Cyber hygiene explained: the most comprehensive list


Wake up, wash your hands, brush your teeth – we all know the drill. However, there's a new concern nowadays: maintaining cyber hygiene. This is something that most of us didn't learn from our parents or at school. So, what exactly is it?

Every day brings new stories about people being hacked, defrauded, or falling victim to cybercrime. Consequently, calls by cyber pros to practice good cyber hygiene continue to grow.

But if you search “cyber hygiene” on Google, you'll struggle to find a definite answer to what it is. You’ll find numerous checklists explaining what to do, but while many are similar, none are the same.

ADVERTISEMENT

Throughout October, Cybersecurity Awareness Month, the CISA (Cybersecurity and Infrastructure Security Agency) is running a campaign asking Americans to follow four easy steps:

1) Use strong passwords

2) Enable multifactor authentication

3) Recognize and report phishing

4) Keep your software up to date

This list could be extended with a few more steps. As suggested by NordVPN’s take:

5) Backup your data.

ADVERTISEMENT

6) Educate yourself

7) Use data (and communication) encryption

8) Set up your firewall

9) Stay discrete when sharing

10) Invest in reliable security software, such as a VPN and antivirus

Is that it? No. ESET suggests that we should also check on what’s already been compromised:

11) get a checkup using haveibeenpwned.com, breachalarm.com

12) Perform a digital cleanup, deleting apps you no longer use

Norton’s list adds:

13) Secure your router

ADVERTISEMENT

Other security companies and reviewers add even more good habits to get into, such as:

14) Log off from accounts and lock your devices when leaving

15) Run a complete anti-malware, antivirus scan once in a while

16) Review your privacy settings in the browser, social media apps, and other sites

17) Change passwords regularly

18) No clicking on pop-ups

19) Do not use public Wi-Fi or chargers, and do not connect unknown USB storage devices or cables

You could keep extending the list for some time, as there’s always something else that could help. And that’s just for individuals.

Organizations operate on a whole new level and have much more extensive lists, frameworks, and policies that are considered as “cybersecurity hygiene.”

ADVERTISEMENT

Microsoft came up with probably the most detailed checklist for organizations, claiming that “Basic cyber hygiene prevents 98% of attacks.” At the top of the list was Multifactor authentication (MFA). Coincidentally, Microsoft also published the article “One simple action you can take to prevent 99.9 percent of attacks on your accounts”, with that action being MFA.

“Basic cyber security hygiene – enabling MFA, applying Zero Trust principles, keeping up to date, using modern anti-malware, and protecting data – prevents 98% of attacks. For help protecting against cyber threats, minimizing risk, and ensuring the ongoing viability of your organization, meeting the minimum standards for cyber security hygiene is essential,” Microsoft concludes.

Here, the term cyber hygiene in organizational cybersecurity is also subject to interpretation based on context and adopted strategies.

The National Institute of Standards and Technology (NIST) doesn't have a specific standard for cybersecurity hygiene, but it refers to it in publications related to patching IT systems in organizations. However, probably NIST's guidance for organizations, known as the Cybersecurity Framework, aligns more closely with the concept. The framework is under revision, as version 2.0 will include current and anticipated future cybersecurity challenges.

“Cybersecurity risks are a fundamental type of risk,” the initial draft reads.

Cyber hygiene is a mindset, not a list

So, what’s the conclusion of all this? It's important to recognize that cybersecurity hygiene is not about achieving a state of perfection, completing a list, or taking the right amount of steps. It’s different from washing hands before eating or caring for your teeth (a third of Americans even fail to brush them twice a day, let alone follow an exhaustive cybersecurity regimen).

During October, or at any other time of the year, cybersecurity is about a proactive and mindful approach towards digital safety. It’s about progress. Each stride in the right direction adds up and provides better protection.

To fortify your digital defenses, it's essential to consistently question whether the current state is adequate and what further action you could take. Many aren’t doing enough right now, so the lists are enormously helpful.

Meanwhile, the cybersecurity landscape continues to evolve. What was considered impervious yesterday may no longer be safe tomorrow.

ADVERTISEMENT

Gone are the days of simple passwords. But even the strong passwords will have to give way to passkeys, and who knows what comes next? Previous encryption standards, once deemed secure, must now be reimagined to combat emerging threats such as quantum computing.

With new challenges, new lists will emerge, requiring us to remain vigilant, educated, and careful.

So, have you at least set up that MFA?