The Concept of Cyber Hygiene – There must be a basic set of practices for Cyber in order to protect the health of your business.
The Cyber CIC Program Series, by Olivier Bue, Vice President, The Hull Group
This past July I attended the first residential session of the Cyber COPE Insurance Certificate (CCIC) Program and included a key take away from that in our August newsletter. Since then, I have been attending bi-weekly virtual sessions online in advance of the next residential session in Silicon Valley at the end of October.
The virtual sessions were pretty technical with topics around the Cyber Insurance Industry, Cybersecurity Governance or Security Structure and Operations. Most recently, however, a two hour virtual session around “Cyber Hygiene” offered some extensive concepts and structures around this idea.
The concept of “Cyber Hygiene” is simple in terms of the metaphor. The basic set of activities we do to prevent harm like brushing your teeth or washing your hands. It seems intuitive and that there must be a basic set of practices for Cyber. There isn’t – or at least it’s not widely practiced.
A story that makes this metaphor particularly compelling is about the history of hygiene and medicine. In the mid-nineteenth century there is a cautionary tale of a Hungarian doctor named Ignaz Semmelweis. What Semmelweis had discovered is something that still holds true today: Hand-washing is one of the most important tools in public health.
You’d think everyone would be thrilled, but they weren’t. For one thing, doctors were upset because Semmelweis’ hypothesis made it look like they were personally responsible for infections and subsequent deaths. His observations conflicted with the established scientific and medical opinions of the time and his ideas were rejected. In 1865, he supposedly suffered a nervous breakdown and was committed to an asylum, where he died at age 47.
Semmelweis’s practice earned widespread acceptance only years after his death. Even today, convincing health care providers to take hand-washing seriously is a challenge. Hundreds of thousands of hospital patients get infections each year, infections that can be deadly and hard to treat.
Similarly, there seems to be a natural resistance amongst users in an organization’s network or even many cybersecurity professionals to follow a defined basic set of “Cyber Hygiene” practices and they need to be widely practiced and adhered too. This concept might be one of the most crucial factors in protecting the health of your business.