Prioritising cyber hygiene: Essential practices for safeguarding data
The rising reliance on the internet has led to a surge in sophisticated cyberattacks, putting the extensive quantities of online-stored business, financial, and medical data at an increased risk.
As devices are used for personal and professional purposes, businesses and high-net-worth individuals (HNWIs) must prioritise cyber hygiene to protect sensitive information from hackers. Cyberattacks can lead to financial losses, damage to reputation, legal troubles, and disruptions to operations.
The UK government has emphasised the importance of implementing “cyber hygiene measures” to address cybersecurity issues by publishing various policies, processes, and dependencies for all businesses in a June 2023 survey. However, the survey’s data still indicate consistent declines in several key areas of cyber hygiene among businesses.
These include decreases in the use of password policies (70 percent), network firewalls (66 percent), restrictions on admin rights (67 percent), and policies for applying software security updates within 14 days (31 percent).
Just like good personal hygiene protects individuals physically, cyber hygiene can safeguard digital lives. This is why it is important to understand what cyber hygiene is and how to practice it.
Understanding cyber hygiene
Cyber hygiene comprises regular practices organisations and individuals must perform to uphold the security and well-being of users, devices, networks, and data. These routines are essential for safeguarding sensitive information, such as identity details, from theft or corruption.
While closely related, cyber hygiene and cybersecurity differ in their scope and emphasis. Cyber hygiene concerns preventative measures to maintain system health and security, while cybersecurity encompasses a comprehensive approach to prevent, detect, and respond to cyberattacks.
Cyber hygiene practices can mitigate deterioration and common threats, preserving device functionality, and shielding against external attacks like malware. These procedures essentially offer dual benefits—maintenance and security.
Maintenance is necessary to ensure optimal performance of computers and software. Fragmented files and outdated programmes can pose vulnerability risks, but they can be detected and mitigated through routine inspections, preventing potential serious issues.
Meanwhile, security is the primary motive for integrating a cyber hygiene practice. In an increasingly hostile threat environment, which includes hackers, identity thieves, and sophisticated malware, staying ahead of potential threats is paramount. While forecasting threats remains a challenge, adopting robust cyber hygiene practices enables proactive preparation and prevention measures.
Cyber hygiene practices
There are multiple practices users can observe to maintain good cyber hygiene.
First, users must do regular backups of important files in a secondary source (i.e. hard drive, cloud storage) or a separate, secure location. This will ensure their safety in the event of a breach or malfunction.
Second, users must regularly change their robust passwords for protection against cyberattacks. Strong passwords should be at least 12 characters long, with a mix of alphanumeric and special characters. Steer clear of easily predictable passwords. Using different combinations and not reusing an old password for every account are highly recommended, as there is a heightened chance it has been cracked by malicious actors.
Robust security software, including antivirus and firewalls, can protect against diverse malware. Regular antivirus scans can detect anomalies, while firewalls act as barriers against unauthorised access to networks and systems. Choose from traditional, cloud-based antivirus or hardware/software firewalls for the appropriate needs of each device. Combine these tools with regular software updates and security patches.
Lastly, education is crucial in maintaining cyber hygiene. Firms like Marengo provide training to equip HNWIs and their families with skills to combat cyber threats effectively, covering topics such as phishing, password security, malware recognition, and social engineering tactics. This training also enhances user awareness of the importance of online discretion to prevent inadvertent disclosure of personal information that could aid cybercriminals in social engineering attacks.