Cyber-security is a well-known term used to describe any activities related to keeping digital devices, their users, and data safe. However, the term isn’t applicable in all situations. In truth, cyber security only applies to the cyber protections and defenses of groups or organizations; anything an individual does to stay safe online should instead be called cyber hygiene.
Cyber hygiene is defined as an individual’s digital behaviors that contribute to (or detract from) security. Unlike cyber security, which typically includes security strategies that are built into network architectures and protect whole organizations, acts of cyber hygiene are the responsibilities of individuals — but they can devastate an organization if left unchecked.
Unfortunately, IT professionals can only make a network just so secure: Cyber security typically remains strong through concerted effort to update and maintain security systems, but cyber hygiene usually becomes good and strong through mindless habits — just like regular hygiene. IT teams looking to bolster their organization’s cyber security should focus more on improving cyber hygiene by instilling the following habits in their members.
Passwords remain vital elements of security, but because they rely on individual generation and maintenance, they tend to be terribly insecure. Typically, passwords are mandatory to log into business devices, software and online accounts, and to make the process as fast and easy as possible, employees try to keep passwords short and memorable — like “password” or “1234.” Organizations should have password management tools that prevent such obvious, weak passwords, but they should also try to instill in their workforce the importance of strong, complex codes. Some squeaky-clean password tips include:
- Using more than eight characters;
- Mixing capital, lowercase, and special characters, such as $%@!?&*/;
- Avoiding words or numbers that relate directly to family or position, such as kids’ names or birthdates.
E-mails have been around since the beginning of the Internet, but they were hardly built for thorough security. During the transfer of a single e-mail, cyber criminals can gain access to that e-mail’s content in myriad ways. Worse, e-mails are common vectors for malware, containing malicious links and attachments that can devastate devices and networks. It is of chief importance that employees develop strict cyber security concerning e-mails.
Workers should be able to detect a fraudulent e-mail from a genuine one. Typically, this requires paying attention to senders, typos, requests for information or money, and more. Additionally, individuals should be in the habit of encrypting their e-mails; although this might not prevent hackers from obtaining the content therein — because e-mail service providers and recipients share encryption responsibility — it is the most an individual can do to keep e-mails private.
Typically, network security is the responsibility of the organization, not the individual, but how individuals interact with networks relates to their cyber hygiene. These days, many organizations implement some type of BYOD policy, meaning individual employees can use personal devices to complete work outside of the office. This means that employees can connect to networks not under a business’ strict control. Unfortunately, connecting to foreign networks, especially those in public places, introduces extreme amounts of insecurity that could lead to a data breach.
Organizations must stress the importance of caution and care when allowing employees to send and receive work-related data over foreign networks. Even better, organizations can create and mandate use of virtual private networks (VPNs) that encrypt data, so it will remain secure even in the most dubious public networks.
Updates and Backups
Businesses large enough to maintain IT support typically delegate the responsibility of updating software and backing up data to a dedicated team, but smaller organizations might still rely on individuals to manage their machines, especially if they practice BYOD. Unfortunately, because these practices take time, they are often neglected until it is too late — that is, until malware or a data breach leaves a business scrambling.
Thus, employees should learn to backup data on a schedule and update programs as soon as patches become available. Fortunately, automation features are appearing in more programs so, in many cases, individuals can enable automatic backups and updates. Still, they should know why updates and backups are vital to a business’ integrity and suffer penalties for delaying or otherwise preventing vital downloads and uploads.
Like brushing teeth and washing hair, cyber hygiene is easy once it becomes a habit. Organizations must push for cyber hygiene within their workforces — or they will suffer the consequences of insecurity.