VPN

Cyber hygiene

CyberSecurity FAQ - What are the best practices for cyber hygiene?

RECOMMENDED BEST PRACTICES FOR CYBER HYGIENE - TOP 10
The best practices for effective cyber hygiene should include and extend the following:

1. Protect your computer network with secure routers with robust firewalls. While traveling, use a Virtual Private Network (VPN) and/or software firewall.
   The 1st line of cyber defense in computer network security is to install and maintain a secure Internet Protocol (IP) router and a robust firewall that prevents unauthorized users from accessing data, email, applications, web browsers, etc. If you are a computer system administrator: install and configure a secure commerical IP router, white list all approved users, black list all unknown users, and ensure that the wireless (WiFi) communications use WPA2/WPA3 encryption for wireless comunications. If you are a home computer user, check out the Home Broadband Routers section of the LifeWire What Is a Router for Computer Networks? article. If you are traveling away from your business or home computer network, ensure that you are using a secure Virtual Private Network (VPN) and/or your Operating System (OS) has a secure software firewall turned on.
2. Install dependable anti-virus (AV) and anti-malware software that continuously scans your computer/mobile phone, and update it frequently
   The 2nd line of cyber defense in computer network security is to install and maintain robust anti-virus (AV) and anti-malware software that scans and terminates computer viruses and other kinds of malicious sofware (malware). If you are a computer system administrator install a robust commericial Intrusion Protection Device/Intrusion Protection Device product; if you are a home computer user ensure that you install either a commercial or FOSS (Free & Open Source Software) AV software product.
3. Update all OS, Web Browser and Application software with security patches in a timely manner.
   The 3rd line of cyber defense in computer network security is to update all Operating System (OS), web browser, and application software regularly to ensure that security patches are properly installed in a timely manner. These security patches are essential to make sure that all currently-known cybersecurity vulnerabilities have been closed.
4. Define strong passwords and use Multi-Factor Authentication (MFA) whenever available
   
