If you’ve been considering improving your cybersecurity lately, chances are you’ve come across the phrase ‘cyber hygiene’. And you’re probably also wondering what it means. Cyber hygiene is one of those slippery phrases that seems to change meaning depending on who’s using it.
So, in the interests of clearing up some confusion, here’s our guide to cyber hygiene. What it is. Why it’s important. And, what it looks like in practice.
A definition of cyber hygiene
Simply put, cyber hygiene is the steps and practices every organisation should take to ensure good digital health and protect themselves against cyber threats. The idea behind cyber hygiene is that these practices should become part of our day-to-day routine. Think of it as a bit like your physical hygiene, say brushing your teeth twice a day, washing your hands regularly, or wearing a face mask.
Why is it important?
In the same way that if you don’t look after your teeth you’ll eventually end up with a hefty dentist’s bill, your cybersecurity needs constant maintenance to avoid a breach.
But cyber hygiene’s importance goes beyond simple maintenance. There’s a widespread perception among SMEs that cyber-attacks are something that happens to bigger, higher-profile companies. It’s not hard to see why- after all, the news cycle is filled with tales of the latest Fortune 500 behemoth to suffer an embarrassing breach.
Unfortunately, this couldn’t be further from the truth. According to research from the Federation of Small Businesses, in the last two years alone, SMEs were subject to 10,000 cyberattacks daily. And 1 in 5 reported suffering a breach during the same period.
In the last two years alone, SMEs were subject to 10,000 cyberattacks daily
What’s more, the risks are only growing with many businesses switching to remote working. A recent report from VMWare reveals that 91% of businesses globally have seen an increase in cyber attacks since countries began implementing lockdown measures. On top of this, home office networks are 3.5 times more likely to be hacked than corporate ones.
Maintaining a good standard of cyber hygiene is the most effective way to guard against all of these threats.
What does good cyber hygiene look like in practice?
We’ve tackled why cyber hygiene is important but what does achieving it actually involve?
Good cyber hygiene is probably best divided into three broad categories: occasional check-ups, daily routines and good behaviours. Let’s take each in turn.
Occasional check-ups
People are often surprised by how many cyber threats can be averted simply by giving your corporate devices and networks a regular health check. When software is out of date, firewalls and anti-malware aren’t switched on, or security settings aren’t configured properly, you provide cybercriminals with an easy route into your business.
Start by checking every device in the company is running the latest version of any software you use and it’s security settings are configured to the highest level of protection. Also ensure that your network is secure and that all anti-malware and firewall tools are switched on, up-to-date and configured properly.
Daily routines
Cyber hygiene is as much about what you do and how you do it as it is about maintenance. A great place to start is by putting in place universal practices across your organisation.
This includes steps like setting up a strong password policy, using two-factor authentication for anything coming in or out of your business and keeping work devices for work purposes.
Good behaviours
Few of us set out to put our workplace at risk with our actions online. But we’re all human. And whether it’s through misunderstanding the risks or just being a little careless, many of us do exactly that on a daily basis.
Getting everybody on your business on the same page about your cybersecurity standards is just as important as keeping your tech fighting fit. The best way to do this is to ensure your business has clear, understandable policies in place so everyone understands what they need to do (or not do). And it’s no use hiding them away on some long-forgotten corner of your server. Make sure they’re easy to find and everyone has access to them.
Three simple ways to get your cyber hygiene up to scratch
The steps we’ve outlined so far might feel a little overwhelming. Where do you start? Surely running through all that will take forever? And what do you do if cybersecurity isn’t really your forte?
Fortunately, there are three very simple routes to improving your cyber hygiene – regardless of your budget or level of expertise.
1. Get a Cyber Health Check
Before you start improving your organisation’s cyber hygiene, you need to know your current level. In other words, it’s time for a check-up.
Our soon-to-be-released Cyber Health Check is a simple way to assess your current level of cybersecurity. We’ll run some tests to check how you’re doing. Then, once we’re done, we’ll send you a free downloadable report to tell you what you need to improve and some recommendations for how to do it.
2. Get Cyber Essentials Certified
Another option is to complete the UK government’s Cyber Essentials certification. The scheme covers the essential actions every business should take to ensure its digital security and protect against cyberattacks. Cyber Essentials assesses five criteria on the way to certification:
- Is your internet connection secure?
- Are the most secure settings switched on for every company device?
- Do you have full control over who is accessing your data and services?
- Do you have adequate protection against viruses and malware?
- Are devices and software updated with the latest versions?
Not only does the Cyber Essentials scheme cover all of the maintenance steps we discussed earlier, research also shows it could help protect your business against 98.5% of cyber threats. And that’s not all. Many government bodies require Cyber Essentials certification from any supplier or service provider they work with. So getting certified could open up new avenues for your business.
Even if you’re not likely to work with the public sector, Cyber Essentials certification is a great way to demonstrate to customers and potential partners that you’re serious about protecting their data.
3. Use an active protection tool
As we’ve said throughout this piece, maintenance is key to good cyber hygiene. But that doesn’t mean you have to set aside a day each month to check your defences are in order. There’s a far simpler, less time-consuming way to achieve the same thing.
The CyberSmart Active Protect scans your company devices 24/7, checking for updates, firewalls and security measures. If anything’s configured incorrectly or out-of-date Active Protect lets you know, allowing you to fix issues in a couple of clicks. And, to make sure your people stay safe, Active Protect lets you check on the individual status of their devices, and distribute company security policies across them.
Practising good cyber hygiene is a necessary part of modern business. But, as we’ve hopefully demonstrated, it doesn’t need to be time-consuming, complex or costly. So why not get started today? After all, where’s the harm in a check-up?
Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.