If you’re interested in digital privacy, you’ll almost certainly have heard the term “cyber hygiene” before. After all, research shows that poor cyber hygiene is the cause of most cyberattacks, and governments around the world are constantly striving to improve cyber hygiene in schools, hospitals, and their own administrations.
But what exactly does cyber hygiene mean? We explain the definition in this post, share some examples of good practices, and highlight the risks of poor digital hygiene.
Simple explanation: What is cyber hygiene?
“Cyber hygiene” is an umbrella term for the day-to-day actions we take to keep our online accounts and digital devices safe. The exact origin isn’t clear, though many attribute the phrase to one of the pioneers of the early internet, Vint Cerf. Allegedly, they were inspired by the metaphor of brushing one’s teeth; regularly taking small preventative actions to ward off larger, unwanted consequences.
If you’ve been following the steps in our jargon-free guide to computer security, then you’re already on the right track. Good cyber hygiene habits include things like making sure you use a different password for each website, activating two-factor authentication whenever possible, and knowing how to spot some of the most common online scams. Of course, the online landscape is always changing, so keep abreast of developing threats and how to protect yourself.
ENHANCE YOUR ONLINE PRIVACY USING A VPN
NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use our top-rated VPN with no restrictions for a month—great if you’re new to VPNs and want to see what all the fuss is about before you commit.
There are no hidden terms—just contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.
A brief rundown of strong cyber hygiene practices
Unfortunately, it’s impossible to be completely protected from every online threat. But a few simple steps can drastically reduce your exposure and limit the impact if your devices or accounts are compromised. We cover some of the most important actions you can take below:
- Use unique passwords that include numbers, mixed-case letters, and symbols (and change these periodically)
- Enable two-factor authentication (2FA) on any accounts that support it
- Make sure your apps and operating system are up to date. Older versions might have vulnerabilities that can be used against you
- Run regular virus scans to find and remove malware as quickly as possible
- Back up important files just in case your hard drive fails or is locked by ransomware
- Stop using the default password on your router, security camera, and any other internet-connected devices
- Educate yourself about online threats such as phishing and scams
- Think carefully about what you post online; it may be possible for attackers to find your location and personal details using information contained in your posts and photos
- Try to avoid using public or unsecured networks where possible. If you have to rely on these, make sure to connect to a VPN first.
- Don’t log into anything important (like your online banking app) on a shared device
- Be aware of your surroundings and make sure you lock your device before stepping away, even if it’s only for a minute.
The impact of poor digital hygiene
This might all seem like a lot of work, but it’s important to remember that these actions make a huge difference to your digital security. To illustrate this, let’s picture a few different scenarios featuring two people, one with good cyber hygiene practices (Anna) and one with bad habits (Bob).
Scenario 1: Using a compromised coffee shop wifi hotspot
In this scenario, a hacker has gained control over a popular coffee shop’s wifi network with the goal of stealing people’s login credentials and banking information. The coffee shop owner never changed their wi-fi router’s default password, making it an easy target.
Anna knows that people have suffered data breaches as a result of public wifi, so she connects to their VPN beforehand and chooses a spot in the cafe where they can browse the web without anyone else seeing their screen. Because of the VPN’s encryption, even though the wifi network is compromised, the hacker can’t see what Anna does online.
Bob, meanwhile, connects directly to the compromised network and immediately goes to Facebook in full view of several other people. The compromised router redirects him to a phishing site that looks like a Facebook login page. He tries to log in and ends up sending his account username and password to the hacker, and potentially allows anyone standing nearby to sneak a peek at his password.
Scenario 2: Receiving a suspicious email
This time, Anna and Bob both receive an email that says they’ve won a prize and to open an attached file for more details.
Anna has been reading about common online scams and immediately realizes that the attached file is probably a virus. They block the sender, report the email as a scam, and move on with their day.
Bob falls for the trick and opens the attachment. As he doesn’t have an antivirus installed, this attachment immediately infects his computer with ransomware and prevents him from doing anything until he pays a large sum of money. Unfortunately, Bob hasn’t backed up any of his files and believes paying the hacker is his only way to get them back. He sends the money and does not receive the decryption key needed to remove the ransomware, leaving him out of pocket and likely to be viewed as a lucrative target for more attacks in the future.
Scenario 3: Suspicious login attempts
Anna and Bob keep getting emails saying that someone is attempting to log into one of their accounts from a new location or an unrecognized device.
Anna knows that their password meets industry security requirements, meaning it can’t realistically be cracked in a reasonable timeframe. They also use different passwords for every service, so even if an attacker cracked one password, they can’t use this to log into other websites. To further reduce the chance of anyone malicious being able to log in successfully, Anna activates two-factor authentication wherever possible.
Bob, meanwhile, uses the same insecure password for all of their accounts. Not only is an attacker able to guess this password and access the account they wanted, they’re also able to compromise various other accounts using the same credentials. Worst of all, since Bob doesn’t monitor login attempts or have 2FA enabled, they are never even aware that their accounts have been breached.
Cyber hygiene FAQs
Will good cyber hygiene completely protect me from hackers?
Good cyber hygiene can greatly reduce the number of avenues for cyberattacks and make you a significantly less appealing target. What’s more, the steps we typically recommend to anyone looking to strengthen their cybersecurity generally only take a few minutes, meaning there’s no excuse for putting them off.
Even if you take all the steps to protect yourself, however, you are not the only party involved. The device makers and online services we use must also do their part to ensure they’re secure. Sometimes they fall short in the form of data breaches and zero-day vulnerabilities over which you as the end user have very little control.
Where can I learn about best practices for cyber hygiene?
If you’re trying to better understand how to secure your devices and lower your digital risk profile, we’d suggest starting with our guide to cybersecurity for remote workers. While this was designed with freelancers in mind, most of it applies to the average person too. We’ve also created an extensive list of trusted sources with beginner-level cybersecurity advice and tutorials in case you’re interested in learning more.
