We care for our bodies. We eat. sleep, bathe, brush our teeth, wash our clothes, clean our homes and see doctors as needed in order to keep ourselves healthy. This concept of self-care we call personal hygiene. We practice personal hygiene throughout our lives in hopes of having a long and healthy life.
Many of us have pets that bring us great joy and fulfillment. Our companions cannot care for themselves and require our ongoing commitment to care for them by providing food, shelter, and needed preventative veterinary care.
We protect our homes by locking doors, installing cameras and purchasing alarms systems. We could refer to these practices as security hygiene.
We also have come to depend on many other tools that are critical to a productive life. Many of us depend on some sort of vehicle for transportation – a car, a bicycle, a motorcycle, etc. These vehicles transport us safely from place to place and improve the quality of our lives. In order for these vehicles to operate reliably, we need to perform routine maintenance on them. We need to make sure they have enough fuel, that there is sufficient air in the tires, oil in the crankcase and that all the critical safety systems are functioning properly. We typically don’t trust our safety to rundown, neglected vehicles.
Just as we practice routine personal hygiene, proper pet care and routine maintenance on our vehicles, we need to practice proper cybersecurity hygiene on our home devices, networks and corporate devices . And what exactly is cybersecurity hygiene? Simply put, it’s the act of maintaining your Internet-connected devices in the securest state possible. This simple statement isn’t easily accomplished with a deeper understanding of the biggest risks to your personal and corporate devices.
Last week, we discussed on of the biggest cybersecurity issues we all face – improper password implementation and management. This is only one critical component of cybersecurity hygiene. Here are a few other areas that we will touch on:
- Maintaining Operating System and Firmware updates.
- Updating software installed on systems including browsers.
- Removing unnecessary software.
- Creating unique user accounts on devices shared with family members (excludes corporate devices).
- Validating software downloads.
- Using a VPN when connecting to untrusted networks.
- Use the strongest possible Wi-Fi authentication protocol.
So let’s go into a bit more detail on these key points.
Updating operating systems and firmware on your devices applies not only to computers but also other devices like mobile phones, tablets, streaming devices, doorbells, routers, and any other device that is connected to your home or corporate network that reaches out to the Internet. Updates ensure that the latest vendor patches and features are installed. Updates typically address known, exploitable security vulnerabilities. Patching reduces the attack surface and therefore lowers the risk of exploitation.
Updating installed software also accomplishes the same results. Bugs and vulnerabilities in software are routinely patched by the vendor. In addition, performance and functionality may be improved. If your devices software installed that you don’t use, its best to simply uninstall that software completely.
For devices that are used by multiple users, create unique accounts for each user and make sure that those accounts are not shared. And if a device contains sensitive data or access (like passwords, personal finance software, links to banking web sites, etc.), do not share that computer with untrusted users (meaning don’t let your children use that device to play games, do schoolwork, etc.). This never ends well. Children have a propensity to filter nothing and trust everything so beware! Corporate devices should never have shared accounts nor be accessed by other family members.
When downloading installation files from the Internet, be sure that you are getting the file from a trusted source. Reliable software sites will provide the file download link as well as an MD5 or SHA256 hash of the file. Remember, hashing is a function that produces a unique fixed length value for a given input – in this case the data in the installer file. To validate the integrity of a download, you can calculate the appropriate hash of the downloaded file and compare that hash to the hash published by the vendor. If they match, the file has not changed. If the hash does not match, the file has been changed and should not be trusted. This hash comparison process is called validation. Here is a link for Windows users: Check File Hash with PowerShell (Get-FileHash) – Active Directory Pro. Here is a link for macOS users: How to use checksums on Mac to verify app downloads – SecureMac.
Not all networks can be trusted. When traveling, the use of public Wi-Fi networks should be considered a high-risk endeavor. The simplest and safest method for protecting yourself when using untrusted networks is the use of a VPN (Virtual Private Network). A VPN is simply a secure tunnel that uses the connection as a conduit to a secure trusted endpoint. All data sent over a connection protected by a VPN is encrypted in transit between the device and the VPN endpoint and cannot be examined (snooped) by anyone on the same network. Provide all employees with access to Proton VPN or other VPN and encourage the use that on all devices including mobile devices, tablets and home devices if needed.
Finally, make sure that your home Wi-Fi network is configured to use the strongest possible authentication method. Older Wi-Fi routers only support WEP. A malicious actor can determine your Wi-Fi password in about 30 seconds if WEP is used. WPA was popular for a short time and upgraded to WPA2/PSK. The newest protocol is WPA3. If your home router does not support at least WPA2/PSK, it’s probably time to upgrade to a more modern device. Older authentication protocols are not secure and should not be used. Also, be sure to use a guest network when you have visitors and set that network to be isolated from your home network.
From a corporate perspective, IT Teams work to automate as many of these processes as possible, but we cannot automate everything. We expect employees to do their part in keeping their applications up-to-date and current. In addition, browsers should be restarted whenever a new version or update is pending. Devices should have the operating systems updated at the earliest convenient time. We need everyone to be our security feet on the street. We must work together to ensure that we are all doing our part to minimize risk and maintain our corporate devices in a state where we can accomplish our goals.
All this seems like a lot of work, but I assure you, practicing good cybersecurity hygiene routinely beats getting compromised, losing data or worse. Take 30 minutes a week, run through the list above and keep your devices in top security shape by practicing excellent cybersecurity hygiene! Thank you!
