Cyber Hygiene Essentials (Video)

In this video, Steve Ripper explains PCG’s cyber hygiene essentials. He outlines the cybersecurity basics that PCG implements to protect all of its clients.

Hello, my name is Steve Ripper, and today I would like to talk about PCG’s new security initiative, which we have named Cyber Hygiene Essentials.

Why Is Cyber Hygiene Important?

In today’s increasingly difficult security environment, PCG has identified a need for companies to step up, at the very least, their basic safety controls. In our VCIO reviews, as well as our more involved risk assessments, it has become apparent that many companies have varied and sometimes very lacking security posture for their environment. This makes it very difficult to support our client base as we never really know whether there is a gap or the product that is in place is the right one for the task.

Therefore, we have begun our initiative to get basic levels of security protection in place for all of our clients. These will use best in class products, which we have chosen for the security roles we have deemed essential to a safe security posture.

Critical Cybersecurity Standards

That simple mission statement is how we came up with Cyber Hygiene Essentials, and at its core is a set of minimum standards that all clients should meet. We strongly recommend that all of our clients that do not currently meet these standards should work with us to upgrade their systems, policies, and practices to bring them into compliance. Now I would like to briefly go over those standards.

  • Endpoint protection. All computers on the client’s corporate network must be protected by an antivirus agent, and servers and key devices should also have an EDR agent.
  • Password policies. The client must comply with PCG’s current password standards, which include complexity, length, and expiration rules.
  • A Microsoft domain. Each client must operate a Microsoft domain via an on-premises server or an Azure-backed domain.
  • Network boundaries. Each client office with two or more computer users must be protected by a PCG approved firewall.
  • Remote access. All remote access to the corporate network must be via a VPN or similar technology.
  • Multi factor authentication, my favorite. All users must have MFA in place at a minimum for email access and for remote access.
  • Email protection. All email accounts must be protected by a PCG approved spam protection service.
  • User training. All computer users should receive annual computer security training.
  • Unsupported computers. No computers with unsupported operating systems, such as Windows seven may be attached to the corporate network.
  • And finally, cyber insurance. The client must maintain cyber insurance covering both the insured and third party claims.

It is PCG’s goal in this initiative to get a baseline of security in place for all of our clients to better meet the security challenges now and in the future.