Hackers, identity thieves, advanced viruses, and intelligent malware are all part of the digital world, and pose threats to anyone found vulnerable. Predicting threats can be challenging however, routinely practicing good cyber hygiene ensure that an individual or business/institution is not left vulnerable to cybersecurity risks.
DEFINITION OF ‘CYBER HYGIENE’
Cyber hygiene is often compared to personal hygiene. Much like an individual engages in certain personal hygiene practices to maintain good health and well-being (washing your hands, using hand sanitizer, etc.), cyber hygiene practices can keep your data safe and digital identity secure and well-protected. As a result, this aids in maintaining properly functioning devices by protecting them from outside attacks.
Maintaining ‘Good Cyber Hygiene‘ is the practice of keeping their digital identity and other sensitive data organized, safe, and secure from theft, corruption, and/or outside attacks, routinely.
COMMON CYBER HYGIENE PROBLEMS
Enterprises often have multiple elements in need of cyber hygiene. All hardware (computers, phones, connected devices), software programs, and online applications used should be included in a regular, ongoing maintenance program. Each of these systems have specific vulnerabilities that can lead to different problems. Some of these problems include:
● Loss of Data: Hard drives and online cloud storage that isn’t backed up or maintained is vulnerable to hacking, corruption, and other problems that could result in the loss of information.
● Misplaced Data: Poor cyber hygiene could mean losing data in other ways. The information may not be corrupted or gone for good, but with so many places to store data, misplacing files is becoming increasingly commonplace in the modern enterprise.
● Security Breach: There are constant and immediate threats to all enterprise data. Phishing, hackers, malware, spam, viruses, and a variety of other threats exist in the modern threat landscape, which is constantly in a state of flux.
● Out of Date Software: Software applications should be updated regularly, ensuring that the latest security patches and most current versions are in use across the enterprise – for all applications. Out of date software is more vulnerable to attacks and malware.
● Older Security Software: Antivirus software and other security software must be updated continuously to keep pace with the ever-changing threat landscape. Outdated security software – even software that has gone a few months without an update – can’t protect the enterprise against the latest threats.
BEST PRACTICES: A ‘GOOD CYBER HYGIENE’ CHECKLIST
While there are numerous threats and multiple vulnerabilities with each piece of the digital puzzle, creating a cyber hygiene routine isn’t as difficult as it may seem. A few key practices implemented regularly can dramatically improve the security of any system.
Create a List of All Equipment/Hardware, Software, and Applications
All hardware, software, and online applications will need to be documented. Start by creating a list of these three components:
Equipment/Hardware: Computers, ledgers, connected devices (i.e. printers, fax machines), and mobile devices (i.e. smartphones, tablets).
Software: All programs, used by everyone on a particular network, that are installed directly onto computers.
Applications: Web apps (i.e. Dropbox, Google Drive), applications on phones and tablets, and any other program that isn’t directly installed on devices.
Analyze and Secure the List of Equipment/Hardware, Software, and Applications
After creating a comprehensive list of all cyber-facing components, you can begin to scrutinize the list and find vulnerabilities. Unused equipment should be wiped and disposed of properly. Software and apps that are not current should be updated and all user passwords should be changed. If the programs aren’t in regular use, they should be properly uninstalled.
All devices (i.e. smartphones, computers, tablets) equipped with front cameras, should be secure with front camera covers, and any applications that aren’t in regular use, should be properly uninstalled. As we move further into a digital society, digital identities will become increasingly valuable.
When buying/selling/sending/receiving cryptocurrencies, it is extremely important to securely maintain your private keys. One of the most secure ways of doing this, is by using “cold wallets” like a Ledger Nano S.
Additionally, if you do not have full and exclusive control over your private keys, you essentially do not have control over your cryptocurrencies, and your funds are vulnerable to loss and/or theft.
Certain software programs and apps should be chosen to be the dedicated choice for certain functions for all users. For instance, if both Google Drive and Dropbox are being used for file storage, one should be deemed primary, and the other used as backup or deleted.
Create A ‘Good Cyber Hygiene’ Policy
The newly clarified network of devices and programs will need a common set of practices to maintain good cyber hygiene. If there are multiple users, these practices should be documented into a set policy to be followed by all who have access to the network.
Here are typical items that should be included into a good cyber hygiene policy:
● Password Changes: Complex passwords changed regularly can prevent many malicious activities and protect cyber security.
● Software Updates: Updating the software you use, or perhaps getting better versions should be a part of your regular hygienic review.
● Hardware Updates: Older computers and smartphones may need to be updated to maintain performance and prevent issues.
● Manage New Installs: Every new install should be approved, done properly, and documented to keep an updated inventory of all hardware and software.
● Limit Users: Only those who need admin-level access to programs should have access. Other users should have limited capabilities.
● Back Up Data: All data should be backed up to a well-guarded secondary source (i.e. hard drive, cloud storage). This will ensure its safety in the event of a breach or malfunction.
● Employ a Cyber Security Framework: Businesses may want to review and implement a more advanced system (e.g. the NIST framework) to ensure security.
Once the policy is created, the routine for each item should be set to appropriate timeframes. For instance, changing passwords every 30 days or check for updates at least once per week could be set in place. Doing so will ensure the continued good cyber hygiene of your entire network of hardware and software.
Developing good cyber hygiene procedures is a must for today’s enterprises.