However, nothing’s perfect. Remote working can leave the unwary open to new cybersecurity risks. Luckily, this can be avoided through good cyber hygiene - so let’s look at what this means and how you can start implementing it today.

What is cyber hygiene?

Cyber hygiene practices are the rules and routines that an organization needs to follow to protect against cyber incursion. Just as with personal or premises hygiene, the important thing is to treat it as an ongoing task, not a one-time thing.

Some of the key threats that cyber hygiene practices help guard against include:

- Security breaches from hackers, malware attacks, and viruses
- Data loss from drives that aren’t backed up or secure
- Increased risk due to outdated and vulnerable software
- Inadequate security software allowing breaches
- Privilege escalation through bugs, shared security credentials, or software exploits

These threats can operate individually or in orchestration. What is orchestration? This is where more than one system or process combines to achieve an outcome. In this case, an outcome we want very much to counter.

The best cyber hygiene practices

When implementing these best practices, there are two main things to consider. Firstly, you need to stay aware of developments in the cybersecurity field. That way, you can always be on top of the latest threats and the latest techniques to counter them, such as data clean rooms.

Secondly, you need buy-in from all your staff. Your business is only as secure as its weakest link.

With that in mind, here’s a great cyber hygiene checklist to follow:

1. Provide ongoing training
No matter how good your policies are, they’re useless if people don’t follow them. It’s vital to provide training - especially with remote staff as you can’t rely on water cooler moments to encourage the spread of a good cybersecurity culture. It’s on you to set out what’s required.

This training shouldn’t be a one-off, either. Good practice needs repetition, so regular and frequent refreshers are key. Repeat sessions also allow the inclusion of any updates, and can act as timely reminders for system updates or password changes.

2. Use a VPN
A virtual private network will protect you in two ways. Firstly, it encrypts all your communications. Secondly, it will conceal your IP address from those with no business knowing it. For these reasons, a VPN should definitely feature in your cyber hygiene practices, especially when an employee is using a public wifi space.

3. Use strong passwords
For many people, the act of having a password seems enough, regardless of what the password actually is. That’s why they’re often so easy to guess - and we’re not just talking about ‘Password’ or ‘12345’! Common choices like birthdays or variations on names are easy to guess. This is made even worse when the same password is repeated in multiple contexts.

It’s absolutely central to good cyber hygiene that everybody adheres to good password principles. These include creating complex passwords using at least eight characters and including numeric and special characters. Take a look at this Global Password Security Report for some recommendations on what to do (and what to avoid).

One way you can make things easier for staff needing remote access is to provide a password manager. This will help them store all the many and ever-changing passwords they have to use without having to remember them all themselves

4. Use multifactor authentication
This is an increasingly common means of ensuring greater security. It incorporates multiple levels of security - for instance, your password will trigger a text to your mobile device, giving you a single use code to enter in order to gain entry. Alternatively, it may use biometric information, which can be a great way to deter unauthorized access.

MFA means that even if one layer of security is breached, your data is safe. Plus, your staff should be trained to look out for alerts they didn’t cause, meaning you have a heads-up on potential attacks.

5. Use antivirus software and a firewall
With antivirus or anti-malware software, your devices can be constantly scanned to check for any harmful element that may have been inadvertently downloaded at any point. They can then isolate and/or remove the threat safely.

Alongside this, a firewall can monitor any ingoing and outgoing traffic, protecting you from authorized access, suspicious activity, and filtering out potential threats.

Be sure to use solutions software that can cope with your organizational structure, whether it be entirely cloud-based, on-premises, or a blend achieved through hybrid integration solutions. If your staff are using their personal devices - especially mobiles - make sure you enforce use of approved tools.

6. Update software regularly
Outdated software and operating systems can represent a highly vulnerable attack vector for cybercriminals. So, be careful to use software updates regularly. If you're using an SaaS option, your updates should deliver automatically. If not, then it will be down to you to ensure that you’re always using the latest version of whatever software you’re using.

One way to ensure your remote team does this is through mobile device management solutions (MDM). Your IT team can push updates out, rather than relying on everyone’s memory. This is particularly important for security patches.

7. Look out for phishing
Phishing attacks can be devastating. Sometimes they’re obviously suspicious, but many are clever and persuasive - they can even seem to be from a co-worker, which ups their apparent trustworthiness no end. The result is that the most alert employee can be duped by them.

This can lead to situations where you find yourself in the midst of a data breach or held to ransom. So, how to protect against ransomware and other phishing-driven attacks?

You can try to combat them by drumming into your staff never to click on anything that could possibly be dangerous, but danger is getting harder to spot every day. An email scanner is an invaluable help: it checks your incoming messages for any threats and makes sure that links and sources are legitimate. It does all this then warns of any possible suspicious links before an employee falls for a phishing attempt and unleashes hell.

8. Backup frequently
Backing up is one of those things that we all know we should be doing, but it’s easily forgotten. For this reason, automated backups are great - if your system software backs up your precious data without you having to remember it, and does so in the background while you’re working on something else, this is a big win.

If you have a good deal of unstructured data, you may be using a lakehouse architecture such as Delta Lake. For more information on storing data and backups, you can read this useful and free Delta Lake book.

9. Get rid of old data
Just like hygiene practices in a building will include the safe disposal of unwanted items, your cyber hygiene practices should include ridding your system of old data. This is an absolute must if you are retiring or selling off old devices.

You may think that a simple deleting trip through the drive will suffice. Unfortunately, cybercriminals may still be able to locate even deleted digital assets and gain access to potentially sensitive information. You need to use disc-swiping software that will not only delete everything but will rid the device of all traces of it.

10. Audit
Stay on top of the latest developments, and conduct regular security audits using up-to-date methods and items of software. Audits can be carried out by your remote employees, wherever they are, or you can bring in external help in the shape of cybersecurity experts.

Keep at it

So, you have a great roster of cyber hygiene practices that should get your business as cyber healthy as it can be. Just remember to be wary of the shifting security landscape - cybercriminals are always seeking ways around current practices.

Whatever you do to improve your security needs to be thorough and effective. And once it’s done, it has to be done again. And again. By keeping on top of it, you can stay ahead of the threats and ensure your business isn’t at risk.