What Is Cyber Hygiene? 10 Easy Habits For Online Safety

Share this:

J.R. Tietsort

Chief Information Security Officer at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Are You Practicing Good Cyber Hygiene?

    Your digital life needs regular care to stay healthy and safe. Unfortunately, few people do enough to protect their online presence from scams and threats. 

    According to the FBI, the number of victims who fall prey to internet scams has tripled in the past five years, with people around the globe losing more than $18.7 billion to scammers [*]. 

    Cybercriminals use a range of techniques to steal your personal information, gain access to your financial accounts, trick you into sending them money, and infect your devices with malware. And the threat landscape for online scams has only gotten worse since the start of the COVID-19 pandemic [*].

    You don’t want to wait for the worst to happen before you act. Instead, practicing cyber hygiene is one of the best ways to keep you and your family safe from online scammers. 

    Cyber hygiene comprises a set of practices, habits, and tools that you can use to maintain your online security and privacy. But what constitutes a good cyber hygiene routine? 

    In this guide, we’ll explain how you can build a regular cyber hygiene regimen and strengthen your digital security through simple, daily actions. 

    What Is Cyber Hygiene? 

    Basic cyber hygiene includes practices that you, your family, or your organization can adopt to increase your digital security.  

    The goal of cyber hygiene is to minimize cybersecurity risks and make you less of a target for scammers. Sadly, hackers and scammers have millions of potential targets. But if they see that you’ve employed even a basic cybersecurity framework, they’re more likely to move on to someone else.

    Cyber hygiene isn’t something that you can practice now and then. Rather, it includes habits and routines that you must perform regularly. 

    Like diet, exercise, and personal hygiene regimens help protect your physical well-being, a daily digital wellness routine keeps your online life healthy. If you only brush your teeth once a month, you’ll end up with serious (and expensive) dental issues in the future. In the same way, poor cyber hygiene — such as only occasionally updating passwords or backing up data — can lead to disastrous consequences. 

    Take action: If you think hackers or scammers have you personal information, your bank account, email, and identity could be at risk. Try Aura’s identity theft protection free for 14 days to secure your identity and finances against scammers.

    Why Is Cyber Hygiene Important?   

    By practicing good cyber hygiene, you reduce the risk of being caught in a scammer's web. 

    For example, cyber hygiene can help to:

    • Keep your online and banking accounts safe from scammers.
    • Protect you from financial losses associated with identity theft.
    • Keep your data, sensitive photos, and videos safe.
    • Prevent data breaches and business email compromises.
    • Safeguard your web browsers and Wi-Fi networks from man-in-the-middle (MITM) attacks.
    • Prevent or reduce the effectiveness of ransomware.
    • Protect your devices from hackers and viruses.

    Related: How Do Data Breaches Happen? What Can You Do About Them?

    What Parts of Your Digital Life Need “Cleaning”? 

    Every year we add new devices and accounts to our digital repertoire. At the same time, the sophistication of scams and malware increases. To stay on top of these threats, a cyber hygiene routine needs to address: 

    • Account security: Are your passwords and accounts safe? Have your credentials been leaked in a recent data breach
    • Software and operating system updates: Are your devices up to date? Hackers use vulnerabilities in outdated software to hack you. 
    • Data protection: Are your data and hard drives encrypted so that hackers can’t gain access to them?
    • Computer backups: Do you have recent backups of your files in case of a digital security incident?  
    • Device and network protection: Are you using antivirus software and a virtual private network (VPN) to protect you from viruses and hacking?
    • Email security: Are your email spam filters up to date? Email is one of the main entry points through which scammers will target you.
    • Your digital footprint: How much of your personal information is freely available to scammers online? Fraudsters use social media and other parts of your online footprint to learn more about you.

    Do hackers have your passwords already? Aura’s free leaked password scanner will tell you which of your accounts have been compromised in data breaches or are vulnerable to hacking.

