Cyber hygiene is the cybersecurity equivalent to the idea of personal hygiene. Applying good cyber hygiene practices, every day, is the only way to assure your business isn’t identified as “digitally unclean” and therefore a risk to customers and business partners.
But what is cyber hygiene?
The idea of cyber hygiene can be traced back to internet pioneer Vinton Cerf, who coined the term in his statement to the U.S. Congress Joint Economic Committee in 2000. A good cyber hygiene routine helps organizations to create a strong security posture and prevent cybercriminals from causing security breaches and stealing personal information. It protects systems from malware and hackers.
Basic cyber hygiene also helps businesses to maximize their hardware and software efficiency and to reduce the risk of exploitable vulnerabilities and improve existing functionality.
What Is Bad Cyber Hygiene?
First, consider some statistics:
- 54% of employees admitted to using the same passwords across multiple walk accounts.
- 41% of business owners and 32 percent of C-level executives still write down their passwords to remember them.
- 42% of employees use their work devices for personal use.
- Only 55% of people are vigilant about cybersecurity when working from home.
All the above are examples of poor cyber hygiene.
Bad cyber hygiene happens when a business doesn’t follow proven cybersecurity practices to maintain the basic security of its hardware and software. For example, many business leaders continue using outdated software, despite knowing that software applications must have security patches applied periodically to prevent known vulnerabilities. This lack of patching exposes the business to cyberattacks and data breaches.
Types of Cyber Hygiene Protection
Let’s review the different ways leaders can embrace better cyber hygiene.
Invest in the Right Tools
In the same way that you need a toothbrush to brush your teeth, you need the right tools to maintain cyber hygiene. Without the right solutions, your personal information can be at risk without you even realizing it.
Start by using reputable antivirus and malware software, strong password protection, and a network firewall to protect personal data stored on your devices. Always make sure that software and devices come from a reputable source before installing anything on your computer or network.
Ensure Secure Authentication and Access
If you have a global workforce, closely govern the access employees have to your systems. Assure that only authorized users access your system, and outsiders are excluded.
This involves working with existing authentication services to improve access control. Consider using multi-factor authentication digital certificates to start and strengthen network security.
Regular Logging and Monitoring
Know who has accessed your systems, what they do on your network, and why. Have your IT department track all activities so technicians can retrace any steps in case of a data breach.
Maintain a detailed log of every action with logging tools. While you’re using these tools, be on the lookout for authentication, authorization, access points, network flow, and any other data points so that employees can evaluate them adequately. Alternatively, you can set alerts for these items.
Verify Endpoint Protection
Using and improving standard endpoint controls is a critical part of maintaining cyber hygiene, especially if your workforce works on Windows. Always test the backup recovery of files and data to ensure successful recovery in the event of a crisis.
Make Cyber Hygiene Maintenance a Part of Your Routine
Learning how to monitor cybersecurity can help you avoid cyber threats. But if you want to make best practices stick, you need routine and repetition.
For example, set an alarm or mark a calendar with dates to address your daily cybersecurity tasks. This can include scanning for viruses with antivirus software, checking for security patches, changing passwords, and updating the operating system of all your devices.
Once you and your employees get the hang of cyber hygiene, and understand how to weave it into daily routines, it will soon become second nature.
Creating Your Business Cyber Hygiene Policy
Now let’s address the best practices for creating a cyber hygiene policy.
Document All Current Equipment and Programs
Create a complete list of all the three components of your organization: hardware, software, and online applications.
- Hardware: Computers, laptops, connected devices like fax machines and printers, and mobile devices and tablets
- Software: Programs used by users on a specific network that is installed directly onto computers
- Online applications: Web apps (Google Drive, Dropbox), phone and tablet apps, and any other program that isn’t directly installed on devices
Analyze Your Equipment and Program List
Scrutinize the list of equipment and programs to find vulnerabilities. Make sure all unused equipment is wiped clean and disposed of properly and all software and apps are up to date. Encourage employees to change their passwords regularly as well.
If you have programs that aren’t in regular use, uninstall them properly. Also, choose certain software programs and apps to be the dedicated choice for specific functions across your organization. For instance, if you use both Google Drive and Dropbox for file storage, make one of the platforms primary and the other backup.
Develop a Common Cyber Hygiene Policy
Once you create a newly clarified network of devices and programs, you’ll need a common set of practices to maintain regular cyber hygiene. If there are multiple users, these practices should be documented into a set policy to be followed by all who have access to your systems.
Here’s a list of recommended items that should be included in a good cyber hygiene policy:
- Password changes: Requiring complex passwords and changing them regularly is a strong first-line defense against security attacks and malicious activities.
- Software and hardware updates: Updating the software you use (or perhaps getting better versions) should be a part of your regular hygiene review. Even your older computers and smartphones should be updated to maintain consistent performance and present issues.
- Data backup: All data should be backed up to a secondary source (such as cloud storage or a hard drive) to assure safety in the event of a malfunction or breach.
- Manage new installs: Every new install should be carried out properly and documented to maintain an up-to-date inventory of all hardware and software.
- Cybersecurity framework implementation: Businesses can use a framework to review and implement a more advanced system for better security. You can also create a similar framework according to your organizational requirements (including regulatory obligations) and preferences.
Integrate ZenRisk Into Your Cyber Risk Plans
Reciprocity ZenRisk can help streamline your cybersecurity strategies across diverse industries and provide greater visibility across your organization, helping you stay ahead of ever-evolving security threats.
Use it to address enterprise risk management (ERM) and cybersecurity risks across vulnerabilities, threats, and incidents and expose compliance-related risks with intuitive and automated alerts and workflows to remediate risks with real-time updates.
To understand how to better manage risks and mitigate business exposure, schedule a free demo today.