Resources

Cyber Hygiene Practice Guide

What is Cyber ​​Hygiene?

Personal hygiene is a way of taking care of our body, performing cleaning tasks routinely and proactively, to reduce the possibility of acquiring diseases.

 

Cyber ​​hygiene is a cybersecurity practice that works similarly to personal security. And it consists of a set of routine tasks that serve to prevent or mitigate the most common errors or oversights, which are the root cause of security incidents.

 

Regular execution of these recommendations allows individuals to train and form judgment to make intelligent decisions when facing attacks.

 

Why is Cyber ​​Hygiene important?

 

A 2020 Stanford University study by Professor Jeff Hancock titled “Psychology of Human Errors” revealed that nine out of ten security breaches were caused by employee error or carelessness.

 

When employees understand basic security practices, and their role in protecting information, the number of errors or oversights decreases.

 

Cyber ​​hygiene helps people understand that information protection is not only the responsibility of an IT or Cybersecurity area, but that it is the responsibility of all individuals in an organization. This enables a better response from the organization in case of incidents.

 

Cyber ​​Hygiene best practices for users

 

In general, the most common recommendations that users should follow are:

 

  • Safe and secure passwords:

 

  1. Use a password vault or management tool, (Keepass, or some commercial option). With this you will be able to maintain a large set of strong passwords without relying on your memory
  1. Use a strong master password as a phrase to access

   the vault.

  1. Back up the file with the password vault.
  1. Use 2-step authentication (or second factor authentication), it's especially important in financial applications.
  2. Use a different password for each SITE or service you use, do not reuse passwords between different services.
  3. Use passwords with a minimum length of 12 characters (Consider using phrases, they are easier to remember)
  4. Don't use obvious passwords or easy-to-guess personal information, don't use significant dates like births or anniversaries, or use numbers or letters in sequence.
  5. If the system or site asks you to set up security or challenge questions, such as “What is the name of the city where I was born?”, “What is my mother's maiden name”, etc. Do not give obvious answers that can be easily guessed, and keep the answers in the password management vault.
  6. Do not share passwords, if you have to do it do not do it in clear text. Submit account information and password by 2 different means.

 

  1. anti-malware
  1. Use antimalware on all computers (desktops or laptops) and mobile devices (phones, tablets, etc).
  2. All operating systems are susceptible to attacks, do not believe the publicity or rumors that there are computers or systems that are not affected by malware.
  3. Keep anti-malware up to date
  4. Perform full scans periodically
  1. E-mail and messaging systems: The use of email accounts to identify and retrieve services on the Internet is widely used. The attack on email accounts is one of the most common.

 

  1. Keep separate email accounts for business or work use and personal use.
  2. Use a strong password and never reuse the email account password on any other service.
  3. Always enable 2-step authentication (or multi-factor authentication)
  4. Don't click on email links.
  5. Be careful with attachments. If you are going to download an attachment, check it with an antivirus before opening it.
  6. Do not trust and pay special attention to emails that ask you to carry out transactions or bank card information, or ask for passwords.
  7. Report and delete unsolicited mail (spam).
  8. Do not share passwords in clear text in emails or messaging systems.

 

  1. Privacy of information on social networks
  1. Do not post personal information (addresses, bank accounts, private photos, phone numbers).
  2. Do not post business or work information on personal accounts
  3. Do not use games or quizzes that ask for sensitive personal information.

 

  1. Software updates
  1. Only download apps from official sites.
  2. Update applications, operating systems, apps, browsers, and firmware.
  3. Where possible configure automatic updates.
  4. Delete apps you no longer use.

 

 

  1. web browsing
  1. Review the permissions you grant to the apps you use

 

  1. Endpoints y Móviles
  1. Protect the device with a password.
  2. Encrypt the device or the entire hard drive, etc.
  3. Before selling a computer, make sure to erase all the information contained in it, consider the use of specialized software for secure erasure.

 

  1. 8. Removable Devices
  1. Use encrypted removable media
  2. Erase information from removable media before disposal
  3. Destroy removable media, before disposal, if it is not possible to erase the information on it.

 

  1. Public Wifi and travels
  1. Do not use sensitive information if you are connected to public computers, Internet cafes, computers in libraries, hotel lobbies, etc.
  2. Do not use public networks to transmit sensitive information, carry out financial or electronic commerce transactions, consider using your cell phone network.
  3. Use VPNs if you will be connecting to work from a public network
  4. Consider the use of disposable cell phones when traveling to over-monitored or unsafe destinations. And keep your cloud service accounts offline.

 

  1. Backups
  1. Take regular backups.
  2. Once the information is backed up, disconnect from the backup site, or keep the backup device offline. This prevents backups from being compromised in the event of a ransomware attack.
  3. Use encrypted devices to back up to removable media. Encrypt the backup if you do it in the cloud.
  4. Verify that the backups work. Perform information restoration tests.

 

Simple cyber hygiene steps that when carried out will prevent your information from being compromised.