    Aura's free leaked password scanner

    The 10 Essential Elements of a Good Cyber Hygiene Routine

    1. Update your passwords to be more secure and unique
    2. Enable two-factor authentication (2FA) on all of your accounts
    3. Download antivirus software, and regularly scan for malware
    4. Back up your data at regular intervals
    5. Enable auto-updates on your software and operating systems
    6. Remove your personal information from social media
    7. Encrypt your data
    8. Secure your home or business Wi-Fi networks from hackers
    9. Stay up to date with online threats (and know how to spot a scammer)
    10. Wipe your devices and hard drives before donating or recycling them

    Here’s how you can follow 10 cyber hygiene best practices to ensure that you and your data remain safe online.

    1. Update your passwords to be more secure and unique

    Your passwords are often the only thing standing between scammers and your accounts. Using strong, secure, and unique passwords needs to be an essential part of your cyber hygiene routine.

    Here’s what to do:
    • Use passwords that combine upper and lowercase letters, numbers, and symbols. The more possible characters in your password, the harder it is to guess. Avoid putting specific symbols in a pattern (such as “!!!” or replacing “E” with “3”). Password-guessing programs are usually designed to test these types of sequences. The best password makes sense only to you.
    • Aim for 12-15 characters. The longer your password is, the harder it is to crack with a brute-force attack (which occurs when scammers use software that tests common passwords and combinations). In fact, it’s more important to have a long password than a complex password. A strong password with 12 characters is extremely difficult to crack.
    • Never use personal information. Avoid using information like names, addresses, and birthdays in your password. These are very easy for people to guess.
    • Never use the same password for two accounts. If one of your accounts gets compromised in a data breach, any account with the same password is also compromised. If you find it hard to remember all of your passwords, use a quality password manager like the one included with every Aura plan.
    Aura identity theft protection
    Aura’s all-in-one digital security solution can alert you if your password is compromised or easily cracked. Learn more about Aura’s identity theft protection

    2. Enable two-factor authentication (2FA) on all of your accounts

    You might have the strongest password in the world, but it can still be hacked, leaked, or phished. 2FA adds an additional layer of security by requiring a one-time-use code along with your password. This means that even if hackers have your password, they can’t gain access to your accounts. 

    Here’s what to do:
    • Enable 2FA on all accounts that support it. Enabling 2FA functionality will require you to submit a code alongside your password when signing in. Here’s a list of all apps and sites that support 2FA.
    • Choose an authenticator app over SMS. By default, 2FA codes will often be sent to either your phone or email account. But hackers have ways to intercept your text messages and hack into your email to get 2FA codes. So instead, use an authenticator app like Google Authenticator or Authy.
    • Use multi-factor authentication (MFA) for high-risk accounts. Multi-factor authentication uses biometrics — such as your fingerprint or Face ID — as added security. Use MFA for bank accounts and similarly important sign-ins.

    Related: Can Someone Hack Your Phone With Just Your Phone Number?

    3. Download antivirus software, and regularly scan for malware

    Antivirus software detects and neutralizes malicious software on your devices, including viruses and malware. At a bare minimum, you should protect your devices with antivirus.

    Here’s what to do:
    • Ensure your native security software is enabled. Many devices come with built-in antivirus software and security controls. This software acts as the first line of defense against malware, so make sure it’s active. 
    • Install a third-party antivirus. Aura’s high-quality antivirus will catch any malware that slips past your native security software. Aura can also warn you if you’re entering a potential phishing site or if your passwords have been compromised in a data breach.
    • Scan for malware regularly. Most antivirus software will allow you to set up a regular, automatic scan (for example, once a day). Ensure that you also set it up to scan all new files, including those that are downloaded from the Internet or storage devices. 
    Aura online security
    Aura’s digital security suite includes powerful antivirus software and a VPN to keep your network safe from scammers. Learn more about how Aura protects your digital life →

    4. Back up your data at regular intervals

    Data backups ensure that you can always restore files in the event of data loss after a security issue.  On Apple devices, you can use Time Machine to regularly back up your data, while Windows users can back up with File History.

