Despite widespread belief in personal cybersecurity efforts, research reveals that fewer than half of people actually take necessary precautions against cyberattacks. How can you improve your digital safety practices?
By Anna Collard, senior vice-president: content strategy and evangelist at KnowBe4 Africa
Just like brushing your teeth or washing your hands regularly, cyber hygiene should be second nature to most of us – except that it is not. What most people think is sufficient will hardly protect you against the advanced nature of cybercrime, a constantly changing threat.
Cyber hygiene involves cultivating habits that keep your digital life healthy and secure. In our highly connected world, you want peace of mind so that you can prevent or quickly detect and fix problems with your devices. Cyber hygiene is crucial for individuals and organisations as it serves as the first line of defence against a wide range of cyber threats, including data breaches, malware, and phishing attacks.
Just like personal hygiene helps prevent illness, good cyber hygiene practices prevent security vulnerabilities from being exploited. For organisations, these habits reduce the risk of operational disruptions, reputational damage and financial losses because of cyberattacks.
Evolving threats need better defences
Unfortunately, what worked before is no longer sufficient because of the increasing complexity and sophistication of cyber threats. In the early days of the internet, simple antivirus software and password protection were often enough to prevent cyberattacks.
However, the digital landscape is now filled with advanced threats such as ransomware, deepfakes, AI enhanced phishing, and zero-day exploits – the latter leaving vendors no time to prepare patches as the vulnerabilities are exploited immediately upon discovery.
As more devices connect and remote work spreads, cybercriminals gain more entry points to exploit. This makes it essential for individuals and businesses to adopt more comprehensive, layered security measures, including multi-factor authentication, regular software updates and monitoring.
What makes strong cyber hygiene
Good cyber hygiene starts with antimalware software and regularly updating your software. Next, you need to use strong, unique passwords. Be deliberate about creating long, unique passwords for each account and use a password manager to store them securely. (Most password managers will generate strong passwords for you.)
Next, enable multi-factor authentication (MFA). Traditional MFA typically requires a password plus a second factor, such as a code sent to your phone via text or generated by an app. However, this method is vulnerable to phishing attacks, where someone tricks you into revealing your code.
Phishing-resistant MFA provides stronger protection by employing methods that are difficult to intercept or replicate, such as physical security keys or biometric authentication (fingerprints or facial recognition). With these methods, only you can log in, even if someone gets your password.
Lastly, be cautious about sharing personal information over the phone or online, especially on social media or unfamiliar websites. Combine this with regularly backing up your important files to a secure location, such as an external hard drive or a reputable cloud service, and your digital hygiene will be significantly improved.
What does poor digital hygiene look like? One of the laziest habits I’ve encountered is using the same password across all accounts – often something predictable like a pet’s name plus a birth year. While this might not be critical for news websites, it’s a major risk for important accounts. Your email, social media, work, and financial accounts truly require unique, strong passwords coupled with multi-factor authentication.
I once heard someone say they didn’t mind if cybercriminals hacked their email account because they “had nothing to hide”. This misses the point entirely. Not only can your email be used to reset passwords for your other accounts, but attackers can also exploit it to spread malware and launch attacks against people in your network who trust you.
What can organisations do?
Organisations can foster good cyber hygiene by building a culture of security awareness through regular training and communication.
Key strategies include ongoing security awareness training to help employees recognise threats like phishing and social engineering, establishing clear policies on online behaviour and data handling, and leading by example through managers’ adherence to security practices.
Regular drills, such as simulated phishing, incentives for compliance and personalising the benefits of cybersecurity, will further encourage strong, consistent participation.