What Is Cybersecurity Hygiene?

An explanation of cybersecurity hygiene, its importance, and questions to ask when implementing a successful cybersecurity hygiene protocol.

Digital Guardian defines cybersecurity hygiene as “the practice and steps that users or computers and other devices take to maintain system health and improve online security.” Boiled down this means the processes and technologies your company uses to keep your systems and networks clean and uncompromised.

What does cybersecurity hygiene involve?

Keeping your company safe from cybersecurity threats has multiple facets. Cybersecurity hygiene means that you’re addressing and protecting yourself from as many of them as possible. Some facets of cybersecurity hygiene are physical hygiene, online hygiene, and, in-house hygiene.

Physical Hygiene

The first facet of cybersecurity hygiene is physical hygiene. This means that you should keep your physical assets like computers, routers, servers, building access, and employee cell phones secure. Keep patches updated, remove former employee access to your network and your physical location, and maintain or replace physical and software assets as they become out of date and more vulnerable.

types of cyber threats - gray analytics

Questions to ask yourself when considering physical hygiene are:

  1. Do you have a list of all physical assets that your company owns?
  2. Do you have a list of current employees and have updated access to your building to exclude everyone else?
  3. Do you have a security system and limited access in place for your facility?

Online Hygiene

The second part of cybersecurity hygiene that should be addressed is online hygiene. Online cybersecurity hygiene should include educating your employees of the current threats they are facing, having safeguards in place like spam filters and firewalls to protect your network , and monitoring your network security on an ongoing basis. This also includes providing an easy way for your employees to report threats to your IT department which can then be addressed and patched and shared with the rest of the company.

Questions to ask when considering online hygiene are:

    1. Do you have a dedicated team that stays up to date on cybersecurity threats?
    2. Is access to sensitive data that is stored online limited to employees on a need-to-know basis?
    3. Do you regularly perform backups of your online information?

    In-house Hygiene

    Lastly, cybersecurity hygiene includes creating and implementing in-house hygiene. Your company should have policies in place regarding everything from how frequent user passwords must be updated to how often patches are run on your system. But a policy is only as effective as the cooperation of your employees. By sending out regular updates to your policies and randomly assessing your employee’s implementation of your policies you can confirm whether cybersecurity hygiene is being practiced in your company.

    Questions to ask when considering in-house hygiene are:

    1. How do you know if employees are not following your cybersecurity practices?
    2. Do you have policies in place for all of your vulnerable access points?
    3. How often are your cybersecurity policies updated?

    What should we do next?

    Strong cybersecurity hygiene is essential to protecting your company from attacks that can compromise your data, finances, and reputation. The first step in implementing cybersecurity hygiene should be a threat assessment and from there going on to implement the recommended solutions. Gray Analytics is happy to provide threat assessments and cybersecurity hygiene recommendations. We also are available to partner with your company to make the changes needed to protect you and maintain your security. Contact Gray Analytics to discuss having a threat assessment performed on your company’s cybersecurity resources.

    Share This Post