Millions of computer systems going down at the same time; emergency services, travel, and financial systems disrupted; and global shipping halted. It’s the type of technology catastrophe many envisioned would happen during Y2K, or some far-off dystopian future, yet the CrowdStrike outage happened in 2024 and the world was woefully unprepared. While the exact cause is still being investigated, the culprit seems to have been a bug in their software.
It’s hard to comprehend living in a world where flawed or buggy code can take down so many critical systems and drain $5 billion in direct losses from Fortune 500 companies. And, it’s true that there’s no easy fix to this kind of problem. But whether it’s preventing bad software updates or maintaining compliance among constant requirements and changes, organizations can implement several practical measures to improve their cybersecurity hygiene and reduce their risk exposure.
Here are four key areas to focus on:
Founder and CEO, Secureframe.
1. Strengthen Employee Awareness and Access Controls
Table of Contents
Social engineering attacks have nearly doubled since last year, accounting for 17% of all data breaches. In the past, email phishing attempts were fairly easy to spot because they were often filled with spelling and grammatical errors, and the email address they came from usually looked suspicious. Now, generative AI tools like ChatGPT allow attackers to create phishing emails that look very credible and might not be caught by spam filters.
New employees in particular are prime targets for cybercriminals. There’s a common phishing scheme where bad actors will use LinkedIn to find employees that have recently joined a company, then send them a text message pretending to be the company’s CEO. They’ll ask the employee to purchase gift cards and then send them the card numbers, scamming them out of hundreds or even thousands of dollars. In 2020, hackers gained access to Twitter’s systems through an employee phishing attack by calling customer service and tech support employees and instructing them to reset their passwords. That’s why it’s more important than ever to implement comprehensive security awareness training for all employees, especially new hires.
Another way companies can protect their systems from phishing attempts and other types of scams is by implementing role-based access controls (RBAC). Each employee should only have access to the systems and data they need to do their job, reserving the most privileged permissions for IT roles and higher positions of authority. RBAC allows IT teams to easily add, modify, or remove permissions for a single user, or all users in a group at once, helping to prevent cyber attacks that take advantage of employee vulnerabilities.
2. Manage Third-Party Risk
Many organizations don’t give enough consideration to security compliance for the services they use and the technology partners they work with. In fact, fifty-four percent of organizations reported experiencing a data breach caused by one of their third-party vendors within the span of a year. That’s why it’s incredibly important to assess and manage the risk for every vendor you work with and ensure they’re adhering to strict cybersecurity standards.
You should conduct regular due diligence assessments where you ask potential vendors about their encryption practices or use of an intrusion detection system (IDS) to better understand their network security practices. You should also question them about their client offboarding processes so you know how your data will be disposed of once the vendor relationship ends.
After the assessment, you should rank vendors based on how critical their services are and the sensitivity of the data they handle so you can use more control with high-risk vendors. All vendor contracts should include specific evaluation criteria, security requirements, incident reporting protocols, and compliance obligations to ensure they are aligned with your organization’s security requirements and risk tolerance.
3. Streamline Compliance Processes
While regular audits are a necessary part of good security hygiene, when companies face numerous and repetitive compliance audits it can be a serious distraction to business-critical priorities. Not to mention, a morale killer. I call this “audit fatigue” — the constant cycle of compliance checks and documentation overload becomes too much of a burden, leading employees to disengage and sometimes resign. And unfortunately, this decreased efficiency and increased turnover can result in significant financial losses for the company.
That’s why it’s important to limit as much of the tedious work as possible — like the evidence collection process, for example — and avoid duplicative work when you’re in the midst of an audit. Compliance automation can help with this by speeding up evidence collection, centralizing compliance data, and continuously monitoring security controls, which lessens the workload on employees so they can focus on core tasks.
4. Embrace Continuous Vigilance
Maintaining strong cyber hygiene requires ongoing effort and attention to evolving threats.
The first step is to develop a clear understanding of your organization’s risk profile and security posture. From there, it’ll be important to implement a system for quick remediation of identified issues before they can be exploited.
Compliance automation tools can help here by flagging vulnerabilities and failing controls, which enables security and IT teams to remediate issues proactively before an attack can occur. These tools can also provide a complete picture of your risk profile and security posture, allowing for more efficient and effective risk management. By leveraging this technology, companies can streamline their compliance efforts, reduce human error, and stay ahead of evolving threats.
This is particularly critical for financial institutions, healthcare organizations, and transportation systems, like those affected in the CrowdStrike outage, because catching and fixing vulnerabilities quickly means saving highly sensitive data from being exposed and critical services from being interrupted.
By focusing on these four areas – employee awareness, third-party risk management, streamlined compliance, and continuous vigilance – organizations can significantly improve their cyber hygiene. This holistic approach not only protects sensitive data but also fosters a culture of security awareness throughout the organization.
We list the best network monitoring tools.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: