Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
To maintain good cybersecurity hygiene, individuals and organizations should follow a cybersecurity hygiene checklist that outlines best practices to keep themselves protected, such as regularly backing up data, keeping software up to date and using strong passwords.
Continue reading to learn more about how you or your organization can strengthen your cybersecurity hygiene in 2024.
What is cybersecurity hygiene?
Cybersecurity hygiene, also known as cyber hygiene, refers to the cybersecurity best practices organizations and individuals should follow to stay protected against common cyber threats such as data breaches, password attacks and social engineering. Having good cyber hygiene significantly reduces an individual’s and organization’s attack surface, reducing the risk of suffering a cyber attack.
Cybersecurity hygiene checklist for individuals
Here’s a cybersecurity hygiene checklist individuals should follow.
Regularly back up your data
Ensuring your data is regularly backed up prevents you from losing your data in the event your device is lost, damaged, stolen or compromised. When backing up your data, make sure that your most sensitive data is encrypted so it can’t be stolen, read or altered by unauthorized individuals. Consider backing up your data in an encrypted, cloud-based software application like a password manager. While password managers were originally designed to help users create and securely store passwords, many password managers have started offering more features like secure file storage.
Keep your software up to date
In addition to regularly backing up your data, you’ll also want to ensure that your software, devices and applications are always up to date. When new software updates become available, download them immediately. Postponing software updates opens up a back door for cybercriminals to exploit since security vulnerabilities are left unpatched. If you haven’t already, enable automatic updates on all of your devices so they always remain up to date. However, be sure to check for updates manually as sometimes automatic updates don’t download if your device has a low battery or isn’t connected to the internet.
Use passkeys when available
Passkeys are a passwordless authentication technology that enables users to log in to accounts without having to enter a password. Instead, users authenticate using the same method they unlock their devices, such as through biometric authentication or entering a PIN. Passkeys are tied to the devices they’re created on, making them much more secure than passwords. If you’re given the option to use passkeys as a sign-in method on your online accounts, set them up.
To see which websites and applications currently support passkeys as a sign-in method, check out our Passkeys Directory.
Use strong and unique passwords for every account
When passkeys aren’t an option, creating strong passwords will help protect your online accounts. The best way to ensure each of your passwords is strong and unique is to use a password manager. Password managers don’t only help you create strong passwords, but they also securely store them so you don’t have to worry about remembering them yourself.
Enable MFA for every account
Strong passwords aren’t enough to protect your online accounts from compromise. In addition to securing your accounts with strong passwords, you should also enable Multi-Factor Authentication (MFA). MFA can block over 99.9% of account compromise attacks, making it an important security measure to implement to keep your accounts safe. If you decide to use a passkey as a sign-in method, you won’t have to worry about enabling MFA since passkeys support Two-Factor Authentication (2FA) by design.
Avoid oversharing on social media
Many people tend to overshare on social media without knowing the harm they could be causing to themselves. Avoid oversharing on social media as much as possible. For example, don’t post your current location because it places you in physical danger. Also, avoid sharing too many details about your personal life as it can be used by cybercriminals to launch targeted phishing attacks. Another way to keep yourself protected online is by setting your social media to private and only accepting friend and follow requests from people you know.
Install antivirus software
Antivirus software is a program you install on your computer that prevents, detects and removes known viruses and malware before they can infect it. Having antivirus software installed on your computer can make all the difference in keeping your data and accounts safe from being compromised.
Cybersecurity hygiene checklist for organizations
Here’s a cybersecurity hygiene checklist organizations should follow.
Use strong access controls
Having strong access controls on organizational resources helps protect them from misuse by employees and mitigates the risk of unauthorized access. The best way to implement strong access controls is by following the Principle of Least Privilege (PoLP). PoLP is a cybersecurity concept that emphasizes that employees should only be given access to the resources and data they need to perform their job duties, not more and not less.
A Privileged Access Management (PAM) solution can make it easier for organizations to implement PoLP by providing IT admins with a way to monitor privileged account access and activity closely.
Provide employees with regular cybersecurity training
Employees are often an organization’s weakest link when it comes to cybersecurity. According to the 2024 Verizon Data Breach Investigations Report, the human element made up 68% of data breaches from November 1, 2022, to October 31, 2023. To keep organizations safe from common cyber threats, employees need to be provided with cybersecurity awareness training so they can learn to better spot cyber threats like phishing. Organizations also need to make employees aware of cybersecurity best practices such as using strong passwords, avoiding clicking on suspicious links and attachments, how to securely share sensitive information and so on. The better-prepared employees are, the more secure your organization is.
Use a business password manager
Business password managers make it easy for IT admins to see the scope of their organization’s password security. With a business password manager, IT admins have complete visibility and control over employee password practices. Some additional benefits of organizations investing in a business password manager include the following:
- Ability to enforce password policies efficiently
- Aids in implementing Role-Based Access Controls (RBAC)
- Enables secure password sharing between team members
- Simplifies and secures employee onboarding and offboarding
- Monitors the dark web for leaked credentials and sends alerts
- Provides secure file storage and sharing
Perform regular data backups
Just like individuals, organizations should regularly back up data. However, for organizations, backing up data is a little more complex. Organizations should have multiple backups just in case one fails. To ensure backed-up data is secure, encrypt everything. Encryption will help keep unauthorized individuals from being able to access it.
Monitor your organization’s network
In addition to the above, organizations should regularly monitor their network for suspicious activity by using network monitoring tools. Additionally, organizations should segment their networks. Segmenting your organization’s network not only makes it easier to monitor but also helps prevent threat actors from moving laterally throughout your network if they gain access to it.
Maintain good cybersecurity hygiene to stay safe from cyber attacks
The stronger you or your organization’s cybersecurity hygiene is, the less likely you are to suffer a data breach that can cause irreversible damage. While some cybersecurity best practices can be easily implemented through security training, others require that you invest in solutions to make their implementation seamless. For example, to implement the use of strong passwords for every single online account, a password manager will be needed to help create those strong passwords and securely store them.
Curious to see how a password manager can help you or your organization maintain good cybersecurity hygiene? Find out which Keeper plan is right for you.