Habits to be safe online (cyber hygiene)

Cyber hygiene, or habits to be safe online, is related to the practices and steps that computer or device users do to maintain information safety and improve online security. These practices are often part of a routine to ensure the security of identity and other information that could be stolen or harmed.

Cyber hygiene in healthcare

Medical practitioners are familiar with the importance of healthy habits to maintain good health and reduce the risk of disease or infection. However, the same is true for information systems – they must be properly operated so that they will continue to function properly and reliably. This has to occur in a way that respects the relevance and sensitive nature of the information used within them. As with any health intervention, simple measures go a long way.

See ENISA’s webpage on Health Critical Information Infrastructures and Services for more information: https://www.enisa.europa.eu/topics/critical-information-infrastructures-and-services/health

Steps to improve cyber hygiene

1. Clean desk

Sensitive information on a desk such as sticky notes, papers and printouts can easily be taken by thieving hands and seen by intrusive eyes. All sensitive and confidential information should be removed from the desk.

2. Secure portable devices

Because devices may be used in places where it can be visible by others, extra care must be taken by the user to prevent unwanted viewing of the electronic health information displayed on a laptop or handheld device..

• Health Information on mobile devices have to be encrypted.
• Connections between authorized mobile devices and Electronic Health Records have to be encrypted.

3. Update software regularly

Typical computer infections show these symptoms: system will not start normally, system crashes for no obvious reason, internet browser directs you to unwanted web pages, anti-virus software appears to be disabled, many advertisements pop up on the screen, the user cannot control the mouse.

• All staff members have to know how to recognize possible symptoms of viruses or malware on their computers.
• Anti-virus software is installed and operating effectively on each computer in compliance with recommendations.
• Systems and applications are updated or patched regularly as recommended by the manufacturer.

4. Change passwords regularly

Strong passwords are ones that are not easily guessed. Since attackers may use automated methods to try to guess a password, it is important to choose a password that does not have characteristics that could make it vulnerable.

• Each staff member has a unique username and password.
• Passwords are changed routinely. Passwords are not re-used.

5. Email spam

Email spam refers to the use of an email system to send unsolicited emails especially advertising emails to a group of recipients. Unsolicited emails mean the recipient did not grant permission for receiving those emails.

• Do not trust unsolicited emails.
• Do not send any funds to people who request them by email, especially not before checking with leadership.
• Do not click on unknown links in email messages.
• Beware of email attachments. If you get one from what looks like a friend, contact them to ensure that they sent it.

6. Social networking

Users do not to provide their credentials or login information to unknown sites or sites that are similar to the original one. For example, the user must carefully see the difference between www.google.com and www.gooogle.com.

7. Phishing attacks

Phishing is a type of social engineering attacks often used to steal user data, including login credentials and credit card numbers. It occurs when a hacker, masked as a trusted entity, defrauds a victim into opening an email, instant message, or text message.

• Users must be aware of phishing attacks and learn not to open malicious attachments or click on suspicious links. 
• Disable pop-up windows, as they invite risks.
• Users should keep from installing software programs from unknown sources, especially links infected with malware. Many websites offer free Internet security programs that infect your system rather than protecting it.

You can find more information on good cyber hygiene practices through this link: https://www.sentinelone.com/blog/practice-these-10-basic-cyber-hygiene-tips-for-risk-mitigation/

Further reading

• Good cyber hygiene habits to help stay safe online: https://us.norton.com/internetsecurity-how-to-good-cyber-hygiene.html
• CyberSecurity FAQ – What is cyber hygiene?: https://cybersecurityforum.com/cybersecurity-faq/what-is-cyber-hygiene.html

Literature

ENISA, “Review of Cyber Hygiene practices”, 2016.

ENISA, “Smart Hospitals – Security and Resilience for Smart Health Service and Infrastructures”, 2016. 

A.A. Cain, et al., “An exploratory study of cyber hygiene behaviors and knowledge”, Jour. Inf. Sec. and App., 42, 2018. 

2016. Ayala, “Cybersecurity for Hospitals and Healthcare Facilities: A Guide to Detection and Prevention”, