What Is Cyber Hygiene? A Definition
Individual cyber hygiene includes practices that you and your family can adopt to increase your digital security.
Whereas, business cyber hygiene refers to hardware and software security measures as well as employee security awareness to defend against threat actors.
The goal of cyber hygiene is to minimize cybersecurity risks and make you less of a target for scammers. Sadly, hackers and scammers have millions of potentially vulnerable targets. But if they see that you’ve employed even a basic cybersecurity framework, they’re more likely to move on to someone else.
Cyber hygiene isn’t something that you can practice occasionally. Rather, it includes habits and routines that you must perform on the regular.
Like nutrition, exercise, and personal hygiene regimens can help protect your physical well-being, a daily digital wellness routine keeps your online life healthy. Poor cyber hygiene — such as only occasionally updating passwords or backing up data — can lead to disastrous consequences.
{[show-toc}}
Why Is Cyber Hygiene Important?
By practicing good cyber hygiene, you reduce the risk of being ensnared by a scammer. For example, cyber hygiene can help:
- Keep your online and banking accounts safe from intruders.
- Protect you from financial losses associated with identity theft.
- Keep your data, sensitive photos, and videos safe.
- Prevent data breaches and business email compromises.
- Safeguard your web browsers and Wi-Fi networks from man-in-the-middle (MITM) attacks.
- Prevent or reduce the effectiveness of ransomware.
- Protect your devices from hackers and viruses.
✅
Take action: If you think hackers or scammers have you personal information, your bank account, email, and identity could be at risk. Try Aura’s
identity theft protection free for 14 days to secure your identity and finances against scammers.
For businesses, on the other hand, a fortified security posture can save millions:
- Compliance with regulations. Industries such as healthcare are subject to regulations about handling sensitive patient information. The Health Insurance Portability and Accountability Act (HIPAA) is a good example. HIPAA enforces secure login procedures, role-based access, and regular audits on access logs.
- Reduced risk of cyber attacks. 82% of all data breaches in 2022 involved a human element [*]. Regular software and system updates, passwords reset prompts, and awareness training are indispensable.
- Unimpeded operational efficiency. Cyber hygiene best practices help ensure that businesses don't encounter attacks. XDR, or Extended Detection and Response, works to detect and respond to existing cyber threats. Businesses with these in tandem contained a breach 29 days faster than those businesses without it.
- Better reputation and customer trust. Businesses that demonstrate a commitment to good cyber hygiene are likely to be viewed more favorably by customers and other stakeholders.
- Lower cost of recovery from cyber attack. The average total cost of a data breach in 2022 was $4.35 million [*]. Well-kept cyber hygiene can reduce the likelihood and severity of cyber attacks. This in turn can lower the cost of recovery if an attack does occur.
A 10-Point Cyber Hygiene Checklist for Individuals
- Update your passwords to be more secure
- Enable two-factor authentication (2FA)
- Download antivirus software and scan for malware
- Back up your data at regular intervals
- Enable auto-updates on your software
- Remove personal information from social media
- Encrypt your data
- Secure your home or business Wi-Fi networks
- Stay up to date with online threats
- Wipe your devices before donating or recycling them
1. Update your passwords to be more secure and unique
Your passwords are often the only thing standing between scammers and your accounts. Using strong, secure, and unique passwords needs to be an essential part of your cyber hygiene routine.
Here’s what to do:
- Use passwords that combine upper and lowercase letters, numbers, and symbols. The more possible characters in your password, the harder it is to guess. Avoid putting specific symbols in a pattern (such as “!!!” or replacing “E” with “3”). Password-guessing programs are usually designed to test these types of sequences. The best password makes sense only to you.
- Aim for 12-15 characters. The longer your password is, the harder it is to crack with a brute-force attack (which occurs when scammers use software that tests common passwords and combinations). In fact, it’s more important to have a long password than a complex password. A strong password with 12 characters is extremely difficult to crack.
- Never use personal information. Avoid using information like names, addresses, and birthdays in your password. These are very easy for people to guess.
- Never use the same password for two accounts. If one of your accounts gets compromised in a data breach, any account with the same password is also compromised. If you find it hard to remember all of your passwords, use a quality password manager like the one included with every Aura plan.
