A Guide to Successful Cyber Hygiene
Admittedly, when you hear the term cyber hygiene for the first time you probably have one of two reactions: 1) You have a sudden urge to disinfect your keyboard and mouse, or 2) personal hygiene habits come to mind.
In truth, it’s closer to the latter. Cyber hygiene generally refers to the steps that computer/device users take to maintain system health and data security. The word hygiene infers the need for habits or a routine to help prevent infection and maintain wellness. Much like your personal hygiene regime serves to keep your body healthy over time, a cyber hygiene routine is designed to preserve the health of your technology systems through repeated security best practices.
Why Cyber Hygiene is Important
Unfortunately, the criminals who want to hack your devices or steal your data can be pretty clever and quite relentless. They will come at you and your devices in a variety of ways and on many occasions. It’s not enough to perform one-off security measures as they will only prevent breaches for so long. It’s best to form secure habits that you live by so that your data protection measures become a way of life. That’s where a solid cyber hygiene routine comes in.
Vigilance is Key
The expression “An ounce of prevention is worth a pound of cure” applies mightily when it comes to cybersecurity. For example, just taking a few extra minutes to observe a safe-browsing best practice can be the difference between securing your data or being a victim of identity theft. Did you know that 40% of consumers worldwide have been targets of ID theft at least once? That’s nearly half of all the world’s consumers. The odds are you or someone in your family has been a target as well.
Fortunately, there are many cybercrime prevention methods available to help protect you and yours from malicious actors. You just have to be willing to form the right habits. Below we list a few recommendations for your cyber hygiene regimen.
The internet is such an embedded part of our lives now that it’s easy to get complacent about basic security measures. There are important safety practices you need to remember even when doing something as simple as browsing the internet.
Check site security – When visiting a website, check the URL to ensure it begins with HTTPS instead of HTTP. The ‘S’ in HTTPS stands for ‘secure’. It means that settings are in place to help ensure the communications between your browser and the web page are encrypted. Additionally, there are icons that display to the left of the URL in your browser. If you see a padlock, that indicates the site is secure. If you see an information mark, a red exclamation point, or a crossed-out padlock, then the site isn’t secure. Use caution when navigating or providing any personal data on the site.
Use the right browser and security settings – These days most people use one of the mainstream browsers, including Microsoft Edge, Google Chrome, Safari, or Firefox. These browsers are designed with antimalware protection. Be sure the security settings are configured to provide safe browsing as well. You can find your security options under Settings> Advanced>Privacy and security in Chrome and most browsers. We recommend you enable the following:
- “Ask when a site tries to download files” in the Automatic downloads settings
- “Ask before accessing” feature in the Camera settings
- “Ask before accessing” feature in the Microphone settings
- “Ask before accessing” feature in the Location settings
- “Ask before sending” feature in the Notifications settings
These selections will help you have more control and decrease the amount of automatic actions that occur when accessing certain sites.
Protect your IP Address
Your Internet Protocol (IP) address is the unique numerical label that identifies your online activity and device. It plays an important role in how your computer/phone/tablet connects with the internet. Because it is a crucial part of your connectivity, it is also a target for malicious actors. They can use your IP address to access your data or to infect your device with malware.
Additionally, IP addresses make it possible for Internet Service Providers (ISPs) to track your browsing activities. They use this information to tailor search results to your profile and to create targeted ads. If you don’t want this kind of tracking and targeting, it’s best to protect your IP address by connecting to the internet safely.
Attackers often use free, public WIFI to grab IP addresses. Therefore, if you are going to use public WIFI, you need to take extra precautions. A Virtual Private Network (VPN) can help protect your device when using unsecured internet access. A VPN not only hides your personal IP address, it encrypts your data, protecting your information and all of your online activities.
Install and maintain antivirus and antimalware software — Antivirus and antimalware software protect your computer from viruses and other malicious programs. Prevention software can be quite effective if kept up to date. The challenge is that attackers continue to develop new and different methods. Therefore, antivirus/antimalware programs need regular updates to ensure they are operating with the latest information about known threats. It is recommended to set your antivirus and antimalware programs to automatically check for updates at least once a day. This can be automated via the software’s settings so that you don’t have to manually check. However, a reboot is often required to set the update in motion, so it’s good to shut your system down at the end of each day and allow updates to run upon restart.
Use limited personal information – Be conscious of the amount of information you share when setting up an online account, especially for social media. Often you can start a social media account with the minimum amount of information such as your name and email. You can usually leave your birthday and other personal information blank. Additionally, be mindful of what you post. Cybercriminals can learn a lot from what you share. This includes the names of your pets and children and other personal data that many people often used in passwords. It’s also best not to broadcast your comings and goings, such as announcing you are leaving for vacation. Be wise and wait to post those photos until you get back.
Social logins – Social logins give you the option of logging into a new online account without creating new credentials. They often appear in the form of “log in using Facebook” or similar.
While the convenience can be tempting, it is really not worth the risk. Social logins are just a form of password reuse, which is poor security practice. Having the same password for multiple sites just extends a cybercriminal’s hacking potential.
And speaking of passwords…You’ve heard it before that proper password protocol is essential when it comes to safeguarding your devices and information. There are a few rules to live by if you want to ensure your passwords are effective.
Do not reuse passwords – It’s the same principal as not putting all of your eggs in one basket. If one of your passwords is successfully hacked, the attackers will try to use that password on all of your systems to try to infiltrate as many areas as possible. If you use the same password in multiple places, then you are expanding the potential breadth of an attack.
Do not use personal information – We get it. There are so many passwords used these days that you just want something easy to remember. Unfortunately, if it’s easy for you, it’s probably simple for malicious actors to figure out. Attackers can mine your social media presence, or even publicly available files to uncover the names of your family and friends. Using your kid’s names, favorite pet’s name, or other favorite defaults makes it easy for attackers to guess your password simply with a little research and by process of elimination.
Do not share passwords – Contrary to the popular adage, sharing is not caring when it comes to passwords. Any system can be hacked, even those you keep within the family. Of course, you might be more apt to do this in a corporate setting, but that is equally frowned upon and can bring harm to you and your organization.
Embrace password tech – Your password woes are not unique. Fortunately some of the world’s technical minds have developed solutions that can help users manage. There are many password managers available that will not only help you keep track of and remember your passwords, but many will help you craft secure passwords as well.
One of the best ways to ensure good cyber hygiene is by keeping your device backed up and up to date. Below are a few more security habits to include in your cyber hygiene routine.
- Perform regular data backups – Be sure you store backups in separate locations from your original.
- Use data wiping software – When disposing of a device, be sure you have cleaned all personal data from the hard drive.
- Shutdown and restart your device regularly – This will trigger automatic patches and updates.
- Set updates to occur automatically – Ensure that when your device is due for an update that it will be performed automatically. You can do this in the settings of your computer or mobile device.
Cyber Hygiene Tips Summary
- Ensure proper security settings within your browser(s)
- Check website security before you click
- Protect your IP address with a VPN
- Install antivirus and antimalware and update them regularly
- Don’t overshare information on social media
- Don’t use social login shortcuts (“login with Facebook”)
- Practice proper password protocol
- Back up your data
- Wipe devices you are no longer using
- Set updates to run automatically
- Restart regularly