Cyber hygiene is the establishment and maintenance of an individual's online safety. It is the online analogue of personal hygiene, and encapsulates the daily routines, occasional checks and general behaviours required to maintain a user's online "health" (security). This would typically include (but is not limited to): using a firewall, updating virus definitions, running security scans, selecting and maintaining passwords (and other entry systems), updating software, backing-up data and securing personal data.
A key aspect of cyber hygiene is that it relates to an individual, rather than a group or an organisation. Cyber hygiene is the responsibility of the individual, not the organisation (although corporate policies relating to cyber security may impinge on an individual's cyber hygiene). Cyber hygiene is distinct from cyber security. One (cyber hygiene) is the responsibility of an individual, and applies to all of their online activities, while the other (cyber security) is the responsibility of a group or organisation, and applies to their professional activities only.
Cyber hygiene is linked to cyber security since poor cyber hygiene will adversely affect an organisation's cyber security and, conversely, strong (or weak) cyber security policies and procedures may improve (or lower) an individual's cyber hygiene.
A cyber resilient organisation is one that has robust cyber security policies and systems, and whose members have good cyber hygiene. The absence of either (low organisational cyber security or poor personal cyber hygiene) will adversely affect an organisation's cyber resilience.
Cyber hygiene is subjective. Although very poor, or very good, cyber hygiene is self-evident, what is considered acceptable cyber hygiene may vary from person to person.
A person with good cyber hygiene will: select and maintain high quality passwords, install and maintain security software on the digital devices, keep their virus definitions up-to-date, run regular security scans on their digital devices, adhere to cyber security policies, protect their personal data, and avoid potential sources of infection. A person with low cyber hygiene may fail to observe one or more of these behaviours, such as not routinely updating their virus definitions or using online services that are known sources of malware.
Improving cyber hygiene requires training and education.It needs to begin with educating everyone about the risks of their online actions. This must start early during the people's formative years because most children get poor cyber habits early in their lives. Improving hygiene also requires better training for people to improve their ability to detect online fraud. Such training must focus on making people aware of online safety protocols, safe browsing practices, secure password creation and storage, and on procedures for sequestering and reporting suspicious activity. At its core developing better cyber hygiene requires us to replace poor cyber habits with smarter habits.