2. Knowledge base
  3. Cyber Security Management
  4. What is cyber hygiene

What is cyber hygiene

Last updated: 2024-03-10
Was this article helpful?
7 of total 7 found this helpful.

Cyber hygiene is a set of work habits, activities and processes that reduce the likelihood that a cyber incident will occur or an attack will be successful. Why? If people follow such habits and rules, their behavior prevents the risky situations or even succesfull attack.

  • Adopting the basic elements and habits of cyber hygiene is among the basic and most important measures in increasing cyber security in organizations
  • Cyber hygiene habits help prevent risky situations
  • Cyber hygiene habits to better defend against cyber threats

Common Cyber Hygiene Problems

Nejvýznamnější nedodržování ... způsobuje - zlozvyky

  1. People open infected or fraudulent e-mails because they cannot recognize their fraudulent nature
  2. People use simple passwords that are easy to guess or crack, such as "123456" or "password"
  3. Popele do not backup data 
  4. People do not install software updates and patches 

Cyber hygiene concerns both ordinary employees and their behaviour in ordinary work situations, such as opening emails, and of course it also concerns IT professionals, i.e. those who take care of the information system and work in the IT company.

Basic employee cyber hygiene habits

Ordinary employees cause many problematic situations through their behavior, often unknowingly. However, by following a few simple principles and habits, they can easily avoid most of these situations. Thus, by following proper password management, keeping their data backed up, or having up-to-date software, each employee can prevent the vast majority of problems, not only in their job but also in their personal life.

  • Do not open suspicious emails
  • Do not use easily guessed passwords
  • Back up your computer and phone regularly, or at least the important files on them
  • Use only supported and up-to-date versions of the operating system
  • Do not use unknown wifi networks
  • Do not install unknown, suspicious, or unverified apps
  • Keep the apps you use up to date
  • Use antivirus programs and other protection against malicious programs

Basic habits of cyber hygiene for IT professionals in IT management

IT professionals naturally have more responsibilities than regular employees when it comes to their best practices and habits. They are in charge of the operation of IT and the information system, and their habits and best practices must be based on this. Adherence to basic habits minimizes opportunities for attackers.

Regularly backup data

  • Regularly backup
  • Keep the backup in a safe location, separate from the original
  • Backup servers and your users' endpoints

Keep software and hardware up to date

  • Use and maintain only supported and current versions of operating systems in your company
  • Install all available software updates and security patches on company-owned devices and all personal devices used for work
  • Update not only operating systems and applications, but also repair firmware, for example in printers, network elements, and so on
  • Try to maintain reasonably old hardware. With age over 5, the risk of hardware failure, typically disks, increases.
  • Also, some older hardware may not support new current firmware with vulnerability fixes
  • Also keep an up-to-date overview of IT equipment - hardware and software in your company

Keep control of your employees' access (access control)

  • You must have control over the access of individual people to company systems and applications, based on their permissions and job classification
  • Particularly important is access to critical and sensitive data and information
  • You must have an overview of all administrators and their permissions in the systems. Other users should have limited options
  • Implement identity and access management procedures
  • Monitor and control the activities of account administrators - how their creation, use, and deletion takes place
  • You must especially control the removal of user permissions if they are leaving the company

Don't let anyone unknown into your network, keep the company network under control

  • Limit access to the company network to employees and verified people
  • Use a completely separate network for visits
  • Take advantage of the RADIUS server
  • Limit network protocols, ports, and services if possible
  • Use systems with IDS and IPS
  • Secure configurations of network devices, such as firewall gateways, routers, and switches, configure the firewall well
  • Secure routers and ensure they offer WPA2 or WPA3 encryption
  • Use tools for monitoring, managing, preventing, and remedying the safe use of wireless local networks (WLAN), access points, and wireless client systems, for example for connecting unknown devices
  • Make sure that routers, gateways, and firewalls are correctly set up and configured to prevent an attack
  • Create cyber security rules for mobile devices to ensure that personal devices will not create additional risks for your organization

Implement and adhere to a password policy

  • Implement and enforce a password policy for all employees throughout the company
  • Pay attention to security, but don't make it too complicated for employees, they will then circumvent it

Use encryption and encrypted access where it protects the most

  • Use VPN for remote access of employees
  • Use encryption for access to the company wifi, and computer network
  • Use encrypted transport for management and operation of applications, web applications
  • Use encryption to protect key and sensitive data and also your backups

Use security software

  • Install security software, such as antimalware and antivirus, to protect systems from malicious software, including viruses, ransomware, spyware, worms, rootkits, and trojans.
  • Make sure the software is correctly configured and perform regular checks to be able to determine unusual activity.
  • Use professional services and software for detection - suppliers have experience with millions of attacks, certainly more than you personally

Ensure the protection and credibility of emails

  • Ensure protection such as SPF, DKIM
  • Reduce the risk of spamming from your people
  • Ensure good protection against malicious software at the email server level

Ensure regular education and awareness of your people

  • Focus on what is causing you problems
  • Focus on who is causing you the most problems
  • Ensure that your people have sufficient, but understandable information about what they can cause by their actions
  • Educate and inform employees regularly
  • Hold regular cyber security training to educate your employees in the field
  • Focus on possible frauds, attacks and their impacts not only on your company, but also on the privacy of employees. So they better understand the seriousness. Typically phishing scams and social engineering methods.
  • Users should, for example, fundamentally avoid clicking on links and attachments they receive by email.
  • Stay up to date on new phishing and malware tactics.

Regularly test and respond to the current situation

  • Perform regular disaster testing, be prepared for them - recovery from backup, penetration tests
  • Adapt to the current situation - attackers' methods, threats and vulnerabilities change over time and you have to keep up

How to implement cyber hygiene in your company

Most problems in the field of cyber hygiene can be easily remedied by implementing and maintaining the above principles and procedures, especially through training, education, and the introduction of these principles into the internal regulations and directives of your company. You have to count on the fact that people are unteachable and you have to constantly repeat everything. That's just reality. The introduction of principles into awareness and changing user behavior requires time, patience, cooperation of the entire company management.

Include cyber hygiene procedures in company processes

If you want to ensure that the basic habits of cyber hygiene become a natural part of your company's culture, it goes beyond being a natural part of all your internal policies that touch IT or deal with IT-related processes. Here are typical process items that should be included in cyber hygiene policies:

  • Password changes: Complex passwords that change regularly can prevent many harmful activities and protect cyber security.
  • Focus on the processes of assigning, removing, and changing access permissions

Include education and awareness raising in company training

  • Implement a cyber hygiene program into company training processes
  • Organizations must get this specific knowledge into their blood through policy programs, planning, training, and awareness raising.
  • No formal written form will save you by itself, you have to communicate everything with specific people and do it regularly
Recommended to know
Where to go next