Basic Digital Security Hygiene
The impact of the COVID-19 pandemic has led many people to increase using digital devices to work, study, and interact with others. The increased reliance on the internet means we have a lot more to lose from cyber attacks.
Lack of digital security hygiene is leading to cyber attacks and cyber threats.
Digital security hygiene is a set of guidelines and best practices that users of computers and devices take to maintain system health and improve online security, it keeps your digital life “safe and healthy”.
Now that the pandemic has forced us into an unprecedented adoption of new technologies to our daily lives and online security issues have increased dramatically. We hear daily reminders of the importance of personal hygiene. But have you thought about your “digital hygiene” and what does it have to do with your computer and connected devices?
What is digital security hygiene?
Digital security hygiene is our crucial first line of defense against new and evolving digital threats, such as social engineering, phishing, online harassment, malicious emails, hacking accounts, and devices, stealing private data, or even worse. In fact, the majority of data breaches and hacks are caused by human error. Poor digital security hygiene doesn’t only put you and your online presence at risk, it also puts your family and friends’ accounts at risk. Therefore, it’s more important than ever to ensure that we’re using proper digital hygiene when we are using the internet. In practicing good digital security hygiene, there are some best practices to ensure our online workspace is safe, and our personal/organizational information and files are secure.
Basic digital security hygiene practices:
1. Create strong passwords
Passwords should be unique and complex, containing at least 12 characters along with numbers, symbols, upper and lowercase letters. Instead of using one or two words, use passphrases that contain several words and numbers.
To help you remember the passwords, you can record them in a secure password manager such as KeePassXC.
Changing your passwords regularly and never sharing or reusing the same password. This will help prevent hackers from figuring them out.
2. Use Two-factor authentication (2FA)
2FA is a security process in which users provide two different authentication factors to verify themselves. It is to avoid phishing attacks, identity theft, and account hacking. Even when someone has stolen your password, 2FA will prevent them from accessing your account.
2FA can be enabled on email, social media, and other tools in a few simple steps. There are few types of 2FA: SMS/messages, mobile apps, physical security keys. (Read more on 2FA and you)
Receiving the 2FA code over SMS is the least secure option as it relies on trusting the mobile phone company. Receiving the code over email is safer. The safest is generating the code on your device with an app or program such as Authy/Google Authenticator, assuming the device is secure or using a hardware authentication device.
Always keep your 2FA on and keep backup codes safe but in a separate database. Therefore, a secure password manager is strongly recommended.
3. Encrypt your devices
Encrypt your devices and other media that contain sensitive data including laptops, tablets, smartphones, SD cards, removable drives, backup tapes, and cloud storage. Some apps are using end-to-end encryption, and other services encrypt data on your devices and back them up in the cloud.
When a phone is encrypted it means that users must enter a password before accessing their mobile device. This is typically done by setting up a passcode in the privacy settings.
As for computers/laptops, install full disk encryption software such as VeraCrypt/BitLocker or use an encrypted USB for protecting sensitive data. While disk encryption software prevents cyber thieves from accessing information stored on your device, firmware passwords protect your hardware by preventing your machine from being rebooted or reset without your password.
4. Encrypt your emails and messages
Encrypting your emails is equivalent to putting your message into a lockable box that only the intended recipients can read. Encrypted email apps are recommended such as Protonmail, Thunderbird, or Tutanota.
Recommended using end-to-end encrypted apps such as Signal for your messaging activities to protect your digital privacy.
5. Update Operating system and software regularly
Cybercriminals exploit vulnerabilities in operating systems to gain access to outdated digital devices. Thus, it is important to ensure your operating system and software are always updated. It helps to protect your devices from malware such as ransomware.
6. Download and use official apps from the official stores
Use places such as Google Play or the Apple App Store. Doing so can help to ensure the applications you download are safe for your device.
To further check the authority of the app, check ratings and reviews if they are available. Read the app’s privacy policy which allows you to see exactly what phone features it will have access to upon installation.
7. Install reputable antivirus and malware software
Use Antivirus protection such as Microsoft Windows Defender/Malwarebytes, it is a program or umbrella of programs that scan for and eradicate computer viruses and other malicious software, or malware. It’s a vital component of your overall digital security hygiene in its protection against security breaches, along with other threats.
8. Back up regularly
Backing up important files offline, on a local external disk, or in a secure end-to-end encrypted cloud storage. This can help protect against many types of data loss, especially if hackers gain access to one of your devices. (it is recommended to do it once a week or after intensive work).
You should also backup your phones, we recommend backing up to a local computer rather than cloud services.
9. Keep your hard drive clean
Merely deleting files or data may not be enough. Reformatting and then wiping your hard drive clean is a part of good digital security hygiene. For example, if you want to sell your computer and have used it for online banking, you’ll want to consider disk-wiping to remove software and data from your hard drive.
10. Be cautious of public Wi-Fi
Do not access any sensitive information through public Wi-Fi, such as logging into your bank or checking sensitive work emails, as a hacker may be able to intercept your communication through a "man-in-the-middle" attack. Suggested to turn your Wi-Fi and Bluetooth off when they’re not in use to help protect your device from malware accessing your information via public Wi-Fi. It is far more secure to use a 3G or 4G instead or to use a Virtual Private Network (VPN).
It is also important to be aware of public charging stations as they could be compromised with malicious malware.
11. Protect your connection to the internet
When you connect to a network to access the internet, the network owner is usually able to monitor your activity such as the websites you visit. Consider using a reliable Virtual Private Network (VPN) to create a secure internet connection. It is wise to use a VPN when you connect to an untrusted public network such as a cafe, hotel, or airport.
Using a VPN also encrypts the data you exchange with the VPN provider, so the network in between cannot read it. If you do not want your Internet Service Provider (ISP) knowing which servers you communicate with, you may buy VPN access or use one of the free options:
Some free options: Psiphon, RiseUp VPN, Proton VPN, TunnelBear (limited to 500MB)
Some paid options: Express VPN, Mullvad, Tor Guard, Private VPN, ibVPN
12. Use safe and updated browsers
For browsers, we highly recommend Firefox or Chrome, or Chromium with proper setup and add-once /extensions such as HTTPS Everywhere, Privacy Badger, NoScript, and uBlock Origin. It helps to make internet browsing safer.
Change the default search engine to a privacy-minded website such as DuckDuckGo and regularly clear your cache and history. Regularly review and delete any browser extensions that you don't often use.
13. Be aware of phishing attacks.
Only one wrong click can instantly result in a bad infection or cyber threats. Anyone can trick you into giving access to your accounts or providing your personal information by sending you fake links or emails.
When you open an email, check the email address of the sender. Be careful downloading attachment files or clicking links. Any links that ask you to take action, be aware of the urgency, threats, or requests for help.
Security isn’t just about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats. Digital security tools are not sufficient protection against today’s many threats. However, practicing good digital security hygiene habits, backed by the right tools and security processes is an effective first line of defense. Just remember to “wash your darn hands.” Digital security hygiene is everyone’s job!