   • Define strong passwords that are unique and complex: 12+ characters, combo of lower case letters, upper case letters, numbers, and special chars (e.g., !@#$%^&*).
   • Do not share passwords, change them regularly (say every 3 months), and do not share the same passwords.
   • Use 2-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), which adds an additional layer of security to passwords, whereever practical, especially to financial, health, and other confidential accounts. 2FA and MFA greatly increases security by corroborating your password with additional information such as a unique pin, biometrics (facial or fingerprint recognition), secondary device (e.g., a personal mobile phone can corroborate web browser password login on a desktop computer).
5. Practice safe web browsing habits
   Since many commercial companies seek to harvest personal data it is essential that you practice safe web browing habits which include, but are not limited to, the following:
   • Configure your web browsers' privacy and security settings to block third party cookies, not save passwords, not autocomplete, and not save search histories. (If there is no configuration to not save search histories, purge these and all other saved information, regularly.
   • Set your default web browser search engine to a choice that does not track your query content and habits, for example, DuckDuckGo.
   • Set your default web browse to a choice that fully complies with current W3C standards and supports security plugins. For example, Free & Open Source Software (FOSS) FireFox fully complies with W3C web standards and supports the following security plugins:
     • HTTPS Everywhere The Electronic Frontier Foundation (EFF) and The Tor Project jointly developed this Firefox, Chrome, and Opera extension to support the secure HTTPS communications protocol vs. the standard HTTP protocol, which is more widely used but less secure. (The ‘S’ in HTTPS stands for ‘secure.’) HTTPS Everywhere encrypts communications with many major websites to help secure your browsing experience.
     • Web of Trust (a.k.a. WOT). This extension for FireFox, Internet Explorer, Chrome, Safari, and Opera helps determine if a website is safe to surf. The extension displays traffic signal icons next to URLs and links. Green means the site is reliable; yellow indicates you should proceed with caution; red translates to “steer clear.” The ratings are crowdsourced from WOT’s global user base and are supported by trusted third-party sources, such as up-to-date directories of malware sites.
   • Check out shortened links from a non-trusted source prior to clicking on them, since they have been known to mask malicious links. Check out via ExpandURL or CheckShort URL online utilities.
   • Only visit web sites with via HTTPS (= HTTP Secure) protocol and ensure that the web site's SSL Certificate is valid. (Typically the web URL will begin with "https://…" and the web browser will show a "padlock" icon if the site's SSL certificate is valid.
   • Beware when installing web browser plugins from unknown/untrusted sources. All plugins should be simple and single-purpose in nature; complex, multi-function plugins that are not properly maintained can increase cyber attack surfaces to exploit. For more detailed information about safe web browsing habits check out the Department of Homeland Security’s (DHS) Securing Your Web Browser guide, which explains web browser features and associated risks (e.g., ActiveX, Java, JavaScript, cookies, certain plug-ins, cookies, etc.).
6. Practice safe email habits
   Consider that most free commerical email services (GMail, Outlook.com, iCloud Mail, Yahoo Mail, GMX Mail etc.) compromise your privacy to serve targeted ads or otherwise exploit your personal data, it is essential that you practice safe email habits, which include, but are not limited to, the following:
   • Beware of spear fishing emails from unknown/untrusted sources that may link to or contain mailware! Do not click on a link or open an attachment from an unknown/untrusted source. Delete and purge subject email and blacklist the sender.
   • Do not include sensitive or confidential information (e.g., financial, health) in your email subject, content or plaintext (unencrypted text, a.k.a. clear text) attachment. If you need to send sensitive or secure information via email, encrypt it as an attachment, and send the password via an alternative mechanism (e.g., voice communication, SMS/MMS text message, separate unassociated email).
   • Consider a secure email service, with end-to-end encryption to ensure that your email content remains private. Check out: The 5 Best Secure Email Services for 2019: Encrypted email services keep your messages private.
7. Keep your user data separate from applications, and apply strong encryption to all sensitive and confidential data
   Keep all user data separate from user applications, and keep personal data separate from business data. Apply strong encryption (AES-256 bit or higher) with strong passwords (see #4 above) to all sensive and confidential data including, but not limited to, financial and health data.
8. Keep your user data separate from applications, and back up data regularly
   Keep all user data separate from user applications (see #6 above) and back up data to another network node (computer or server) frequently (weekly if not daily), and offsite (cloud-based and/or bank deposit box) regularly (monthly if not bi-weekly).
9. Be wary and selective when buying goods or services online.
   You should be specially wary when buying goods or services online, especially when it is a unknown/untrusted source. In general you should:
   • Check the website is secure. Check that the website URL starts with the letters “HTTPS://” and has an image of a small "padlock", usually in the top left-hand corner (see #5 above)
   • Select your item(s) you wish to purchase, add them to your Shopping Cart temporary storage, and proceed to the Check Out page to pay.
   • Enter your credit card details (name, address, phone number, email, credit card#, CVV#, etc.) as needed.
   • Verify that shipping and billing information are correct.
   • Confirm payment and keep a soft copy of the payment information.
10. When selling and disposing of computers and storage devices securely erase all persistent storage.
    When selling or disposing of your desktop, laptop, tablet, smartphone or USB drive, it’s critical that you securely wipe (erase) all personal, sensitive and confidential data. Deleting files alone is insufficient, since they frequently can be recovered by hackers and forensic specialists. Conequently, you should securely erase as explained in the following PC World article How to securely erase your hard drive. Check out Scientific American's How to Destroy a Hard Drive—Permanently article.

Keep in mind that, like human hygiene, you need to practice cyber hygiene on a regular, systematic basis for it to be effective. Don't worry above implementing all ten of the best practices listed above immediately; you will be better served by implementing them incrementally and opportunistically as you become more cyber WOK (aware)!

If you have constructive recommendations to correct, clarify or otherwise improve this or any other Cybersecurity FAQ please contact us.

---

CYBER HYGIENE HANDS-ON TRAINING OPTIONS
If you seek professional cyber hygiene training that demystifies the technobabble of cybersecurity and emphasizes pragmatic best practices for protecting your sensitive "crown jewel" data, check out PivotPoint's Essential Cyber Hygiene Applied hands-on training workshops.