Cyber hygiene refers to the steps we take to keep our network and computers healthy and safe from external threat. Maintaining good digital hygiene includes a variety of security measures, and every employee plays a part. It truly takes a village to keep an organization’s confidential data secure. Just as good personal hygiene is something we all should strive for, so too should we do whatever we can to keep our computers and network “clean”.
The 3 tenets of cyber hygiene
There are 3 principles to consider when cleaning up your systems:
- use products that fit your needs
- perform the tasks correctly and
- establish a routine
Let’s break these down one by one.
Use the right tools
Without the right products and tools, information you think is safe could, in fact, be very much at risk. They should include:
- reputable antivirus and malware software
- a network firewall
- strong password protection
These tools should help you feel more confident about the security of your network and your staff’s computers, laptops, smartphones, and other devices. But they alone are not enough.
Make sure you’re doing it correctly
Take your time. Assess whether additional tools are needed. Be thorough. This applies not just to your organization’s network, but also to your staff’s computers and mobile devices. These might require special attention from time to time to maintain the organization’s overall security. For example, regularly emptying a computer’s trash can or recycle bin does not completely remove sensitive data. This requires the use of data-wiping software. And sure, everyone knows they have to use passwords. But if they aren’t putting in the effort to create complex, unique passwords every time and store them in a safe place, everyone’s data could be at risk.
Establish a routine…and stick with it!
Just like any good habit you want to maintain, you have to put in some forethought and planning. Mark your calendar to perform cyber hygiene tasks on a regularly scheduled basis. From scanning for viruses, to updating operating systems, to reminding staff to change passwords, all of these will become second nature to both you and your staff when performed regularly.
How your staff plays a part
Data reveals that employees and human error are the biggest risk to any organization’s security. Therefore, it’s imperative your staff regularly takes part in cybersecurity awareness training. They should know what to look out for, and what to do if they suspect something is wrong. They should also be made a part of the overall cyber “cleaning” process, knowing what tasks they should perform to keep things running safely and smoothly.
Install and update antivirus software
This is a vital element of overall cyber hygiene. As with computers used in the workplace, staff should know to keep their antivirus software updated on their personal devices.
Look out for the signs of phishing & smishing
While you should have security software installed to scan files that are attached to email, staff also need to know what to look out for when opening messages. They should be trained to verify the source of any email before clicking any links, as well as all the signs of phishing. They also need to know what steps to take if they suspect phishing. Additionally, they should be trained to recognize the signs of a phone scam, even if the number calling or texting appears to be legitimate.
Create and maintain strong passwords
Staff should be taught the correct ways to set up, use and store passwords. Passwords should be long and complex, and not be reused. They should be encouraged to use password managers and reminded not to share or write down their passwords. If you haven’t already done so, write up strict password policies and make sure your staff is aware of them.
Pay attention to network security
When working remotely, teach staff to avoid public networks when possible. If not, remind them to never send sensitive information when logged into these networks.
Access only safe websites
While antivirus software typically displays a warning screen for sites that seem insecure, you should still teach employees to look for the lock icon or the “https” in their browser’s search bar when trying to access a website. And of course, they should never log into any website to transmit sensitive or financial information without first seeing these indications of security.
Install only trusted software
In the same vein, staff should only install software on their personal devices that comes from trusted sites.
Keep apps updated
While your IT team may take care of updating apps and programs on company devices, users should make sure they’re using the latest version of software on their personal devices. Let them know that updates often contain critical patches that ensure security by fixing recently discovered flaws.