In our everyday lives, personal hygiene is a sign that we take care of ourselves—not just to the world around us but also to ourselves. And although we attend to our personal hygiene every day, many of us rarely, if ever, take into account the importance of routine cyber hygiene. Cyber hygiene encompasses the processes and practices that ought to be a part of your online security habits. This routine will allow you to defend against common threats by taking common-sense steps against bad actors.
By practicing good cyber hygiene, you can improve the overall maintenance and security of your system. Here are some common-sense practices you should build into your cyber hygiene:
- Document All Current Equipment and Programs: Before you can know what needs to be maintained, you first need to understand what is on your system. Start by documenting every program and piece of hardware and software you have. This includes all connected devices (including mobile), all web applications, phone applications—whatever is available on your network. Once you’ve documented these potential vulnerabilities, you need to initiate a deep clean: remove all unused equipment, update all software patches and delete all those that are not needed. Remember, the goal here is to limit your overall exposure.
- Avoid Suspicious Emails and Downloads: This is perhaps the most prevalent advice we give, but there is a reason this comes up so often: opening suspicious emails and downloading from unknown sources puts your privacy in immense danger. Compromised emails can lead to compromised passwords, especially with financial institutions. Downloaded software can host viruses and malware that similarly steal data and passwords that can be held for ransom.
- Routine Maintenance: Once you have documented your equipment and programs and developed safe habits for using the internet, it is time to develop a routine for your cyber hygiene. Take steps to ensure that you are engaging in complex password changes, hardware/software updates, limiting the number of users who have access to your programs, and backing up data whenever appropriate. Additionally, these practices should follow a set schedule and timeframe, whether that be 30 days or one-week increments.