Why am I making a big deal about IT vs. Cyber Hygiene? When an organization shifts the “keep the lights on” day-to-day maintenance and operational activities to a class of work called “Cyber” hygiene, there is a risk of the Ops team loosing focus on those essential daily activities. Additionally, by referring to operation and maintenance activities as Cyber Hygiene activities, one runs the risk of them becoming security requirements and not included in O&M scheduled tasks, or even worse only being given attention when the Security team raises a problem.

Ultimately, the success lies in ensuring your organization’s IT Hygiene is a team sport that requires both the Cyber and Operations side of the technology organization to come together and solve these difficult technical challenges.

Below are some high-level thoughts that will get your organization well on the way to experiencing good IT Hygiene across your networks and information systems:

1. Inventory all devices, operating systems, and software on your organization’s network
2. Develop and implement Secure Configuration for devices, operating systems and software
3. Patch everything as often as you can
4. Continuously tests for vulnerabilities, prioritizing the most critical deficiencies for immediate remediation
5. Limit administrative privileges to only the few individuals that require them
6. Centralize and review audit logs and data from devices, operating systems and software
7. Always backup your data

This is by no means an exhaustive list of activities necessary to protect your environment. These activities are however some of the most important foundational items. If you are not implementing these basic foundational items, your enterprise may be on a very weak foundation, one moment away from being the next news story.