Cyber hygiene in business – learn the simple rules and how you can support it

Cyber security is an important element of trust both in and within an organization. This is especially true at a time when mobile devices are the main tools of doing business, remote and hybrid working has proliferated, and the digitization of processes is underway in many companies. Because of this, businesses, employees and customers need reassurance that their sensitive data is adequately protected. Unfortunately, the human factor was involved in as many as 74% of all information security breaches in 2023, according to the latest Verizon Mobile Security Index report. According to this year’s Verizon Data Breach Investigations Report, 19% of data leaks in organizations had an internal cause – in the form of inadvertent or accidental actions by employees. Any security system, no matter how specialized, is only as secure as its weakest link.

Cyber hygiene – prevention as simple as washing your hands

With the rapid development of technology and the increase in the scale and sophistication of attacks, cyber security breaches cannot be completely avoided. Prevention is much cheaper than repairing damage. And these, in the case of businesses, can not only be costly, but also irreversible, resulting in loss of trust and reputation. That’s why it’s worth taking every measure to minimize risk – you can increase the resilience of your company and yourself as an employee by implementing good practices called cyber hygiene.

Cyber hygiene is understood as a set of rules, behaviors and recommendations whose observance helps to increase the security level of users, devices, networks and data. This definition may sound daunting by association with complicated and time-consuming activities that require technical knowledge. Meanwhile, for the average user who is not an IT administrator, cyber health and safety are simple, everyday habits, often compared to personal hygiene.

Cyber higiene tips for every employee

Below you will find cyber hygiene principles that you can implement not only in a business environment, but also at the private level. To systematize your knowledge, they have been divided into several categories, corresponding to the most important threat areas.

Messages

• Do not open suspicious e-mails, SMS, MMS. Especially if they contain information about winning a contest, transferring money from a bank, hacking into an account.

• Check the sender’s e-mail address, phone number. If you are not sure, contact them by phone or in person.

• Pay attention to the linguistic and compositional correctness of the content. Trustworthy organizations mostly verify their messages before sending: they do not make blatant spelling and stylistic errors or use strange formatting.

• Do not take any action when you feel that the sender is putting unnatural pressure on you or is creating a sense of guilt while trying to get you to act urgently within a certain, very short deadline (for example, to make a money transfer, provide personal information).

• Be careful with links and attachments. Do not open attached files without being sure of their source. Peep without clicking (by pointing with your mouse cursor) the real destination address of the page the link will take you to. Watch for errors and typos in the URL – for example, an uppercase I as a lowercase L or the number 0 instead of an uppercase O.
  
  PRACTICAL USE CASE: find the differences between www.bankofamerica.com and www.bankofarnerica.oom

Passwords and accesses

• Use strong passwords (length, upper and lower case letters, numbers, special characters). Create them unique for each account – 1 account = 1 password. Change them regularly; do so immediately when you suspect someone has learned or stolen them.

• Do not share passwords with others. Don’t type them while someone is looking over your shoulder, at your screen or keyboard. Also, don’t write them down on paper or in an unsecured file – a better option is to use a proven password manager, or authentication data management program.

• Password protect your devices. Block them or log out when you are taking a break or finish your work.

• Use two-step verification to further secure your accounts. Enable this feature wherever you can.

Software and hardware

• Regularly update your system, programs and applications – if you use your own device for work. Otherwise, ask your administrator about it.

• Only use software from legal sources. This applies especially to mobile applications.

• Do not connect unknown data carriers to company devices.

• Try to avoid using public charging stations. They can become a tool for juice jacking – an attack that uses USB cables prepared by cybercriminals to infect your equipment or steal data. If you must connect to a public USB station, assess the risks. You can use your own cables, preferably without data transmission functions.

Network

• When working remotely, do not connect to public or unknown WiFi networks, especially when logging into accounts that contain sensitive data. However, if it’s really necessary, you can protect your online activity by turning on a VPN service. Ask your administrator to install and configure it.

• Protect your privacy online. Do not share information that, if published, may potentially violate your security or that of your organization and provide cybercriminals with a basis for blackmail. Follow the rule: the less, the better.

By applying the recommendations above, you will contribute to increasing the level of cybersecurity in your company and increase the security of your everyday activities, not only business ones. Pass this knowledge on to your colleagues. If you are an IT administrator, familiar with the principles mentioned and want to learn more, read the article on cyber hygiene for professionals (coming soon).