    Here’s what to do:
    • Set a backup schedule. Depending on the importance of your files, you may wish to back up your data daily, weekly, or monthly. 
    • Always back up data to a separate location. Common backup storage solutions include removable media and external hard drives. Backing up in a second (and third) location ensures that device failure or hacks won’t compromise your data.
    • Use cloud storage or backup services. Cloud storage is becoming cheaper by the year and offers a great alternative to physical storage devices. Likewise, if your data is particularly sensitive, there are services that will ensure (for a fee) that your data is safe.

    Related: Have I Been Hacked? How To Recognize and Recover From a Hack

    5. Enable auto-updates on your software and operating system

    Malware is often designed to take advantage of out-of-date software. Keeping your devices and software updated means that you’ll always have the latest security patches to protect you against new cyber threats.

    Here’s what to do:
    • Enable automatic software updates. This includes your operating system (whether it’s a mobile device, Windows, macOS, or otherwise), drivers, and key security software such as your antivirus.
    • Let apps notify you of updates. For software that doesn’t perform auto-updates, allow the apps to notify you of updates so that you can install them as required.

    6. Remove your personal information from social media

    Seemingly harmless personal information on social media can become dangerous in the wrong hands. The more information a malicious actor has, the easier it is to impersonate you or design phishing attacks to gain access to your accounts. 

    cases of social media identity theft 2019–2021
    Social media identity theft has been on the rise for years. Source: Consumer Affairs
    Here’s what to do:
    • Update your privacy settings. Social media websites like Facebook give you the option to limit who can see your posts, activity, and personal information. It’s best to keep your privacy settings and permissions strict (i.e., visible only to friends or custom-created viewer lists). 
    • Delete all identifiable information from your public social media accounts. Basic information like your birth date, family members’ names, phone number, and place of birth can make you vulnerable to threats including social media identity theft, blackmailing, and stalking.
    • Turn off location services. Social media sites will often geo-tag you in photos or posts (allowing people to see where you are). Scammers use this information to target you and even pinpoint when you’re not at home. 
    Take action: If you accidentally give scammers your personal data (or its leaked in a breach), they could take out loans in your name or empty your bank account. Try an identity theft protection service to monitor your finances and alert you to fraud.

    7. Encrypt your data

    Data encryption protects your data by encoding it with complicated algorithms. This means that even if someone steals your files, they won’t be able to access them. 

    Here’s what to do:
    • Encrypt devices that contain sensitive data. This includes any laptops, PCs, smartphones, hard drives, and backups. Encryption will help prevent your data from falling into the wrong hands. Here’s how to encrypt your Mac or Windows computer.
    • Use an encrypted file sharing solution. Unencrypted files sent by email are vulnerable to interception. With email data encryption, even if your files are stolen, they remain inaccessible. You can encrypt emails in Gmail, Outlook, and iOS. For other email providers, you’ll need a third-party tool. 

    8. Secure your home or business Wi-Fi networks from hackers

    If hackers bypass your network security, they are able to access any connected devices, including your computer, smartphone, and smart devices. This means that they can easily steal your data or infect your devices with malware.

    Here’s what to do:
    • Use a virtual private network (VPN) to protect your Wi-Fi network. Aura’s military-grade VPN encrypts all of the data on your network so that hackers and scammers can’t access it.
    • Use Wi-Fi Protected Access 2 (WPA2) encryption. WPA2 ensures that data sent and received over your wireless network is encrypted, and only those with the network password can access it. Check to make sure that WPA2 is enabled in your router settings. 
    • Change your Wi-Fi passwords regularly. Changing your Wi-Fi passwords once or twice a year (or as soon as you see an unknown device connect to your Wi-Fi) prevents unwanted people from gaining access to your network. 
    Aura VPN
    Aura’s VPN ensures that your online activities aren’t visible to hackers and scammers. Learn more about Aura’s VPN

    9. Stay up to date with online threats (and know how to spot a scammer)

    Failing to stay up to date with cyber security threats puts you at risk. Learning what threats you face and how to identify scammers is essential to good cyber hygiene. 

