Cyber hygiene definition
Cyber hygiene refers to the steps that users of computers and other devices can take to improve their online security and maintain system health. Cyber hygiene means adopting a security-centric mindset and habits that help individuals and organizations mitigate potential online breaches. A fundamental principle of cyber hygiene is that it becomes part of everyday routine.
What is cyber hygiene?
Cyber hygiene is about training yourself to form good habits around cybersecurity so that you can stay ahead of cyber threats and online security issues. Cyber hygiene is sometimes compared to personal hygiene – in that both are precautionary processes carried out regularly to ensure health and wellbeing.
Cyber hygiene aims to maintain hardware and software's basic health and security, ensuring they are protected from threats such as malware. Practiced regularly, cyber hygiene helps to keep data safe and secure. As with any habit you want to entrench, cyber hygiene requires routine and repetition.
Building a routine around cyber hygiene will help prevent cybercriminals from causing security breaches or stealing personal information. It will also help you keep up to date with software and operating systems.
As a concept, cyber hygiene has increased in relevance since the Covid-19 pandemic, as more people around the world working remotely led to a rise in cybercrimes.
Common cyber hygiene problems
Some of the problems which cyber hygiene is designed to address include:
- Security breaches – including threats from hackers, phishing, malware, and viruses.
- Data loss – hard drives and online cloud storage which are not backed up can be vulnerable to hacking, corruption, or other issues which could result in losing data.
- Out of date software – which can leave your device more vulnerable to online attacks.
- Older antivirus – security software that isn't kept up to date will be less effective at protecting you against the latest cyber threats.
How can you ensure good cyber hygiene?
There are two critical aspects for cyber hygiene for individuals – developing regular routines or habits and using the right tools. Let’s look at each of these in turn.
Regular routines or habits:
Cyber hygiene isn't a one-off event – it's something that has to be practiced regularly. You can create habits by setting automated reminders or adding dates to your calendars for different tasks. These might include scanning for viruses using antivirus software, changing your passwords, keeping apps, software, and operating systems up to date, and wiping your hard drive. Once you get the hang of cyber hygiene, it becomes part of your regular personal cybersecurity routine.
Using the right tools:
- A network firewall – this prevents unauthorized users from accessing your websites, mail servers, and other sources of information that can be accessed from the internet.
- Data-wiping software – whenever you introduce new software, add on hardware, or modify system files, there is a risk of losing personal data. Using data-wiping software enables you to clear out data you don't need and wipe it clean from the hard drive.
- A password manager – using strong, complex passwords which you change regularly is an important aspect of internet hygiene. Using a password manager can help you to keep track of multiple passwords.
- High-quality antivirus software – which schedules and performs automatic device scans, detects and removes malicious software, and protects you from a range of online threats and security breaches.
Practicing cyber hygiene helps keep your digital environment in good shape, not least because it will ensure you keep programs up to date. Out-of-date programs may have vulnerabilities that hackers can exploit, which means web applications, mobile apps, and operating systems need to be updated regularly to eliminate security issues. Regular updates deliver new software patches to correct flaws. Hardware updates will help prevent performance issues.
Routine antivirus scanning can help prevent issues before they arise. With proper maintenance, digital assets will have protection against persistent online threats. This will also protect files from breaking into fragments, resulting in data loss.
People sometimes wonder how to dispose of old computers safely. If you are selling or getting rid of your desktop, laptop, tablet, or smartphone, it’s important to make sure your personal or sensitive data isn’t passed along as well. It isn’t sufficient to simply delete your personal files or data – you need to reformat and then wipe your hard drive clean. A clean hard drive means you are not passing your personal information along. Lifewire has a helpful guide to wiping hard drives here.
Bear in mind that, as with personal hygiene, you need to practice cyber hygiene regularly for it to be effective.
Use this cyber hygiene checklist to ensure you’re keeping yourself protected
To ensure good cyber hygiene, here is a personal cybersecurity checklist you can use pro-actively to make sure you are following best practices:
Keeping passwords safe and secure
- I avoid using the same password for different accounts
- I change my passwords on a regular basis
- My passwords are at least 12 characters long (and ideally longer)
- My passwords involve a mix of upper- and lower-case letters plus symbols and numbers
- My passwords avoid the obvious - such as using sequential numbers (“1234”) or personal information that someone who knows me might guess, such as my date of birth or a pet’s name
- I change the default passwords on my Internet of Things (IoT) devices
- I avoid writing my passwords down or sharing them with others
- I use a password manager to help generate, store, and manage all my passwords in one secure online account
Using multi-factor authentication
- All my essential accounts – such as email, social media, or banking apps – are protected with multi-factor authentication (MFA) using an app like Google Authenticator or Authy
- I save MFA backup codes in my password manager
Backing up data regularly
- I keep files secure and protect against data loss by backing up essential files offline, either on an external hard drive or in the cloud
- I don't post private information such as my home address, private pictures, phone number, or credit card numbers publicly on social media
- I have reviewed my social media privacy settings and made sure they are set to a level I feel comfortable with
- I avoid quizzes, games, or surveys on social media that ask for sensitive personal information
- I am cautious about the permissions I accept for all the apps I use
- I keep my computer and phone locked with a password or PIN
- I take care not to disclose private information when using public Wi-Fi
- I understand that using a Virtual Private Network or VPN – especially when using public Wi-Fi – helps to maximize my privacy
- I make sure any online transactions I make are via a secure website – where the URL starts with https:// rather than http:// and there is a padlock icon to the left of the address bar
- I share information about online privacy with family and friends to help keep them safe as well
Keeping apps, software, and firmware up to date
- I update apps, web browsers, operating systems, and firmware regularly to make I'm using the latest versions, which have eliminated or patched possible security glitches
- Where possible, I have set up features to ensure automatic software updates
- I delete apps I no longer use
- I only download apps from reputable or official sources
- I have changed the default name of my home Wi-Fi
- I have changed my router’s username and password
- I keep firmware up to date
- I have disabled remote access, Universal Plug and Play, and Wi-Fi Protected Set-up
- I have set up a separate network for guests to use
- I have made sure that my router offers WPA2 or WPA3 encryption to protect the privacy of information sent via my network
Avoiding social engineering attacks
- I avoid clicking on suspicious links or links I am not sure of
- I avoid opening emails that look suspicious
- I avoid downloading suspicious attachments from emails or text messages I am not expecting
- I don't click on ads that promise free money, prizes, or discounts
Using network firewalls
- I use a firewall to prevent malicious software from accessing my computer or network via the internet
- I ensure my firewall is correctly configured
- I encrypt devices and other media which contain sensitive data – including laptops, tablets, smartphones, removable drives, backup tapes, and cloud storage
Wiping hard drives
- Before I dispose of or sell a computer, tablet, or smartphone, I make sure I wipe the hard drive clean to prevent any personal information from being accessed by others
Ensuring high-quality antivirus protection
- I use high-quality antivirus software that scans for and removes computer viruses and other malicious software
- I keep my antivirus software up to date
Ultimately, cyber hygiene means developing a protective routine to keep your personal and financial information secure when using your computer or mobile device. Using strong passwords and changing them regularly, keeping software and operating systems up to date, wiping hard drives, and using a comprehensive antivirus like Kaspersky Total Security will help you stay ahead of the latest cyber threats.