You can edit almost every page by Creating an account. Otherwise, see the FAQ.

Cyber hygiene

From EverybodyWiki Bios & Wiki






Cyber hygiene or digital hygiene is a fundamental principle relating to information security and, as the analogy with personal hygiene shows, is the equivalent of establishing simple routine measures to minimise the risks from cyber threats. The assumption is that good cyber hygiene practices can give networked users another layer of protection, reducing the risk that one vulnerable node will be used to either mount attacks or compromise another node or network, especially from common cyberattacks.[1]

It can be thought of as an abstract list of tips or measures that have been demonstrated as having a positive effect on personal and/or collective digital security.

As opposed to a purely technology-based defense against threats, cyber hygiene mostly regards routine measures that are technically simple to implement and mostly dependent on discipline[2] or education[3]. As such, these measures can be performed by laypeople, not just security experts. Cyber hygiene should also not be mistaken for cyber defense, which is a military term.[4]

Term[edit]

Cyber hygiene relates to personal hygiene as computer viruses relate to biological viruses (or pathogens). However, while the term "computer virus" was coined almost simultaneously with the creation of the first working computer viruses[5], the term "cyber hygiene" is a much later invention, perhaps as late as 2000[6] by Internet pioneer Vint Cerf. It has since been adopted by the Congress[7] and Senate of the United States[8], the FBI[9], EU institutions[1] and heads of state.[4]

Issues[edit]

The FBI [10] has said that a lack of proper cyber hygiene may be a threat to democratic elections and thus, to democracy itself. The United States Department of Homeland Security indicated it was helping US states with cyber hygiene prior to the 2016 election[11], comparing it to "ensuring that windows in a home are properly closed," to use a non-hygiene related term. Poor cyber hygiene has been demonstrated as a cause for leaks of at least tens of millions personal records,[12] for example from the US governmental Office of Personnel Management, responsible for the records of civilian workers.

Poor cyber hygiene was also implicated as a leading cause for the Equifax data breach in 2017,[13] which resulted in a leak of the personal data of an estimated 143 million Americans. More specifically, it involved a known vulnerability with an available patch which was not applied to the software - even though automatic updates are some of the most-recommended security measures by security experts. [14] By some estimates[15], 80% of cyberattacks use vulnerabilities for which patches or fixes are already available and all in all, nearly 100% of all successful cyberattacks are avoidable through simple means[16], i.e. cyber hygiene.

"Our people need to be protected in the cyber world. The way they can be protected will never be technology, only technology. Yes, it will be technology, but it will also always be training and teaching. There is never getting away from that. I call it cyber hygiene. We have taught centuries ago our citizens to wash hands to stay safe, it's exactly the same today, in digital world, in digital services," said Kersti Kaljulaid, the president of Estonia, comparing the idea to personal hygiene.[17] Peeter Normak, a professor of informatics at Tallinn University, describes the term: "The word hygiene refers to a lifestyle that values cleanliness and is therefore a vital component of healthy living. A person abiding by the rules of hygiene is healthier and more favoured by his peers. Similarly, we could define digital hygiene as the purposeful and sustainable usage of digital devices. Digital hygiene means following a list of recommendations [...]"[18]

Recommendations[edit]

Security experts and non-experts currently tend to consider different practices to be effective cybersecurity measures. For example, non-experts report knowing that strong passwords are important, they de-emphasize using unique passwords, which is contrary to the recommendations of experts and research suggest that some expert advice is either unknown or not well understood by non-experts. [14] According to the same research, most expert recommendations regarding online security include:

  • Turning on automatic updates
  • Installing operating system updates
  • Being suspicious of links
  • Not entering passwords or links in e-mail
  • Not opening unknown attachments
  • Updating applications
  • Using unique passwords

However, on an organizational level, according to research by Carnegie Mellon University, such measures might be:[19]

  • Identify and prioritize key organizational services, products and their supporting assets.
  • Identify, prioritize, and respond to risks to the organization’s key services and products.
  • Establish an incident response plan.
  • Conduct cybersecurity education and awareness activities.
  • Establish network security and monitoring.
  • Control access based on least privilege and maintain the user access accounts.
  • Manage technology changes and use standardized secure configurations.
  • Implement controls to protect and recover data.
  • Prevent and monitor malware exposures.
  • Manage cyber risks associated with suppliers and external dependencies.
  • Perform cyber threat and vulnerability monitoring and remediation.

