In today’s ever-changing threat landscape, it is important to create a cyber hygiene routine that can prevent cybercriminals from succeeding in cyberattacks. Cyber hygiene involves training your company to think proactively about its cybersecurity. To get started, assess your current cyber hygiene routine. The Cybersecurity and Infrastructure Security Agency (CISA) offers several scanning and testing services to help organizations reduce their threat exposure.
Here are CISA’s four scanning and testing services:
- Vulnerability Scanning: Evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
- Web Application Scanning: Evaluates known and discovered publicly accessible websites for potential bugs and weak configuration to provide recommendations for mitigating web application security risks.
- Phishing Campaign Assessment: Provides an opportunity for determining the potential susceptibility of personnel to phishing attacks. This is a practical exercise intended to support and measure the effectiveness of security awareness training.
- Remote Penetration Test: Simulates the tactics and techniques of real-world adversaries to identify and validate exploitable pathways. This service is ideal for testing perimeter defenses, the security of externally available applications, and the potential for exploitation of open source information.
These services are available to federal, state, local, tribal, and territorial governments, as well as public and private sector critical infrastructure organizations at no cost. For more information, visit CISA’s cyber hygiene services. In addition, CISA also offers a Cyber Essentials. guide to implement organizational cybersecurity practices.