    Here’s what to do:
    • Regularly check for data leaks and security breaches. Hackers constantly gain access to website databases and leak user passwords on a massive scale. Check if your password has been leaked; and if so, update it immediately. 
    • Learn the signs of phishing attacks. Scammers will often pose as trusted organizations to trick you into giving them sensitive information. By learning what scam emails look like, you reduce your chances of falling victim. 

    Related: How To Tell If Someone Is Scamming You Online (With Real Examples)

    10. Wipe your devices and hard drives before donating or recycling them

    If you just upgraded your home PC and are going to donate your old one, wipe your hard drives to prevent any chance of sensitive information falling into the wrong hands.

    Here’s what to do:
    • Securely wipe your hard drives. Simply deleting data doesn’t make it unrecoverable. To securely wipe your hard disk drives (HDDs), use drive eraser software like DBAN to overwrite your hard disk multiple times. For solid-state drives (SSDs), use the manufacturer’s SSD sanitization tools.
    • Factory reset your smartphones. Before donating or recycling your phone, perform a factory reset so that all of your personal information, accounts, and data are deleted.

    Don’t Have Time To Maintain Your Digital Security? Do This!

    A secure cyber hygiene routine can seem like a lot of work. And it is. 

    But without maintaining daily digital security, you put yourself, your family, and your business at risk of identity theft, fraud, and hacking. 

    Aura’s digital security system automates your cyber hygiene routine — and takes the work out of staying safe online. Here’s how:

    A password manager to protect your accounts

    Aura’s password manager helps secure your accounts with strong, unique passwords that you don’t need to worry about forgetting. For added security, Aura’s identity theft protection service monitors compromised data, and alerts you if your passwords have been leaked to the Dark Web.

    Antivirus software to keep your devices safe from malware

    All Aura plans come with a powerful antivirus that actively detects and removes malware, spyware, ransomware, and adware to protect your devices. Aura also provides a virtual private network (VPN) to protect your personal data, and automatically alerts you if you’re about to enter a malicious website.

    Credit monitoring to make sure your financial accounts are secure

    Aura’s Financial Fraud and Credit Protection service uses credit monitoring, Experian credit lock, and advanced financial tools to protect your assets online. Aura alerts you in near real-time if someone is trying to open a new account in your name, or if suspicious changes occur in your existing accounts. 

    $1,000,000 in insurance coverage if the worst should happen

    Every adult on an Aura plan is covered by $1,000,000 in insurance for eligible losses due to identity theft. If the worst should happen and a scammer slips past your defenses, you can rest easy knowing you’re covered.

    Aura 24/7 support
    Aura’s White Glove Fraud Resolution specialists are available 24/7 to help. Learn more about how Aura keeps you and your family safe →

    Related: What Is Identity Theft Insurance? Do You Really Need It?

    The Bottom Line: Cyber Hygiene is Essential

    With the rising threat of cyber attacks, it’s more important than ever to take care of your cyber hygiene. 

    Unfortunately, not everyone has the time to design and maintain a digital wellness routine. To automate your cybersecurity hygiene and protect yourself against cybercriminals, hackers, and identity theft, try Aura’s all-in-one security solution today. 

    Sign up for identity theft, credit protection with Aura and save up to 50% →

    Related Articles

    how do scammers steal credit card numbers

    14 New Ways Scammers Can Steal Your Credit Card Numbers

    How do people steal credit card numbers? And is your card at risk? Learn the top ways scammers get access to your credit card and how you can protect it.

    Read More
    August 31, 2022
    how to know if your identity has been stolen
    Identity Theft

    Here's How To Know If Your Identity Has Been Stolen

    Nearly 50% of Americans have experienced identity theft. Here's how to find out if someone has stolen your identity.

    Read More
    September 26, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers