Cyber hygiene. It’s a term thrown around quite a bit in the cybersecurity industry, but what is it?
At its core, cyber hygiene is the art of forming and practicing good habits when it comes to how you interact with the technology around you. Much like bodily hygiene improves your physical health, good cyber hygiene will improve your virtual health, minimizing the chances that you’ll get pwned by a shady threat actor.
I asked two of our instructors at Level Effect, Will Nissler and Anthony Bendas, what their top cyber hygiene best practices are—and they did not disappoint.
Here are their top 5 cyber hygiene best practices.
Make no mistake: there’s a good chance that this best practice will make every cyber hygiene list out there.
And it’s for good reason, too. MFA is one of the lowest-hanging fruit in terms of cyber hygiene best practices.
MFA is the first step toward a layered security approach. Instead of just entering a password into a website to log in, MFA requires another step to log in. For example, some MFA adopters use a push service, such as Duo Security, as their secondary form of authentication. This will require the person attempting to log in to approve the log-in attempt from a physical device, such as their phone.
Even better, you’ll be notified if someone tries to log in as you via a notification that includes the attempter’s approximate location. (This has happened to me before, and MFA saved my derrière.)
Confession time: I don’t really know any of my passwords.
That’s because I use a password manager to generate and store my passwords. Password managers such as Bitwarden can come up with complex, hard-to-crack passwords that make it that much harder for threat actors to wiggle their way into your accounts.
Password managers also help you avoid duplicate passwords, and some will even alert you if one of your passwords was included in a breach.
Even better: You free up precious brain space by letting your password manager do all the work for you. :)
How many times have you searched for a particular application and clicked a link, only to realize you landed on a website that isn’t even affiliated with the application’s original source?
If you google download Microsoft Office, you’ll see quite a few results that link to sites that aren’t Microsoft. And while some of these sites may be legitimate, why chance it?
It’s always a good cyber hygiene best practice to go directly to the source of the application. In this example, you’d want to make sure you downloaded Microsoft Office directly from Microsoft—not from a third-party site.
And speaking of Microsoft Office, think twice before enabling macros.
When you first open up a Microsoft Office document, you’ve likely seen a bar at the top that asks if you’d like to enable macros. There are legitimate reasons why you’d need to enable macros. For example, if you’re trying to open an Excel sheet from a trusted source that automates tasks you do repeatedly within the document, you’ll need to enable macros so the document can function as intended.
Unfortunately, this automated list of executables is a feature that threat actors take advantage of. They can easily and quietly install malware on your device—or even on your network.
It’s a cyber hygiene best practice to make sure you know exactly who the document is coming from and to verify it’s safe before enabling macros.
You can learn more about additional cyber hygiene best practices in terms of macros on Microsoft’s website.
One thing about cyber hygiene is it can make life a lot less convenient.
Such is the case with Anthony and Will’s next cyber hygiene best practice: don’t store personal information on websites.
I frowned pretty hard when Anthony and Will threw this one at me, because I’m inherently lazy with my purchases and just want to make them quickly before the guilt that I’m spending money sets in.
But—as always—they’re right (but don’t tell them that).
Storing your personal information—your address, credit card information, phone number—on websites isn’t a great idea, because if those websites are breached, your data could easily make it into the hands of a threat actor—or even threat actors.
Luckily, they did offer a solution to this problem: privacy.com.
This site helps you generate a virtual card number for one-time purchases or subscriptions right from your browser—no storage required. You can even set limits as to how much money you’re okay with spending on each of your cards, which comes in handy for subscriptions.
I also love that they clearly list the steps they take to secure the data you give them.
***
I hope these 5 cyber hygiene best practices will help you feel a little more secure about what you’re doing online. A huge thanks to Anthony and Will for letting me pick their brains!
For more cyber hygiene best practices, check out this list from the Cybersecurity & Infrastructure Security Agency (CISA).