These lists are not exhaustive[20][21][22], but they share the trait of being being behaviour-centric, as opposed to technology-centric (though cyber hygiene can include using technological measures such as password managers). As technology progresses, so might the recommendations for digital hygiene.

Numerous measures have been taken to combat poor cyber hygiene. For example, Estonia implemented a cyber hygiene online training platform for all Estonian civil servants.[23] Poor cyber hygiene, combined with problems arising from social media, has been seen as a serious enough threat to the integrity of electoral processes to warrant a security initiative by Facebook aimed towards furthering knowledge of best practices for politicians and political parties.[24]

See also[edit]

References[edit]

  1. 1.0 1.1 "Cyber Hygiene — ENISA". Retrieved 2018-09-27.
  2. Kuchler, Hannah (2015-04-27). "Security execs call on companies to improve 'cyber hygiene'". Financial Times. Retrieved 2018-09-27. (Subscription required (help)). Cite uses deprecated parameter |subscription= (help)
  3. "From AI to Russia, Here's How Estonia's President Is Planning for the Future". WIRED. Retrieved 2018-09-28.
  4. 4.0 4.1 Kaljulaid, Kersti (2017-10-16). "President of the Republic at the Aftenposten's Technology Conference". Retrieved 2018-09-27.
  5. "Professor Len Adleman explains how he coined the term "computer virus"". WeLiveSecurity. 2017-11-01. Retrieved 2018-09-28.
  6. "Statement of Dr. Vinton G. Cerf". www.jec.senate.gov. Retrieved 2018-09-28.
  7. Anna, Eshoo, (2018-05-22). "Text - H.R.3010 - 115th Congress (2017-2018): Promoting Good Cyber Hygiene Act of 2017". www.congress.gov. Retrieved 2018-09-28.
  8. "Analysis | The Cybersecurity 202: Agencies struggling with basic cybersecurity despite Trump's pledge to prioritize it". Washington Post. Retrieved 2018-09-28.
  9. "Protected Voices". Federal Bureau of Investigation. Retrieved 2018-09-28.
  10. Kroll, Andy (2018-10-12). "Why Did So Few Campaigns Sign Up for the FBI's Cybersecurity Briefing?". Rolling Stone. Retrieved 2018-11-06.
  11. "States Ask Feds for Cybersecurity Scans Following Election Hacking Threats". www.govtech.com. Retrieved 2018-11-06.
  12. "Exclusive: What DHS and the FBI learned from the OPM breach -- FCW". FCW. Retrieved 2018-11-06.
  13. "How the biggest cyber security disasters could have been avoided". ComputerWeekly.com. Retrieved 2018-11-06.
  14. 14.0 14.1 Ion, Reeder, Consolvo (2015). ""...no one can hack my mind": Comparing Expert and Non-Expert Security Practices" (PDF). Retrieved 2018-09-27. line feed character in |title= at position 51 (help)CS1 maint: Multiple names: authors list (link)
  15. "Security Think Tank: Patching is vital and essentially a risk management exercise". ComputerWeekly.com. Retrieved 2018-11-06.
  16. Verizon. "2012 DATA BREACH INVESTIGATIONS REPORT" (PDF). Retrieved 2018-11-06. line feed character in |title= at position 17 (help)
  17. "President Kaljulaid at the Tallinn Digital Summit | President". president.ee. Retrieved 2018-09-28.
  18. "Peeter Normak: What is Digital Hygiene? | Tallinn University". www.tlu.ee. Retrieved 2018-09-28.
  19. "Cyber Hygiene: 11 Essential Practices". Software Engineering Institute | Carnegie Mellon University. NOVEMBER 15, 2017. Retrieved SEPTEMBER 27, 2018. Check date values in: |access-date=, |date= (help)
  20. Baguley, Joe (2018-09-28). "How Do You Secure a Constantly Changing IT Landscape?". Infosecurity Magazine. Retrieved 2018-09-28.
  21. Relations, Virginia Tech Advancement Division, University. "Bug Off: Digital hygiene tips from cybersecurity expert Eric Jardine | Virginia Tech Magazine". www.vtmag.vt.edu. Retrieved 2018-09-28.
  22. "11 Steps Toward Better Digital Hygiene - MediaShift". MediaShift. 2013-11-06. Retrieved 2018-09-28.
  23. "Estonia Implements CybExer Cyber Hygiene e-Learning Course to All Civil Servants". CYBEXER. Retrieved 2018-11-06.
  24. "Cyber Hygiene Guide - Politicians and Political Parties" (PDF). Retrieved 2018-11-06.


This article "Cyber hygiene" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Cyber hygiene. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.