Clean up with foundational cyber hygiene | News


“Critical Security Controls,” a phrase coined by the Center for Internet Security (CIS), is a high-tech, nerdy way of saying, “super-important things you really, really, really, really need to do.” They’re not kidding around, either; you really do need to do them.

The biggest hurdle to Internet safety and security is that people just don’t take the issue seriously. That is, they don’t take the issue seriously until they get in trouble, discover their online accounts have been hacked, their passwords stolen, their bank accounts drained and new cars charged to their credit line. Then, they become total tinfoil hat-wearing ultra-cautious security nuts. Until then, though, they usually have a devil-may-care, lah-de-dah, “it could never happen to me” attitude. The bad guys of the Internet are aware of this lackadaisical attitude; they count on it as a key to their success.

The Center for Internet Security (www.cisecurity.org) is “an internationally recognized nonprofit organization focused on raising the level of cybersecurity preparedness globally.” This highly-respected group caters mainly to large business enterprises and government agencies in an effort to develop standards and “best practices” that can make the Internet a safer place. That’s all well and good, but leaves most “normal” computer users out in the cold. This is an unfortunate situation, but I feel it is important to take the high-end cybersecurity principles set forth by groups like CIS and apply them to the rest of us out here in Internetland.

CIS lists 20 “critical security controls” that should be implemented before one can consider their computer systems to be protected. Some of the controls, such as “Limitation and Control of Network Ports, Protocols, and Services,” are designed for network administrators and I.T. professionals, and are beyond the ability of most mainstream users to figure out and enforce. Others, like “Malware defenses” and “Email and web browser protections” are completely doable by regular computer users.

CIS calls the first five…

Source…