mei 29 2024

5 essential cyber hygiene practices every employee should follow

Having a cyber hygiene strategy in place is the best way to minimize risks. Emphasis on “minimize”: you cannot avoid risks, as you are working with people and not with robots.

In this article, we’re going to talk about five basic hygiene practices. Are you ready to level up, or not sure where your companies’ vulnerabilities lie? Get in touch for a security assessment.

A big thank you to Olinko, Salt Security and SoterICS for contributing to this article.

A strong company cyber security policy starts with your own employees’ practices.

Hygiene what? Cyber hygiene practices refer to the routine activities and precautions employees (and organizations) undertake to maintain the health and security of their digital environments. Just like personal hygiene, these practices aim to keep systems clean, safe, and functioning properly.

Let’s get into it: here are our five essentials!

Best practice 1: password policy

Hopefully, this is a no-brainer for everyone.You need to have a password policy in place. Ask your employees to use strong, unique passwords – no dates of birth allowed! – and make Multi-Factor Authentication (MFA) mandatory for everyone.

For employees who have access to critical systems, you should look at a phishing-resistant MFA.

Best practice 2: backup policy

A good backup policy is essential for ensuring data integrity, availability, and quick recovery in case of data loss or a cyber incident. We prefer a hybrid approach, where backups are stored in different places: on premises, in the cloud, and in different locations.

The best way to ensure regular backups is to automate the processes and to do systematic checks of the backups.

Pro tip: document your backup policies, roles and responsibilities!

Best practice 3: hard drives should be… encrypted

Encrypting hard drives is a critical practice in cyber security for several reasons. It ensures that data stored on a hard drive is converted into a format that cannot be easily read or accessed without the correct decryption key.

This means that even if the hard drive is stolen or accessed by unauthorized individuals, the data remains protected.

Best practice 4: update your systems and software

Keep your tech in tip-top shape to fend off vulnerabilities. So, do make it a habit to install updates for your OS, browsers, and apps. By turning on automatic updates, you don’t even have to think about it anymore. . We hear you: updating your systems or laptop can be annoying. However, we urge you to do it anyways. Postponing software updates really weakens your security.

Best practice 5: Look out for phishing!

Phishing emails get more sophisticated by the day. Phishers are out there trying to hook your info. Stay sharp and:

Check the sender: look closely at email addresses.
Think before you click: suspicious link? Don’t click it.
Stay skeptical: urgent emails or unexpected requests? Verify before you act.
Scammers will always try to appeal to
- urgency: hurry up or…,
- emotions: you can win if you click now, … .

So when your gut says no: verify, don’t click, take a moment and don’t rush.

To help your employees, organize regular phishing trainings to keep ‘em sharp!

Bonus tips

Always lock your laptop when you leave your desk. Younever know who’s around. Reality check: insider threats are very real and are the cause of about 40% of bad incidents.
Don’t use a personal photo as your phone screensaver. People with bad intentions can figure out your identity in 1,2,3. And on top of that, don’t use your date of birth as your password. With these two, it’s truly child’s play to unlock your phone.
Always be aware of your surroundings. Working in a coffee bar, on the train, or in a different environment can be fun.But be careful: people with ill intent can look over your shoulder without you noticing.