Learn about cyber hygiene in Data Protection 101, our series on the fundamentals of information security.
Cyber hygiene is often compared to personal hygiene. Much like an individual engages in certain personal hygiene practices to maintain good health and well-being, cyber hygiene practices can keep data safe and well-protected. In turn, this aids in maintaining properly functioning devices by protecting them from outside attacks, such as malware, which can hinder functionality. Cyber hygiene relates to the practices and precautions users take with the aim of keeping sensitive data organized, safe, and secure from theft and outside attacks.
Definition of Cyber Hygiene
Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted. Much like physical hygiene, cyber hygiene is regularly conducted to ward off natural deterioration and common threats.
Benefits of Cyber Hygiene
Having a routine cyber hygiene procedure in place for your computers and software is beneficial for two distinct reasons – maintenance and security.
Maintenance is necessary for computers and software to run at peak efficiency. Files become fragmented and programs become outdated, increasing the risk of vulnerabilities. Routines that include maintenance are likely to spot many of these issues early and prevent serious issues from occurring. A system that is well-maintained is less likely to be vulnerable to cybersecurity risks.
Security is perhaps the most important reason to incorporate a cyber hygiene routine. Hackers, identity thieves, advanced viruses, and intelligent malware are all part of the hostile threat landscape. While predicting threats can be challenging, preparing and preventing them becomes feasible with sound cyber hygiene practices.
Common Cyber Hygiene Problems
Enterprises often have multiple elements in need of cyber hygiene. All hardware (computers, phones, connected devices), software programs, and online applications used should be included in a regular, ongoing maintenance program. Each of these systems have specific vulnerabilities that can lead to different problems. Some of these problems include:
● Loss of Data: Hard drives and online cloud storage that isn’t backed up or maintained is vulnerable to hacking, corruption, and other problems that could result in the loss of information.
● Misplaced Data: Poor cyber hygiene could mean losing data in other ways. The information may not be corrupted or gone for good, but with so many places to store data, misplacing files is becoming increasingly commonplace in the modern enterprise.
● Security Breach: There are constant and immediate threats to all enterprise data. Phishing, hackers, malware, spam, viruses, and a variety of other threats exist in the modern threat landscape, which is constantly in a state of flux.
● Out of Date Software: Software applications should be updated regularly, ensuring that the latest security patches and most current versions are in use across the enterprise – for all applications. Out of date software is more vulnerable to attacks and malware.
● Older Security Software: Antivirus software and other security software must be updated continuously to keep pace with the ever-changing threat landscape. Outdated security software – even software that has gone a few months without an update – can’t protect the enterprise against the latest threats.
Best Practices: A Cyber Hygiene Checklist
While there are numerous threats and multiple vulnerabilities with each piece of the digital puzzle, creating a cyber hygiene routine isn’t as difficult as it may seem. A few key practices implemented regularly can dramatically improve the security of any system.
Document All Current Equipment and Programs
All hardware, software, and online applications will need to be documented. Start by creating a list of these three components:
Hardware: Computers, connected devices (i.e. printers, fax machines), and mobile devices (i.e. smartphones, tablets).
Software: All programs, used by everyone on a particular network, that are installed directly onto computers.
Applications: Web apps (i.e. Dropbox, Google Drive), applications on phones and tablets, and any other program that isn’t directly installed on devices.
Analyze the List of Equipment and Programs
After creating a comprehensive list of all cyber-facing components, you can begin to scrutinize the list and find vulnerabilities. Unused equipment should be wiped and disposed of properly. Software and apps that are not current should be updated and all user passwords should be changed. If the programs aren’t in regular use, they should be properly uninstalled. Certain software programs and apps should be chosen to be the dedicated choice for certain functions for all users. For instance, if both Google Drive and Dropbox are being used for file storage, one should be deemed primary and the other used as backup or deleted.
Create A Common Cyber Hygiene Policy
The newly clarified network of devices and programs will need a common set of practices to maintain cyber hygiene. If there are multiple users, these practices should be documented into a set policy to be followed by all who have access to the network.
Here are typical items that should be included into a cyber hygiene policy:
● Password Changes: Complex passwords changed regularly can prevent many malicious activities and protect cyber security.
● Software Updates: Updating the software you use, or perhaps getting better versions should be a part of your regular hygienic review.
● Hardware Updates: Older computers and smartphones may need to be updated to maintain performance and prevent issues.
● Manage New Installs: Every new install should be done properly and documented to keep an updated inventory of all hardware and software.
● Limit Users: Only those who need admin-level access to programs should have access. Other users should have limited capabilities.
● Back Up Data: All data should be backed up to a secondary source (i.e. hard drive, cloud storage). This will ensure its safety in the event of a breach or malfunction.
● Employ a Cyber Security Framework: Businesses may want to review and implement a more advanced system (e.g. the NIST framework) to ensure security.
Once the policy is created, the routine for each item should be set to appropriate timeframes. For instance, changing passwords every 30 days or check for updates at least once per week could be set in place. Doing so will ensure the continued cyber hygiene of your entire network of hardware and software.
Developing comprehensive cyber hygiene procedures is a must for today’s enterprises. When carried out in conjunction with robust, enterprise-wide security practices, sound cyber hygiene practices aid in maintaining a sound security posture for modern organizations.