While there is a limit as to how much, and to what degree basic hygiene can protect us, there is plenty of evidence that the benefits from practicing it surpass the mildly annoying “tirade” of everyday handwashing, disinfecting, showering, and other routines that are basically, that – routines. Why is the “cyber world” then, somehow associated with basic, common sense practices like, teeth-brushing, and hand-washing?
Cyber hygiene, or cybersecurity hygiene, refers to the process of employing basic, everyday steps and practices when using technology, akin to basic hygiene in terms of public health. Cyber hygiene means incorporating certain steps in your everyday life, and basically following the best practices advised by cybersecurity experts and relevant institutions and organizations. These simple steps are akin hand-washing, or brushing your teeth: doing regular password changes on your online accounts and logging out (and deleting) unused accounts and services, should be your “second nature”.
There is no strict definition what comprises a complete cyber-hygiene practice, though, many institutions (such as ENISA, the European Union’s Agency for Cybersecurity, or CISA, the US Cybersecurity and Infrastructure Security Agency) advocate about the importance of employing basic cyber hygiene, both in our private lives, but in the business and public sector as well.
So, what are some common, easy-to-learn-and-master cyber hygiene steps and practices, which you can start implementing right away? Here are five basic habits, aimed at private users, but that could also be used in a small-medium business setting as well. Keep in mind that, just as in personal hygiene, cyber hygiene can (and will!) help protect you from various common viruses, “bacteria”, and other threats, yet it does not replace a fully customized cybersecurity programme, which would include both, cyber hygiene practices, and the “antidote” as well, just in case you do get infected.
1. Empty your trashcan(s) – delete unnecessary software, old backups.
Old groceries don’t just start smelling back after a while: they become a vector for disease spreading if left unattended. Broadly speaking, this also applies to old backups, and “dormant” software which just stays around on our PCs, laptops or phones. While old backups are generally safe (especially if properly encrypted), once there is no actual need or use for them, it is best they are deleted. If a data breach targeting your backups occurs (if they are cloud-based), they could potentially provide enough information for your current systems and user accounts that can amplify the damage significantly.
Likewise, unused software (especially on PCs) is, generally speaking, safe to be left unattended – however, there have been cases where hackers were exploiting older security flaws in outdated software, and gained access to the system in this manner. So, it is best to simply log out, and delete any local copies of files and software that you are definitely not using anymore.
2. Stock up your home medicine cabinet – set-up a backup schedule and mechanism.
It is considered good practice in most parts of the world, to always have some sort of stock of common antibiotics, anti-inflammatory and other medicine in your home. So, such should be your practice when it comes to cyber health as well – maintaining a healthy schedule for regular backups, whether that backup is done over a cloud (semi-automated) service, or the old school way – USB sticks, DVD disks, and so on, is rather secondary – the most important part is that you choose a backup plan that suits your needs.
So, the next time your private data is breached online, or your laptop hijacked by ransomware, make sure you have a “healthy” stock of recent backups, which could potentially minimize the damage, and can mean the difference between a full blown crisis, or a rather tedious restore process.
3. Air out and clean your doors and windows– change your passwords and PINS, and do it often.
Bacteria and other pathogens need proper “airing out” once in a while from our workspace, living room, or – our PCs and devices! Next, as the windows of our flat are our “eyes” for the outside world, so are our public profiles and comments on forums and browsing history.
Keeping the same passwords for month and years on end, could potentially prove fatal to our digital identity – so, a proper “airing out” of our old, unused (and in many cases, interconnected) accounts, is one of the simplest steps we can undertake to prevent unauthorized access and misuse of our private data.
Make sure you update your PINs as well – not to mention the all-important back-up and restore e-mail accounts (are you still using one of those?). Associated phone numbers or devices, that are used for proving your identity, in case of you need to verify it with your service provider, should also be updated once-in-a-while, especially in cases of hardware upgrade on your end.
4. Wash your hands and feet – start using MFA/2FA and appropriate browser extensions.
The all-important handwashing – it’s become somewhat of a ritual this past year, as millions of people around the world were carefully following WHO’s guidelines for proper handwashing technique in order to protect themselves from covid19.
A simple analogy for our cyber hygiene would be to start using MFA or 2FA of any kind, in your everyday private and professional life. MFA stands for “multi-factor authentication”, and 2FA means – two-factor authentication. Basically, these aim to protect your accounts from unverified access, by adding another layer of security – in that, you need to “prove” it is really you that is trying to log in, with (at least) two separate ways. Usually, 2FA is paired with an authenticator app for your phone, which will provide a timed-based PIN or password, which the service or platform will ask of you, right after you (successfully) enter your usual log in password for that account.
Another way is to carry a USB-style token: these are usually small, key-like devices, that hold encrypted information (“keys”) on them, which, when inserted into a USB slot on your laptop for example, almost instantly and automatically “match” with the platforms you are trying to access, and after the security check is passed, you will have successfully logged in into your account.
2FA and MFA are very “healthy” habits when it comes to cyber security – employing them on an everyday basis could thwart potentially dangerous attacks, while providing you with a rather simple and inexpensive way of protecting your accounts from unauthorised access.
5. Transform your regular spring-cleaning into cyber spring cleaning.
Most people are already familiar with the famous home “spring cleaning” ritual, when homeowners, usually during a warm spring weekend, take time to properly clean their homes. This kind of deep and thorough cleaning of our homes, which a lot of people practice in-tandem with relatives, friends, or even neighbors, can be upgraded and improved upon.
The idea behind a deep “cyber spring cleaning” is that, while regular check-ups and day-to-day basic cyber hygiene activities could prove enough protection for most people, it is probably a good idea to devote several hours, maybe even a day or two per year, where our focus will be a sort of “deep cleaning” of our digital footprints, securing important data/backups, and general patching and maintenance of software and even OS currently in use.
Depending on available time, there are many activities one can undertake in this sense: starting with the most obvious, a round of password updates, for most (if not all) of our accounts. Then, securing our backed up data (including deleting unnecessary copies), and properly encrypting our removable storage devices. With some practice and patience, many of these activities could be done in parallel: for example, one could setup an automated, systematic cloud-based backup, and work on renewing passwords for all accounts using the phone.
Finally, a security check-up on our devices, especially unassuming ones such as our smart fridge, smart doorbell, and so on, could prove a valuable addition to our already “healthy” stack of cyber hygiene steps and activities that will significantly increase our cyber-security.
If you're interested in that topic check out Hive Mind podcast about Digital Well-being by Jakub Górnicki & Kamil Śliwowski