Hackers are there all the time: lurking in the shadows, constantly hunting for weak points in your networks, or stumbling on their next target. You can ignore this and hope for the best, risking time, money, reputation, and a lot of unnecessary stress. Or you can fire up a reliable cybersecurity hygiene strategy that wrecks a hacker鈥檚 day and locks them out for good.听
If the latter is your plan (we hope it is!), keep reading for our hot takes on cyber hygiene, straight from the threat hunters in our 24/7 Security Operations Center (SOC). They see (and we mean everything) that hackers are doing around the clock to get access to your data, systems, and people.听
Think of cyber hygiene as the digital version of brushing your teeth. It鈥檚 all about maintaining healthy habits and routines to keep your IT environment safe and clean. Skipping over these steps, even once in a while, increases the risk of vulnerable exposures, just like cavities when you don鈥檛 brush regularly.
Now, let鈥檚 get into the cyber hygiene tips that will flip the script on hackers.听聽
Passwords aren鈥檛 enough anymore. That鈥檚 why MFA should be part of your security playbook with few to no exceptions.听
With MFA, hackers have to pick two locks on your perimeter instead of one (username and password) to access your identities and endpoints.听
For users, MFA adds an extra step, like a code sent to their phone or a fingerprint scan. Yes, this might be a little annoying or inconvenient.
But for hackers, this is a total buzzkill. They鈥檙e locked out. They can鈥檛 authenticate in your environment unless they get or replicate access to this secondary lock you鈥檝e set up.听
We can鈥檛 stress enough how important it is to turn on MFA for all external-facing services whenever possible. Build a hostile, thorny, and prickly fortified wall around your email accounts, payment portals, and VPNs at a minimum.听
We鈥檝e all received (and ignored) those weird emails or text messages from 鈥淓ZPass鈥 or 鈥淯SPS鈥 demanding urgent action.听
We all know that those aren鈥檛 legit, but phishing, vishing, and smishing scams are still cheap and easy hacks for cybercriminals to sneak in unnoticed.听
So, if it鈥檚 an unexpected message that makes you scratch your head, someone might be trying to take advantage of your trust to get access to systems, data, or money. Ignore it and keep on moving!
Updates and patches might not seem like a big deal. You might even gloss over them once in a while. But these low-key security defenses should never be ignored because out-of-date software is an open invitation for unauthorized access into your environment.听
Hackers look for outdated applications, operating systems, and firmware to exploit vulnerabilities you haven鈥檛 fixed or might not even know about. If you aren鈥檛 regularly patching, it鈥檚 a safe bet you鈥檝e got unknown, exploitable exposures on your attack surface that hackers use as easy access points.听
Here are a few things to remember so updates aren鈥檛 a headache:聽
If you鈥檙e using 鈥123456鈥 or 鈥渟ecret鈥 as your password, you might want to start rotating those ASAP. These are two of the most commonly used passwords, and hackers love weak passwords like you love Friday nights.
Top 10 most common passwordsWhat should strong passwords look like? Think: 肠辞尘辫濒别虫颈迟测.听
Weak password (e.g., 鈥減assword鈥) vs. strong passwordStorage for your passwords is equally important. You can make your passwords elaborate, but it doesn鈥檛 matter if they aren鈥檛 securely managed. Invest in secure password managers and stop using plain text passwords. If you鈥檙e curious about how your password storage policies stack up to others, check out the "Top 10 Worst Places to Store a Password."
Our SOC runs into far too many brute force attacks on exposed Remote Desktop Protocol (RDP). Hackers lock onto vulnerable RDP until they gain unauthorized access to scope out your network, escalate privileges, move laterally, and steal sensitive information.听
So don鈥檛 leave RDP exposed if you don鈥檛 need to. And if it does need to be internet-facing, consider putting it behind a VPN with MFA for extra layers of protection. Or maybe you don鈥檛 need RDP at all, so just disable it altogether. Problem solved.
Worried that RDP will be a weak point? Managed Security Information and Event Management (SIEM) is an early warning system for brute force attacks on RDP. If attackers find vulnerable RDP instances on your perimeter, SIEM will tip off SOC analysts so they can shut things down before your endpoints get caught in the crosshairs.听
Learn about our SOC鈥檚 technical analysis of vulnerable RDP exposures in our blog "Brute Force or Something More? Ransomware Initial Access Brokers Exposed"
Once hackers get into your environment, they鈥檒l start taking steps to hide in plain sight, covering their tracks. Some of this activity is harder to spot, but all of it should look sketchy compared to legitimate traffic.听
Some red flags to look out for include:
Microsoft Defender modifications
If you鈥檙e not sure how to catch all of these different activities, 杏吧传媒 Endpoint Detection and Response (EDR) and Managed Microsoft Defender watch your endpoints for you 24/7. They alert our SOC to strange behaviors of possible compromise so they can step in right away, fix the problem, and let you focus on what matters most for your business.
Yes, you need to be strict. Purposefully managing allowed or blocked applications, resources, and network traffic is a huge step toward keeping attackers out.
For example, if a user doesn鈥檛 need Windows OpenSSH, block it or remove it from the host. If VPN logins aren't allowed from specific locations, make sure they're on the deny list. Clearly defining unwanted access rules, especially with help from 杏吧传媒 Identify Threat Detection and Response (ITDR) means minimal risk and exposure.
When hackers get into your system, they love to mess with logs to throw you off their trail. They might overwrite logs to hide their dirty work.
Logs are a superpower that let you peel back the layers of a cyberattack to figure out what happened and how to avoid it in the future. But logging security data can be pricey and cumbersome, especially for small teams that are understandably overwhelmed with alert fatigue.听
Here are a few ideas to get data logging into your cybersecurity hygiene routine:
Need better oversight on who can access which resources in your environment? Consider adding conditional access policies (the more complex, the better). These scenarios dynamically control access to protected resources by setting out conditions the user must meet to gain access. In other words, if you want access to Microsoft 365, then you must use MFA (not just credentials).听
The more complex the access policies are, the tougher it is for attackers to crack the rules you鈥檝e set up. This is another cybersecurity hygiene option that keeps things clean and helps build a thicker perimeter moat so hackers are up against multiple layers of your security stack instead of one.
Cyber hygiene isn鈥檛 just a buzzword anymore. You can鈥檛 afford to not think like a hacker anymore, or get help from experts who do. Give your security program a scrub and consider running with managed services to fortify your defenses for the long term.
Try it out now with a 杏吧传媒 free trial.听
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
