5 Basic Cyber Hygiene Practices You Should Adopt Now

Schools have access to a range of technical cybersecurity solutions, but some of the most effective solutions are simple and budget friendly. In fact, Microsoft’s 2023 Digital Defense Report reveals five basic cyber hygiene practices that prevented over 99% of attacks. In this blog post, we’ll break down these basic practices and explain how you can use them to build your cyber resilience and hygiene.

1. Enable Multifactor Authentication (MFA)

MFA adds a layer of protection beyond login credentials by requiring another form of authentication. Even if an attacker gets ahold of your username and password, they can’t access your account without your MFA code or token.

Most people are familiar with SMS MFA, where a one-time passcode is sent to your phone as a text message. You enter the code after your username and password. Even better than SMS MFA is an authenticator app such as like Microsoft’s Authenticator app. And if you’re using Microsoft Office 365, you already have access. You just need to set it up.

2. Apply Zero Trust Principles

Zero Trust principles are security concepts designed to limit the impact of a cyberattack:

• Never assume a user, device, or system, whether inside or outside an organization's network, is trustworthy. Instead, everything must be verified before being granted access.
• Only provide users with access to resources they need, and nothing more. This is known as the principle of least privilege.
• Assume a breach has already occurred or could occur. A proactive mindset facilitates awareness and strict security measures.

3. Use Endpoint Detection and Response (EDR)

EDR monitors and protects endpoint devices such as computers, servers, and mobile devices. Through behavioral analysis, machine learning, and other advanced techniques, EDR detects complex threats that traditional antivirus solutions might miss.

Local education agencies with 15,000 students or fewer can apply for free EDR licenses through the TEA's K-12 Cybersecurity Initiative. According to TEA, “EDR is one of the best solutions to prevent ransomware.” At minimum, organizations should equip high-risk devices such as servers and central office staff equipment with an EDR solution to mitigate threats quickly, prevent damage, and improve cybersecurity.

4. Keep Systems Patched and Up to Date

A recent report shows 30% of cyberattacks on schools start with criminals taking advantage of security weaknesses. Patches and system updates fix weaknesses and promote system stability. Be sure all firmware, operating systems, and applications are using the latest patches to reduce the risk of cyberattacks.

5. Protect Data

Educational organizations are treasure troves of sensitive information. Classifying your data is a great way to understand what should and shouldn’t be kept private. If you don’t know where to start, consider traffic light protocol designations.  

Once you identify your sensitive data, it’s critical to keep it encrypted unless an authorized user is accessing it. This ensures confidentiality and protects sensitive information from unauthorized access.

Are You Cyber-Compliant?

Incorporating these cyber hygiene basics into your organization’s cybersecurity plan will not just help protect against cyberattacks. Many of the basics covered here are part of the state-required cybersecurity annex. For information or support, contact TASB Privacy and Cyber Risk Consultant Lucas Anderson.