Cybersecurity is a journey, not a destination. This mantra has defined much of my career and guides how I approach the challenges of protecting people and organizations in an increasingly digital world. Cybersecurity continues to evolve — I’ve watched the immense transformation over the years — and there has always remained one constant: the basics matter.
When I first entered this field, the threats seemed more localized. Early on, I was captivated by the technical intricacies of securing systems and understanding how they could be broken. But during my time with Homeland Security, my perspective shifted. Cybersecurity became more than a technical challenge, and the stakes were no longer hypothetical or small in scale. Threats became global, and the risks became devastating. It was clear to me then, as it is now, that a solid foundation in cyber hygiene is critical for building resilience.
What Cyber Hygiene Means to Me
Think of cyber hygiene the way you think of personal hygiene. Each day, you follow a routine: brushing your teeth, taking a shower, using deodorant — basic but essential tasks to ensure your health and well-being. Cyber hygiene is no different. It’s about the routine practices and habits that protect your digital assets and identity. For individuals, this might mean using strong passwords or enabling multifactor authentication (MFA). For organizations, it’s about maintaining system updates, managing access controls, and having clear protocols in place.
At Jovia, we’ve embraced the idea that financial literacy and cyber literacy are two sides of the same coin. In today’s world, your assets aren’t just in a wallet; they’re in digital transactions, Venmo payments, and Zelle transfers. Unfortunately, these conveniences come with risks, and I’ve seen far too many people lose their life savings because they didn’t understand the basics of protecting themselves online. Educating our members — and the communities we serve — on cyber hygiene is one of the most impactful ways we can make a difference.
Building Resilience Through Cyber Hygiene
When it comes to organizations, effective cyber hygiene boils down to a few key principles:
- Adopt Multifactor Authentication Everywhere
MFA is one of the simplest and most effective defenses against unauthorized access. Yet, I’m constantly amazed by how often it’s overlooked. If MFA is available, use it — whether for personal accounts like Facebook or for critical systems at your organization. - Use Password Managers
Strong, unique passwords for every account are non-negotiable in today’s threat landscape. A password manager not only simplifies this task but ensures you’re not reusing credentials — a common vulnerability that attackers exploit. - Tighten Email Security
Emails remain one of the primary entry points for attackers. Web gateways and link-checking tools can help, but the goal should be to eliminate risky links from ever reaching users. Teaching employees to avoid clicking on email links isn’t enough; organizations need systems that proactively mitigate these risks.
Emphasize Routine Maintenance
Just as you wouldn’t skip a doctor’s appointment, you shouldn’t ignore regular system updates. Vulnerabilities are patched constantly, and staying up to date is essential for keeping adversaries at bay.
Facing the Inevitable
Despite our best efforts, breaches happen. I’ve said for years the question isn’t whether your organization will be attacked but how quickly you can detect and contain it. It can take several days to detect and respond to an intrusion, sometimes weeks. That’s unacceptable. At Jovia, we aim to identify threats in hours — not weeks or months — and contain them before they escalate.
This proactive mindset stems from what I call “changing the rules” of cybersecurity. In the same way Captain Kirk refused to accept the unwinnable Kobayashi Maru scenario, cybersecurity teams must redefine success. It’s not about preventing every attack — that’s impossible. It’s about minimizing the impact, reducing the time to detection, and responding decisively.
A Call for Greater Transparency
One of my biggest frustrations in this field is the lack of transparency when breaches occur. Too often, organizations handle incidents quietly, under the shadow of legal concerns, which means we, as an industry, fail to learn from these events. Imagine if every breach were treated like an airline crash, with thorough investigations and published findings. The lessons we’d gain could help prevent future incidents. Instead, the same mistakes are repeated because we’re too hesitant to share what went wrong.
Cybersecurity as a Shared Responsibility
Ultimately, cybersecurity is about collaboration. It’s about organizations, vendors, and even customers working together to create a safer digital ecosystem. At Jovia, we integrate third-party risk monitoring and threat intelligence to ensure our vendors meet our security standards. But it’s more than that; it’s about partnerships. When we hear through our intelligence channels that a vendor is being targeted, we act immediately. We reach out to understand the risks and to support mitigation efforts. That’s the kind of proactive, collaborative approach we need across the board.
The battle against cyberthreats can feel overwhelming, but we’re not powerless. By mastering the basics of cyber hygiene and adopting a proactive mindset, we can turn the tide. It starts with curiosity — asking questions, challenging assumptions, and staying ahead of adversaries. It grows through collaboration — within organizations, with partners, and across industries. And it’s sustained by a commitment to resilience to being better tomorrow than we are today. Cybersecurity may be a journey without a final destination, but it’s a journey worth taking.
Want to hear the Threat Vector Podcast featuring Dan? You can listen to it here.
