What is the Cybersecurity Equivalent of Washing Your Hands for 20 Seconds - image credit -melissa-jeanty from unsplashWith COVID-19’s spread, there have been numerous recommendations from health authorities and experts that one of the best, first-level measures to help spread infection is to wash hands with soap and water thoroughly for 20 seconds.

In recent days, we’ve frequently gotten the question: “What can I be doing RIGHT NOW to improve my security posture?” That answer often depends on individual circumstances (recommendations for consumers, SMBs and large enterprises may differ). Here are three quick wins that everyone can be doing right now to make sure we are all “washing our hands.”

Stay on Top of Patching & Regular Software Updates.

Both individuals and organisations should stay abreast of the latest patches and updates from software vendors. Patches often resolve weaknesses and security vulnerabilities within products. Patching lessens the risk that a hacker can take advantage of a previously existing vulnerability.

For organisations, IT Ops teams need to be able to patch and configure devices remotely. Security solutions should allow you to identify vulnerabilities, install patches and validate configuration remotely via the cloud. It gives your team the confidence that every endpoint is up to date on the latest policies and secure.

Use multi-factor authentication (MFA).

Multi-factor authentication adds an extra step to the process of accessing critical data. The first step is a username and password, and the second step is additional verification (like a pin or a push). MFA is becoming increasingly popular for many services we access daily.

Enabling multi-factor authentication ensures that the user logging in as an employee is genuinely who they say they are. MFA also lessens the risk of poor password hygiene. Still, as a rule of thumb, passwords should be truly random, 16-character phrases containing upper- and lower-case letters, numbers, and symbols.

Leverage a VPN.

So many employees are working remotely now. Using a virtual private network (VPN) can help better secure internet connectivity and keep private information private via encryption. Public WiFi can be a gamble as it only takes one malicious actor to cause damage.

With any situation where infection is a possibility, a healthy amount of scepticism is always warranted. Be wary of emails coming from unknown sources, particularly if the requester is asking you to click on a link or an attachment. When in doubt, pick up the phone and call someone to ask if their request is valid.


VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.

More than 6,000 global customers, including approximately one third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.

Previous articleSuccess is return on investment
Next articleOnfido grabs $100 million in new funding round
Rick McElroy, Security Strategist, Carbon Black
Rick McElroy, Cybersecurity Strategist for VMware Carbon Black, has more than 15 years of information security experience educating and advising organisations on reducing their risk posture and tackling tough security challenges. He has held security positions with the U.S. Department of Defense, and in several industries, including retail, insurance, entertainment, cloud-computing, and higher education. McElroy’s experience ranges from performing penetration testing to building and leading security programs. He is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Manager (CSIM), and Certified in Risk and Information Systems Control (CRISC). As a United States Marine, McElroy’s work included physical security and counter-terrorism services. A fierce advocate for privacy and security who believes education and innovation are the keys to improving the security landscape, McElroy is program chair for the Securing Our eCity Foundation’s annual CyberFest, a San Diego event dedicated to educating public and private sector security and IT professionals and business executives on the realities of security.


Please enter your comment!
Please enter your name here