Breaking the Habit…with Good Habits

I, too, am guilty of saying “this is boring” or “it’s just something we have to do”. While those two statements may be factual, it doesn’t endear our audience to best practice.
Derek White
Chief Product Officer
This article is written based on CMMC version 1.0, and may not reflect the updated requirements of CMMC 2.0.

For the latest information on CMMC 2.0, please click here.

Recently, DARK Reading had a terrific article written by Marc Laliberte , regarding tips on getting users bought-in to security policies. While much of the article is true, very little is done on a regular basis in most organizations to change the mindset of information security.  I, too, am guilty of saying “this is boring” or “it’s just something we have to do”.  While those two statements may be factual, it doesn’t endear our audience to best practice.

Shifting culture is a matter of habit and fortunately (or unfortunately) people are creatures of habit.  In Charles Duhigg’s book, “The Power of Habit”,  he speaks about a man who essentially has lost his conscious mind through degenerative brain condition, but still functions relatively normally, through triggered habitual response.  The man would go so far as to cook breakfast, get dressed, and shower without any recollection of the world around him.  In his brief moments of clarity, he is unable to recall when he did these habitual actions, but knows that he is dressed, has eaten (because he is full) and is clean.

While I don’t necessarily condone the “autopilot” response of anyone or anything when it comes to many security functions, it is definitely possible to create good cyber-hygiene habits that transition the home and workplace.  For instance, naturally checking the actual e-mail address that an e-mail came from, regardless of what the Inbox says, is a good habit and can mitigate many Phishing attacks.  Similarly, if an e-mail signature is “off” or old, it might signal a fake e-mail, and a person should contact them out of band (aka not via email…like a phone call), in order to legitimize the communication.

Another way that habit can go far, is to end your work session every day.  This can stop some attacks and definitely helps the everyday user mitigate unauthorized access to specific terminals or workstations.  There are many other habits that form good information security hygiene, like going directly to the printer after printing a document (s), fully turn off wireless when not in use, log-out of web-apps instead of just closing the browser window, etc.  These habits can make you and your organization a harder target for the bad guys, and best of all, doesn’t cost a dime to implement!

Be part of the solution. Be cyber savvy.

Derek White
Chief Product Officer
Derek’s success comes from his customer first mentality, utilizing collaboration between security and technology, to create positive outcomes & compliant solutions.
Why hundreds of organizations
trust our NIST experts
Requirement, Practice & Process Objective Based Security Expertise
Implementation Planning & Advisory
Continuous Monitoring of Compliance Programs
Full Attention on Documentation & Objective Evidence for External Audits
Focus on Technical, Administrative and Physical Security Requirements
Emphasis on Assessing, Remediating & Attesting to Compliance
Speak With an Expert Today

Speak With a NIST Security Expert at Beryllium InfoSec Today

To reach us please fill out the form below.
Beryllium InfoSec logoCMMC AB Pro badge
Beryllium InfoSec has specializing in information security and DoD cybersecurity compliance since 2017.
Beryllium InfoSec, Inc.
5910 N Central Expressway Ste 1665
Dallas, TX 75206
763-546-8354
Compliance Guides
DFARS Compliance GuideNIST SP 800-171 Compliance GuideCMMC Compliance Guide
Featured Articles
CMMC Level 3 Requirements & ControlsDFARS Compliance: The Practical Guide for DoD ContractorsWho Needs Cybersecurity Maturity Model Certification (CMMC)?
© 2024 · Beryllium InfoSec, Inc.
Privacy Policy   |   Terms & Conditions
Site by