Have you ever heard of a term called cyber hygiene? Brushing teeth and taking bath is a hygiene, which every one of us follow, but it isn’t something we associate with technology. The term “Cyber hygiene” is a metaphor referred to those who takes smart decisions to protect their devices. Following a good hygiene without fail is something we are taught as children. This nature generally sticks with us for the rest of our lives. It involves three basic principles: using healthy products that suit our personal hygiene needs, performing these hygienic tasks appropriately, and establishing a perfect routine. But when it comes to technology, we do not follow any hygiene. Cyber hygiene is about training ourselves to think proactively about cyber security - like as we take care of our personal hygiene - to resist cyber threats and online security issues.
Here are a few significant tips that help you following a good cyber hygiene:
1) Secure your account with strong passwords
Passwords should be at least 12 characters long. It should be a combination of upper case and lower case letters, numbers, and symbols. Create a password which you can remember easily such as a phrase, but difficult for hackers to crack. Come out of the tradition of creating a password with your name or your beloved name followed by 123 or a special character. Instead, create a password like “I Love Scotcharoos” which can be changed to ” !<35cO7ch4ro0$” where Scotcharoos is not a dictionary word – it is a popular cookie in the central US. In the said example, instead and ‘S’, 5 and $ are used, which looks similar to letter ‘S’.
2) Protect your data
In order to keep your account secure and difficult to crack, it is highly essential to have separate security phrases, passphrases, passwords, or PINS for all the accounts and systems, which you use for everyday work. It is not recommended saving the passwords either by writing it on sticky notes or saving it on any devices. Instead you can quickly replace them with a password vault. If needed, you can also consider updating passphrases/passwords/PINs as described above to increase its strength. You can find different types of password vaults available for both smartphones and PCs.
3) Two-Factor Authentication
Two-factor authentication (2FA) is a two-step verification where users should verify two-stages of account verification. Whenever possible, it is recommended integrating a two-factor authentication to login. It means along with the set password, you will get a security passcode on your smartphone, which is also referred as OTP (One Time Password) to verify your credentials. Also, you can integrate biometric authentication such as leaving your fingerprint or facial skin to verify your identity.
Two-factor authentication offers an additional layer of security, which makes it harder for hackers to gain access to your personal and professional devices, applications and online accounts. In 2FA authentication, knowing your password alone is not enough to complete the authentication check. Integrating 2FA is recommended to control access to sensitive systems and data. Nowadays, most of the online services are introducing 2FA to prevent their users' data from being accessed by cybercriminals who have stolen a password database or used phishing campaigns to obtain users’ passwords.
4) Don’t Believe Every Mail
Investigate the sender of each piece of email sent to you before you go ahead and download attachments or click on the provided link. Discarding the mails received from unknown senders or the messages that manipulate you to click on any link to resolve the issue is a good cyber hygiene. Most of the time, hackers social engineer users by sending messages which are too good to be true. Besides, users also receive a mail that creates urgency and tricks them to click on the provided link or download attachments. If you are not sure about the sender’s name, discard those mails immediately. DO NOT immediately take the suggested actions, as it could be a scam.
5) Use the Right Products and Tools
Ever try sending a mail without an internet connection? Without the right set of tools, maintaining cyber hygiene is impossible. In order to maintain a good cyber hygiene, you need a reputable anti-virus/malware software, a network firewall, and password protection software that protects your personal data stored on the device. Taken together, using the right set of tools or say software helps you feel confident about the security of your gadgets. Besides, you need to ensure software is up-to-date. Additionally, you should always ensure the authentication of a software before installing on your computer.
6) Be Thorough, Be Accurate
Most of us feel that regularly emptying the trash or recycle bin removes all personal and sensitive data from the hard drive. But, unfortunately, it is not the case. To delete files permanently from your PC, you must use data wiping software. Whenever you install any new software on your system, add-on hardware, or modify system files, you’re at a risk of losing essential data. Make a habit of regularly clearing the useless files and make sure you remove it from the hard drive as well.
7) Provide Separate Guest and Private WiFi Networks
It is recommended to set-up two different accounts for WiFi networks – guest and private. Organizations should provide a guest WiFi network, which separates the guest users from their private network infrastructure. Further, a guest in an establishment should only get access to the guest network, but not a private network. If the guest system is compromised and he/she got access to the private network of an organization, malware can penetrate easily into the network, which compromises the entire computer connected to that particular network. Ensuring that only computers and devices approved by organization’s cybersecurity team have access to the private network will keep the bad actors away and make it more difficult for them to penetrate that barrier.
8) Use of Virtual Private Network connection
Most of us have a habit of accessing internet through network access points or “hotspots” that are outside of a cybersecurity team’s control. But, we are unaware of the fact that bad actors can create malicious hotspots that look legitimate enough to lure users. They can use these hotspots to send traffic such as emails and documents through their device and thereby steal data. We can easily mitigate this risk by using Virtual Private Network (VPN) that encrypts the data you are transmitting so that it makes difficult for threat actors to exploit the data.