What is Cyber Hygiene? A Definition of Cyber Hygiene, Benefits, Best Practices, and More
Learn about cyber hygiene in Data Protection 101, our series on the fundamentals of information security.
Cyber hygiene is often compared to personal hygiene. Much like an individual engages in certain personal hygiene practices to maintain good health and well-being, cyber hygiene practices can keep data safe and well-protected. In turn, this aids in maintaining properly functioning devices by protecting them from outside attacks, such as malware, which can hinder functionality. Cyber hygiene relates to the practices and precautions users take with the aim of keeping sensitive data organized, safe, and secure from theft and outside attacks.
Definition of Cyber Hygiene
Cyber hygiene is a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted. Much like physical hygiene, cyber hygiene is regularly conducted to ward off natural deterioration and common threats.
Benefits of Cyber Hygiene
Having a routine cyber hygiene procedure in place for your computers and software is beneficial for two distinct reasons – maintenance and security.
Maintenance is necessary for computers and software to run at peak efficiency. Files become fragmented and programs become outdated, increasing the risk of vulnerabilities. Routines that include maintenance are likely to spot many of these issues early and prevent serious issues from occurring. A system that is well-maintained is less likely to be vulnerable to cybersecurity risks.
Security is perhaps the most important reason to incorporate a cyber hygiene routine. Hackers, identity thieves, advanced viruses, and intelligent malware are all part of the hostile threat landscape. While predicting threats can be challenging, preparing and preventing them becomes feasible with sound cyber hygiene practices.
Common Cyber Hygiene Problems
Enterprises often have multiple elements in need of cyber hygiene. All hardware (computers, phones, connected devices), software programs, and online applications used should be included in a regular, ongoing maintenance program. Each of these systems have specific vulnerabilities that can lead to different problems. Some of these problems include:
- Loss of Data: Hard drives and online cloud storage that isn’t backed up or maintained is vulnerable to hacking, corruption, and other problems that could result in the loss of information.
- Misplaced Data: Poor cyber hygiene could mean losing data in other ways. The information may not be corrupted or gone for good, but with so many places to store data, misplacing files is becoming increasingly commonplace in the modern enterprise.
- Security Breach: There are constant and immediate threats to all enterprise data. Phishing, hackers, malware, spam, viruses, and a variety of other threats exist in the modern threat landscape, which is constantly in a state of flux.
- Out of Date Software: Software applications should be updated regularly, ensuring that the latest security patches and most current versions are in use across the enterprise – for all applications. Out of date software is more vulnerable to attacks and malware.
- Older Security Software: Antivirus software and other security software must be updated continuously to keep pace with the ever-changing threat landscape. Outdated security software – even software that has gone a few months without an update – can’t protect the enterprise against the latest threats.
Best Practices: A Cyber Hygiene Checklist
While there are numerous threats and multiple vulnerabilities with each piece of the digital puzzle, creating a cyber hygiene routine isn’t as difficult as it may seem. A few key practices implemented regularly can dramatically improve the security of any system.
Document All Current Equipment and Programs
All hardware, software, and online applications will need to be documented. Start by creating a list of these three components:
Hardware: Computers, connected devices (i.e. printers, fax machines), and mobile devices (i.e. smartphones, tablets).
Software: All programs, used by everyone on a particular network, are installed directly onto computers.
Applications: Web apps (i.e. Dropbox, Google Drive), applications on phones and tablets, and any other program that isn’t directly installed on devices.
Analyze the List of Equipment and Programs
After creating a comprehensive list of all cyber-facing components, you can begin to scrutinize the list and find vulnerabilities. Unused equipment should be wiped and disposed of properly. Software and apps that are not current should be updated and all user passwords should be changed. If the programs aren’t in regular use, they should be properly uninstalled. Certain software programs and apps should be chosen to be the dedicated choice for certain functions for all users. For instance, if both Google Drive and Dropbox are being used for file storage, one should be deemed primary and the other used as a backup or deleted.
