cyberattacks are unrelenting for many organizations, so it’s no longer adequate to scan the network now and then. Performance monitoring must be continuous to detect and remediate threats, and that requires resources many businesses don’t have. Cyber hygiene assessment solutions, however, can continuously monitor for vulnerabilities in your environment so you can understand your security exposure in real-time. A cyber hygiene assessment can help map every corner of your network and identify its most critical vulnerabilities so you can fix them. Another significant challenge is simply maintaining good cyber hygiene over the long term.
  • 13.
    5 Pillars ofCyber Hygiene
  • 14.
  • 15.
    Attackers already knowmultiple ways through which they can enter the network. Anything available in endpoints today is vulnerable, and antivirus software alone cannot act as a shield to secure the system. Cyber Hygiene Misbeliefs Endpoints are well protected using strong antivirus software Vulnerability scanning alone is enough to manage software vulnerabilities Patch only Windows and Microsoft applications to prevent attacks Annual compliance audits provide adequate security to the network Cyber hygiene is complex and costly Usually organizations feel that to implement cyber hygiene, they must purchase many security solutions and deploy Enterprises often assume that it is not a cost-effective approach. This is a significant factor that hinders organizations from orchestrating healthy cyber hygiene routine. Preparing the endpoints a few days before the annual compliance audit does not make the parameters wholly secured. These security benchmarks come with regular upgrades and changes, and the endpoints must always abide by these protocols. Patching is one other essential practice organizations follow to secure their endpoints. In general, enterprises believe that cyber attackers target only Windows and Microsoft applications. This makes organizations assume that it is sufficient to monitor and patch these applications alone, and they often neglect to patch third-party applications. Proper security cannot be achieved only with identification. Further assessment and remediation of these vulnerabilities are necessary to evict the security blind spots.
  • 16.
    How is YourCyber Hygiene Like building a castle, one of the prominent defensive strategies was to limit the access points to the castle similarly In today’s networked world, though, it is not practical to have only one entry point into an organization’s computing environment, but every connection also represents a potential attack channel. Therefore, understanding the avenues by which attackers can access your system is critical in the defense of your cyber environment. Do you know what is connected to your systems and networks? Do you know what software is running (or trying to run) on your systems and networks? Are you continuously managing your systems using “known good” configurations? Are you continuously looking for and managing “known bad” software? Do you limit and track the people who have the administrative privileges to change, bypass or over- ride your security settings?
  • 17.
    Ensure you’re connectingto the right Wi-Fi network Never use the “automatic connect” feature Always connect to your company’s Virtual Private Network Protect your phone and other devices Beware of shoulder surfers Lock your phone when you’re not using it Beware of phishing attempts Cyber Hygiene Tips for working remotely
  • 18.
    What is anideal cyber hygiene checklist Create and maintain an inventory of all hardware and software on the organization’s network. Identify your CRITICAL data, where it’s located, and who has access to it. Set and enforce strong password policies. Limit administrative-level privileges to those who need them. Regulate how end users install software, either by limiting their access to only trusted programs or requiring IT approval for any installation. Keep operating systems and software applications up-to-date and apply patches promptly. Implement a process for regularly performing, verifying, and testing data backups. Keep multiple copies and back up both on-premises and in the cloud Track end-of-life systems and remove them from use Create a vendor risk-management plan outlining agreed-upon behaviors, access, and service levels. Educate employees on good cyber hygiene practices, including password management, email vigilance, and how to use the organization’s network securely.
  • 19.