What Happens When Cyber Hygiene Fails?

Written By David Moulton

Cybersecurity isn’t something you conquer. It’s not a finish line or a box to check. It’s a relentless journey. Threats keep changing, and so must we. In this week’s Threat Vector Podcast, Dr. Daniel Ford, Chief Information Security Officer at Jovia Financial Credit Union, joined us to talk about how mastering the basics—cyber hygiene and risk management—can make all the difference.

Let’s face it: without strong fundamentals, the fanciest security tech in the world won’t help much.

Cybersecurity Is About Progress, Not Perfection

“Where are you at in your journey?” Dr. Ford asked. It’s a good question because cybersecurity is all about improvement. Bigger organizations take longer to mature, but the goal is the same—consistent progress.

Curiosity, according to Dr. Ford, is the secret weapon of top security professionals. “We need to know how things work, how they break, and how attackers exploit them,” he explained. Cybersecurity pros don’t just fix problems. They think like hackers, always trying to anticipate the next move.

The Basics of Cyber Hygiene

Cyber hygiene is like personal hygiene. Dr. Ford made a compelling analogy: just as you brush your teeth or wash your face daily, good cyber hygiene requires regular, proactive steps.

Here are the key practices he recommends:

  • Keep Your Software Updated: Vulnerabilities are patched all the time. Don’t skip updates, even when you’re tempted to hit “remind me later” for the 100th time.

  • Use a Password Manager: Strong, unique passwords are critical, and a password manager makes it easy to keep track of them. It’s worth the investment.

  • Enable Multi-Factor Authentication (MFA): One of the simplest and most effective ways to secure your accounts.

Organizations should take it further, with well-defined playbooks and adherence to standards like NIST or ISO. Dr. Ford also emphasized the importance of knowing what to do and actually doing it. Many organizations have plans but don’t execute them.

Financial Literacy Needs Cyber Literacy

Jovia Financial Credit Union, where Dr. Ford works, is all about helping people. But these days, financial literacy isn’t complete without cyber literacy. Digital transactions are now the norm—Venmo, Zelle, virtual credit cards—and that means new scams are always around the corner.

“We see people lose their life savings because they didn’t know how to protect themselves,” Dr. Ford shared. His team works with schools and universities to educate people on basic cyber hygiene. It’s a mission born out of necessity, not just altruism.

Changing the Rules of the Game

Let’s be honest: cybersecurity can feel overwhelming. Dr. Ford compared it to the Kobayashi Maru, the infamous no-win scenario from Star Trek. His advice? Change the rules.

Instead of trying to stop every attack, focus on detecting breaches faster and limiting the damage. The industry average for detecting a breach is 192 days. Imagine cutting that to just 30 days or even two weeks. That’s a game-changer.

“We know we’re going to get breached,” Dr. Ford said. “The question is, how quickly can we identify it and contain it?”

The Problem With Silence

When breaches happen, they’re often shrouded in secrecy. Lawyers get involved, and organizations stay tight-lipped. Dr. Ford sees this as a missed opportunity. If companies openly shared lessons from incidents, others could learn and avoid repeating the same mistakes.

Take the MOVEit breach. Over 5,500 organizations were impacted, but there’s been little public discussion about what went wrong. “We’re dooming ourselves to repeat these mistakes,” Dr. Ford warned.

A case-study approach, where anonymized details of breaches are analyzed, could change that. It’s a simple idea with enormous potential.

A World That Values Cyber Hygiene

Dr. Ford dreams of a world where businesses are rewarded for good cyber hygiene. He envisions consumers choosing companies based on their commitment to security, much like they might prioritize sustainable practices or ethical sourcing.

“Maybe it’s pie in the sky,” he admitted, “but I’d love to see it.”

Let’s Talk About Dave

Make it stand out

Near the end of our chat, we got a little lighter. Dr. Ford and I laughed about a meme where millions of dollars in security software are pitted against “Dave,” the hapless employee who clicks the wrong link. As a member of the Dave club myself, I had to admit, the meme hits close to home. (Thanks, Dave.)

The humor underscored a serious point: cybersecurity is only as strong as its weakest link. That’s why education and training are just as important as technology.

Final Thoughts

The road to better cybersecurity starts with mastering the basics. For individuals, that means MFA, password managers, and staying vigilant. For organizations, it’s about implementing good habits, learning from mistakes, and prioritizing transparency.

Remember, cybersecurity isn’t a battle you win. It’s a game you stay in. And if you can laugh about Dave along the way, all the better.

David Moulton
I guide strategic conversations and drive innovation with my customers. I lead my teams in conceptualizing and designing incredible experiences that solve real problems for businesses. Specialties: Consulting, Strategy, Innovation, Visual Design, Enterprise Software, Mobile, Sales, Multi-Touch & Multi-User Interactive Design, User Interface (UI), User Experience (UX), Customer Experience (CX), Information Architecture, Usability
http://www.davidrmoulton.com
Previous

Are EVs Worth the Hype? My Experience with the Mustang Mach-E
Next

North Korean Hackers Master the Art of Invisibility