2. Enable two-factor authentication (2FA) on all of your accounts
You might have the strongest password in the world, but it can still be hacked, leaked, or phished. 2FA adds an additional layer of security by requiring a one-time-use code along with your password. This means that even if hackers have your password, they can’t gain access to your accounts.
Here’s what to do:
- Enable 2FA on all accounts that support it. Enabling 2FA functionality will require you to submit a code alongside your password when signing in. Here’s a list of all apps and sites that support 2FA.
- Choose an authenticator app over SMS. By default, 2FA codes will often be sent to either your phone or email account. But hackers have ways to intercept your text messages and hack into your email to get 2FA codes. So instead, use an authenticator app like Google Authenticator or Authy.
- Use multi-factor authentication (MFA) for high-risk accounts. Multi-factor authentication uses biometrics — such as your fingerprint or Face ID — as added security. Use MFA for bank accounts and similarly important sign-ins.
📚 Related: Can Someone Hack Your Phone With Just Your Phone Number? →
3. Download antivirus software, and regularly scan for malware
Antivirus software detects and neutralizes malicious software on your devices, including viruses and malware. At a bare minimum, you should protect your devices with antivirus.
Here’s what to do:
- Ensure your native security software is enabled. Many devices come with built-in antivirus software and security controls. This software acts as the first line of defense against malware, so make sure it’s active.
- Install a third-party antivirus. Aura’s high-quality antivirus will catch any malware that slips past your native security software. Aura can also warn you if you’re entering a potential phishing site or if your passwords have been compromised in a data breach.
- Scan for malware regularly. Most antivirus software will allow you to set up a regular, automatic scan (for example, once a day). Ensure that you also set it up to scan all new files, including those that are downloaded from the Internet or storage devices.
4. Back up your data at regular intervals
Data backups ensure that you can always restore files in the event of data loss after a security issue. On Apple devices, you can use Time Machine to regularly back up your data, while Windows users can back up with File History.
Here’s what to do:
- Set a backup schedule. Depending on the importance of your files, you may wish to back up your data daily, weekly, or monthly.
- Always back up data to a separate location. Common backup storage solutions include removable media and external hard drives. Backing up in a second (and third) location ensures that device failure or hacks won’t compromise your data.
- Use cloud storage or backup services. Cloud storage is becoming cheaper by the year and offers a great alternative to physical storage devices. Likewise, if your data is particularly sensitive, there are services that will ensure (for a fee) that your data is safe.
📚 Related: Have I Been Hacked? How To Recognize and Recover From a Hack →
5. Enable auto-updates on your software and operating system
Malware is often designed to take advantage of out-of-date software. Keeping your devices and software updated means that you’ll always have the latest security patches to protect you against new cyber threats.
Here’s what to do:
- Enable automatic software updates. This includes your operating system (whether it’s a mobile device, Windows, macOS, or otherwise), drivers, and key security software such as your antivirus.
- Let apps notify you of updates. For software that doesn’t perform auto-updates, allow the apps to notify you of updates so that you can install them as required.
6. Remove your personal information from social media
Seemingly harmless personal information on social media can become dangerous in the wrong hands. The more information a malicious actor has, the easier it is to impersonate you or design phishing attacks to gain access to your accounts.
Here’s what to do:
- Update your privacy settings. Social media websites like Facebook give you the option to limit who can see your posts, activity, and personal information. It’s best to keep your privacy settings and permissions strict (i.e., visible only to friends or custom-created viewer lists).
- Delete all identifiable information from your public social media accounts. Basic information like your birth date, family members’ names, phone number, and place of birth can make you vulnerable to threats including social media identity theft, blackmailing, and stalking.
- Turn off location services. Social media sites will often geo-tag you in photos or posts (allowing people to see where you are). Scammers use this information to target you and even pinpoint when you’re not at home.
✅
Take action: If you accidentally give scammers your personal data (or its leaked in a breach), they could take out loans in your name or empty your bank account. Try an
identity theft protection service to monitor your finances and alert you to fraud.
