Like your body, your IT systems need the same level of consistent care to stay healthy. When you routinely take steps to ensure your devices are running optimally, you’re practicing good cyber hygiene.
As children, we learn how to take care of our bodies. But not everyone is taught how to have good cyber hygiene. Most people pick up bits and pieces as they use technology for their work and personal lives. You might have some good habits, like using different passwords for different devices and accounts, but not others like updating or replacing an outdated firewall.
It’s easy to think of tech as “set-it-and-forget-it.” Unfortunately, that’s not how cybersecurity or device maintenance works. Just like you can’t do a load of laundry or brush your teeth only once and expect to stay healthy and clean, cyber hygiene should be part of an overall routine.
The good news is that many processes can be automated, and those that can’t be are relatively easy to put in place.
It used to be setting an automatic timer to clean your browser’s cookies or defragging a hard drive was sufficient to keep your computer running at its best. A single download of generic antivirus software could keep most hackers at bay.
As computers have become more complex, so has using and maintaining them. Cybercriminals have become far more sophisticated. Your electric co-op has the additional threat of state-level actors who see your organization as an easy way to access the nation’s critical infrastructure.
Cybersecurity is big business. Large criminal organizations are making billions a year and recruiting top talent out of school to do so. There are anti-virus software companies whose primary purpose is to advertise and track you, not protect your device from malware. Sometimes the software doesn’t even block trackers or protect your computer. Here are our top tips for maintaining good cyber health and hygiene.
For electric cooperatives, having good, next-generation antivirus software installed and always updated is crucial.
Basic antivirus software works by essentially having a list of harmful software. New threats are added to the list when the software updates. When the program sees software on the list attempting to install itself on a device, it blocks it.
That’s not going to cut it for electric co-ops under the perpetual threat of state-level cyberattacks. State-sponsored attacks don’t always use commonly known viruses or attacks; they are far more likely to engineer their own unique malware. That’s why, to protect your electric co-op, you need next-generation antivirus software that stops attacks proactively.
In the past, firewalls would block or allow specific IP addresses based on a list of known threats. But like antivirus software, they’ve also evolved considerably. Next-generation firewalls block potential threats based on suspicious behavior and, in some cases, can even isolate the threat and dismantle it.
Many people don’t realize firewalls have an expiration date of sorts. That means after a specific period, usually, a few years, updates and patches won’t be available for it anymore. It may need to be replaced entirely.
Having just a firewall or just antivirus software isn’t enough; you need both to protect your co-op. And, you have to make sure both are up-to-date.
Software updates not only improve your system’s performance by taking care of any bugs or issues but also include security patches that protect your device and network. New vulnerabilities are discovered daily, so it’s important to make checking for and installing new updates a habit. Just like brushing your teeth or combing your hair, updates should be part of your standard IT process.
Electric cooperatives handle a lot of sensitive information, from member information to operational data. For example, a cybercriminal could use information about you from a personal device like a tablet or phone to better understand your cooperative’s culture and employees. That information could help them conduct a social engineering attack in which they pretend to be a member or employee of the cooperative and attempt to gain access to your systems. Or, in a more benign but no less dangerous attack, use the information to craft a highly convincing phishing email.
An excellent first step to securing your data is using strong passwords combined with multifactor authentication.
The conventional wisdom about passwords has changed considerably in the past few years. Previous password advice told you to have a long string of random letters, special characters, and numbers. Cybersecurity specialists now know, however, that length is the cornerstone of a secure password. A passphrase, as opposed to a password, is generally considered more secure. A good passphrase can be any combination of preferably five words that’s easy for the user to remember. The phrase should still use numbers or special characters if possible, but in a way that makes sense to the user. A nonsense phrase is fine and, as long as it’s memorable, actually better. An example passphrase is, “Elves coffee sludge at 4:30.”
And of course, try not to use the same passphrase for every device or account, especially if you are a remote worker.
Multifactor authentication is another good practice. A good passphrase is only the first part of multifactor authentication. The second part is either something you physically are, like your fingerprint, or something you physically have, like a digital token or card with a chip in it. There are several authenticator applications that can be used with your phone to enable multi factor authentication.
Combining strong passwords with at least one form of multifactor authentication is a good cyber-hygiene practice that any of your cooperative’s team members can implement.
Backing up data does not mean what most people think. You might have member data copied and stored on a different server in addition to an authorized employee’s computer. You may also “backup” that data regularly to a cloud service. Unfortunately, that’s not backing up data so much as moving it somewhere else. The information is still vulnerable in all locations.
Truly backing up means moving your sensitive data offsite and offline. Having your data offsite also protects it from dangers to your co-op’s physical location. Even if a natural disaster, like a flood or fire, ruins your co-op’s buildings and equipment, the data is safe. Having it offline protects it from cyberattacks.
Another component of good cyber hygiene is solid wireless security practices. That means segmenting and segregating systems or devices when necessary.
However, that’s only part of good wireless security. It’s just as important to know who has access to what networks and ensure you have strict authentication practices in place.
TITAN, our purpose-built cybersecurity suite engineered explicitly for electric co-ops, can help you ensure your co-op is practicing good cyber hygiene without putting an additional burden on your electric cooperative’s employees.
First, TITAN can monitor your software and systems and make sure they are all up-to-date. It will notify you when you need to do updates and can even do them for you.
And, TITAN will perform vulnerability scans on your cooperative’s software and hardware, spotting potential issues like SCADA system vulnerabilities. With TITAN, your entire system and network are continuously scanned – your cooperative’s routers, switches, firewalls, everything.
SkyHelm can configure a next-generation firewall that is customized to meet your cooperative’s security and usability needs. We also offer data protection and migration to help keep your co-op’s information not only secure but also properly backed up.
Good cyber hygiene is essential for everyday computer users, but it’s absolutely crucial for electric cooperatives.
Contact us to help your electric co-op design and implement an effective cyber hygiene routine today.