6 Steps to Squeaky Clean Cyber Hygiene
Good cyber hygiene might start with a checklist, but over time it can become part of your every day identity. Being a cyber-hygienic person means acting on cyber security best practices, but also knowing when to rely on AI to make up for inevitable human error. We’ll include a list of tools and suggestions to make these steps easy to implement and keep you far from the hackers’ target range.
1. Make an Inventory List
This is a great place to start for an organization or an individual. I’ve been a victim of stolen devices and having the details makes the insurance claims process much easier. Create an excel sheet and an action item for your coworkers to fill out their row. Having the specs in one place will help you quickly identify possible issues. Update the list as new devices are added or retired, software versions are updated, or new programs installed. Get familiar with the Cybersecurity and Infrastructure Security Agency (CISA)’s frequently updated list of top exploited known vulnerabilitites
Why? Keeping an inventory list keeps you aware of specific software versions running on devices so you can take immediate action when vulnerabilities are identified. This list can help you audit your security and track your physical assets in case of theft.
The list should include:
- All Assets
- Unique identification of the asset: machine name, serial number, and/or MAC address
- Physical location of the asset and who uses it
- Softwares versions and OS version
- Expiration date of software contracts
- Antivirus or malware installations
2. Use a Patching Manager
CISA found that 85% of cyber attacks would be prevented if people just patched their software.
Why? Patches are often reactive fixes for bugs and vulnerabilities that are usually discovered through breaches or attacks. Intentionally staying vulnerable to known bugs is a cyber security no-no because it provides an open invitation for hackers to exploit your network.
Tools: There are free versions of many patching managers that you can use to keep your website up to date including PDQ, Itarian, and Action1 .
3. Set a Backup Routine
Weekly backups are a must, but think about the amount of work that happens and could be lost over the course of a week. Daily backups are the gold standard if you never want to lose more than 24-hours worth of work. Ideally, you can schedule these at night, to run to an off-site cloud server. Practice restoring the data quarterly so you know that this strategy will actually work if the times comes to use it.
Why? If you don’t have a backup copy of your data, you are more likely to give in to criminals in ransomware attacks that lock up your information, plus losing all of your data in any situation, whether it be a computer crash or an attack, can be a difficult postion for any business to recover from.
Tools: Some of the most popular free backup tools include Cobain Reflector , FBackup, Google Drive, and File Fort Backup.
4. Use a Password Manager
According to an article by Entrepreneur, 37% of internet users say they have to request a password change once a month on at least one website due to forgetfulness. Not only do users rely on their memory, Lawless research found that 71% of passwords are used across multiple platforms. If you’ve ever been victim to a data breach and that one password works at 26 other applications, that’s not good news.
Why? If you aren’t using a password manager you’re more likely to use the same password in multiple places or create a password that is easier to remember, and therefore easier for hackers to guess.
Tools: There are several free password managers and some that are open source too. A couple to check out include Keepass, Avira Password Manager, Nordpass and Roboform.
5. Double Down on Deleted Files
Deleting a file does not erase it. It only deletes the links to the content, making it no longer visible to you. The actual content is still on your harddrive and pretty easy to restore. A data deletion tool can overwrite the magnetic fields on a disk platter surface of the hardware with random characters until the original data is no longer recoverable.
Why? If there is sensitive company or personal information that is not completely deleted, it is a liability that can used as leverage for blackmail or extortion by cyber criminals who get a hold of the retired device.
Tools: There are a number of free open-source softwares available for you to keep your devices clean. Eraser works on Windows and can be downloaded at GNU (General Public License). Clean me works on Macs and can be implemented through Github or homebrew.
6. Mask Your Identity
Masks work in the outside world and in the online world in keeping you safe. Masking your online identity, even partially, goes a long way towards preventing identity theft or brute force attacks. Do you need to include your last name, birthday and email on your social media platforms? Probably not.
Why? According to Google, 59% of Americans use a name or birthday in their passwords. Making personal information easily available on your social media page makes it that much easier for hackers to find a way in. It can also help hackers answer those security verification questions to get account access.
Do Your Cyber Duty
Ask not what the world wide web can do for you, but what you can do for the world wide web.
This cyber security awareness month let’s consider what our responsibility is to do our part, and #becybersmart. Taking simple actions to make sure you are not opening a backdoor for attackers protects not just you, but your coworkers, employers, friends, and family.