7. Encrypt your data
Data encryption protects your data by encoding it with complicated algorithms. This means that even if someone steals your files, they won’t be able to access them.
Here’s what to do:
- Encrypt devices that contain sensitive data. This includes any laptops, PCs, smartphones, hard drives, and backups. Encryption will help prevent your data from falling into the wrong hands. Here’s how to encrypt your Mac or Windows computer.
- Use an encrypted file sharing solution. Unencrypted files sent by email are vulnerable to interception. With email data encryption, even if your files are stolen, they remain inaccessible. You can encrypt emails in Gmail, Outlook, and iOS. For other email providers, you’ll need a third-party tool.
8. Secure your home or business Wi-Fi networks from hackers
If hackers bypass your network security, they are able to access any connected devices, including your computer, smartphone, and smart devices. This means that they can easily steal your data or infect your devices with malware.
Here’s what to do:
- Use a virtual private network (VPN) to protect your Wi-Fi network. Aura’s military-grade VPN encrypts all of the data on your network so that hackers and scammers can’t access it.
- Use Wi-Fi Protected Access 2 (WPA2) encryption. WPA2 ensures that data sent and received over your wireless network is encrypted, and only those with the network password can access it. Check to make sure that WPA2 is enabled in your router settings.
- Change your Wi-Fi passwords regularly. Changing your Wi-Fi passwords once or twice a year (or as soon as you see an unknown device connect to your Wi-Fi) prevents unwanted people from gaining access to your network.
9. Stay up to date with online threats (and know how to spot a scammer)
Failing to stay up to date with cyber security threats puts you at risk. Learning what threats you face and how to identify scammers is essential to good cyber hygiene.
Here’s what to do:
- Regularly check for data leaks and security breaches. Hackers constantly gain access to website databases and leak user passwords on a massive scale. Check if your password has been leaked; and if so, update it immediately.
- Learn the signs of phishing attacks. Scammers will often pose as trusted organizations to trick you into giving them sensitive information. By learning what scam emails look like, you reduce your chances of falling victim.
📚 Related: How To Tell If Someone Is Scamming You Online (With Real Examples) →
10. Wipe your devices and hard drives before donating or recycling them
If you just upgraded your home PC and are going to donate your old one, wipe your hard drives to prevent any chance of sensitive information falling into the wrong hands.
Here’s what to do:
- Securely wipe your hard drives. Simply deleting data doesn’t make it unrecoverable. To securely wipe your hard disk drives (HDDs), use drive eraser software like DBAN to overwrite your hard disk multiple times. For solid-state drives (SSDs), use the manufacturer’s SSD sanitization tools.
- Factory reset your smartphones. Before donating or recycling your phone, perform a factory reset so that all of your personal information, accounts, and data are deleted.
Cyber Hygiene is Paramount. Aura Can Help
A secure cyber hygiene routine can seem like a lot of work. And it is. But without maintaining daily digital security, you put yourself, your family, and your business at risk of identity theft, fraud, and hacking.
Aura’s digital security system automates your cyber hygiene routine — and takes the work out of staying safe online. Here’s how:
- Password manager: Aura’s password manager helps secure your accounts with strong, unique passwords that you don’t need to worry about forgetting. For added security, Aura’s identity theft protection service monitors compromised data, and alerts you if your passwords have been leaked to the Dark Web.
- Antivirus software: All Aura plans come with a powerful antivirus that actively detects and removes malware, spyware, ransomware, and adware to protect your devices. Aura also provides a virtual private network (VPN) to protect your personal data, and automatically alerts you if you’re about to enter a malicious website.
- Credit monitoring Aura’s financial fraud and credit protection service uses credit monitoring, Experian credit lock, and advanced financial tools to protect your assets online. Aura alerts you in near real-time if someone is trying to open a new account in your name, or if suspicious changes occur in your existing accounts.
- Identity theft insurance: Every adult on an Aura plan is covered by $1,000,000 in insurance for eligible losses due to identity theft. If the worst should happen and a scammer slips past your defenses, you can rest easy knowing you’re covered.
Sign up for identity theft, credit protection with Aura and save up to 50% →
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Skip