This year i have attended quite a few sessions about cyber security, and noticed a recurring medical analogy about practicing good “cyber security hygiene”. I get the gist of the cyber security hygiene point but was intrigued by the origins and history behind it. Here is what i found:
Washing Your Hands Saves Lives:
To cut a long story short, in the 1840s Dr. Semmelweis observed 2 maternity clinics at the Vienna General Hospital. One was run by doctors and medical students, and the other by midwives. The clinic run by doctors and medical students had a death rate almost 5 times higher than the clinic run by the midwives.
Dr. Semmelweis was unable to explain the disparity until he learned of the death of his close friend. His friend, a doctor, had been pricked by a students scalpel during an autopsy (conducted only by medical students and doctors) and suffered the same symptoms as the mothers at the maternity clinic run by doctors and medical students.
This led Dr. Semmelweis to conclude that the cadaverous particles (harmful bacteria from corpses) that the doctors and medical students were being exposed to, during autopsies, were being transferred (by the very same doctors and students) to new mothers during childbirth and resulting in their unfortunate deaths.
So, Dr. Semmelweis implemented a policy of mandatory hand washing (and instrument cleaning) using a chlorinated lime solution (to get rid of the bad smell). The results were instant. In the first three months the death rate fell from 1 in 10, to 1 in 100.
A Bit of Common Sense:
You’d think that the simple action of washing your hands and the dramatic impact it has on saving lives would present a compelling argument. But it didn’t, Dr. Semmelweis was met with a lot of resistance.
- The main reason was because the suggestion that doctors were in fact the very reason for the deaths of their own patients
- Also, the way in which Dr. Semmelweis conveyed his message to the medical community resulted in a lot of opposition
Over time the practice of hand washing gained universal acceptance in the medical community. But as we all know from time to time, even today we still unfortunately hear about viruses at hospitals that arise due to bad hygiene. Reasons why hand washing still does not always happen include:
- Being too busy
- The hand washing solution is not being topped up and runs out
- The hand washing facility is located in a inconvenient place
Cyber Security Hygiene: Small and Simple Changes have BIG Impacts
Fast forward to today and cyber-security and all of the above sounds all too familiar, eh?
“My medical friends tell me that it is possible to drastically reduce deadly hospital infections if doctors wash their hands for two minutes before operating. And yet only half of them do. These are doctors, they know the facts, real people are dying, and still they don’t comply”.
Examples of cyber security hygiene include:
- Data encryption
- Ensuring security software / firewalls / anti-virus software are all update to date
- Staff education and regular training
- Multi-factor authentication
- Ensuring appropriate segregation of duties and roles within systems and processes
- Implementing strong password rules
- Method - The Dirty History of Doctors’ Hands
- NPR - The Doctor Who Championed Hand-Washing And Briefly Saved Lives
- Guardian - This article will make you want to wash your hands
- Explorable - Semmelweis’ Germ Theory
- PBS - In 1850, Ignaz Semmelweis saved lives with three words: wash your hands
- Finextra - SOFE Berlin: Cyber security and innovation take centre stage
- PC World - Swift CEO reveals three more failed attacks on banking network