Create A Common Cyber Hygiene Policy
The newly clarified network of devices and programs will need a common set of practices to maintain cyber hygiene. If there are multiple users, these practices should be documented into a set policy to be followed by all who have access to the network.
Here are typical items that should be included in a cyber hygiene policy:
- Password Changes: Complex passwords changed regularly can prevent many malicious activities and protect cyber security.
- Software Updates: Updating the software you use, or perhaps getting better versions should be a part of your regular hygienic review.
- Hardware Updates: Older computers and smartphones may need to be updated to maintain performance and prevent issues.
- Manage New Installs: Every new install should be done properly and documented to keep an updated inventory of all hardware and software.
- Limit Users: Only those who need admin-level access to programs should have access. Other users should have limited capabilities.
- Back Up Data: All data should be backed up to a secondary source (i.e. hard drive, cloud storage). This will ensure its safety in the event of a breach or malfunction.
- Employ a Cyber Security Framework: Businesses may want to review and implement a more advanced system (e.g. the NIST framework) to ensure security.
Once the policy is created, the routine for each item should be set to appropriate timeframes. For instance, changing passwords every 30 days or checking for updates at least once per week could be set in place. Doing so will ensure the continued cyber hygiene of your entire network of hardware and software.
Developing comprehensive cyber hygiene procedures is a must for today’s enterprises. When carried out in conjunction with robust, enterprise-wide security practices, sound cyber hygiene practices aid in maintaining a sound security posture for modern organizations.
Frequently Asked Questions
What are the rules of cyber hygiene?
Companies use the following rules to promote robust cyber hygiene.
- Identify and inventory every device and application in the environment that can present hackers with an attack surface.
- Prioritize the devices and applications that present the greatest risk to the organization based on data sensitivity and accessibility.
- Harden all data resources and systems by implementing end-to-end encryption, multi-factor authentication, and password policies.
- Implement patch and vulnerability management to ensure the latest security patches are installed on all devices and software.
- Develop a backup policy that ensures all systems are protected against data loss or theft.
- Train everyone in the organization on the importance of protecting data and how to identify threats.
What are examples of good cyber hygiene?
Examples of good cyber hygiene include:
- Instituting a policy of regularly changing passwords to increase security.
- Configuring firewalls to prohibit outside entities from accessing data resources.
- Encrypting data at all stages to maintain its privacy in the event of data loss.
- Backing up data regularly so critical systems can quickly be recovered.
What is a cyber hygiene checklist?
A robust cyber hygiene checklist should include the following steps and components.
- Document all existing IT resources. This includes hardware, software, and applications.
- Analyze the list of IT resources to determine if vulnerabilities exist. Unused resources should be sunset and removed from the infrastructure. In situations where multiple solutions are used for similar purposes, decisions should be made to consolidate on the most efficient option.
- Create a cyber hygiene policy that includes these elements:
- Changing passwords regularly to enhance cybersecurity.
- Updating software to ensure the most secure versions are in use.
- Updating hardware to maintain performance and prevent problems.
- Managing new hardware and software installs.
- Limiting user access to data resources.
- Ensuring all data is regularly backed up.
- Employing a cybersecurity framework such as ISO 27001.
What are the common cyber hygiene problems?
Some common cyber hygiene problems are:
- Data loss caused by faulty storage devices that were not backed up, corruption, or theft by hackers or malicious insiders.
- Misplaced data that has not been lost but cannot be located due to the complexity of modern infrastructures.
- Security breaches, malware, and other external threats to data resources.
- Obsolete applications and security software that may contain vulnerabilities.
What's the first step in cyber hygiene?
The first step in cyber hygiene is to document all of an organization’s IT resources. This includes all hardware components, installed software programs, and web or cloud-based applications used throughout the organization. Listing all resources provides a baseline for analysis of the current IT environment.
Guide: The 5 Steps To Effective Data Protection
Learn the 5 steps to implementing effective data protection within your organization, and detail how data classification can enhance previously implemented tools, such as data loss prevention tools (DLP), data discovery tools, data governance tools, and more.