What is Cyber Hygiene?
As the World Health Organization explains, “Hygiene refers to conditions and practices that help to maintain health and prevent the spread of diseases. Medical hygiene therefore includes a specific set of practices associated with this preservation of health, for example environmental cleaning, sterilization of equipment, hand hygiene, water and sanitation and safe disposal of medical waste.”1 Computer hygiene refers to those habits and choices that are made at a computer workstation that help to maintain health and prevent the spread of disease. While we have always been aware of the need to periodically clean our computer workstations, the pandemic helped to illuminate all of the different objects and surfaces that could harbor bacteria and/or viruses and prompted us to consider cleaning these areas more frequently. Beyond the obvious worktable, keyboard, and mouse, other equipment that should be cleaned and sanitized frequently to keep the workstation pathogen-free include headsets, monitors, LCD screens, computer cases, phones, and other hand-held devices.
Similar to computer hygiene, cyber hygiene refers to the habits and choices that are made by a computer user to help maintain system health and improve online security. Building a cyber hygiene routine helps to protect a system from the consequences of security vulnerabilities stemming from security breaches, data losses, outdated software, and outdated security software. Best practices for cyber hygiene include:
Application inventory. All hardware, software, and online applications should be inventoried. Hardware includes computers, connected devices such as printers, and mobile devices. Software includes all programs installed on network computers. Applications include web applications such as Google Drive, phone and tablet applications, and any other programs that are utilized but not installed on the devices directly. After a comprehensive list of applications is created, the list should be analyzed in order to identify and address vulnerabilities. Unused applications should be removed, passwords should be updated, permissions should be updated, and applications should be assigned to particular tasks.
Policies. Establish a cyber hygiene policy that details cyber hygiene maintenance activities, and how frequently these activities should occur. Hygiene policies should include activities relating to password changes, hardware updates, software updates, management of new installations, least privilege management of permissions, backing up data, and cybersecurity framework development and training. Once the policy has been established, a routine schedule for performing these activities should be set.
Examples of cyber hygiene habits and choices for system health include:
- Password best practices (e.g., not reusing passwords, changing passwords often, creating complex passwords, not sharing passwords)
- Multi-factor authentication
- Regular back-ups
- Privacy best practices (e.g., do not post personal information such as address and phone number, review privacy settings on applications and social media, lock devices, use VPN)
- Updating software, firmware, and applications
- Secure routers
- Use firewalls
- Encrypt devices
- Wiping hard drives before disposing of them
1 WHO, 2020, “Hygiene”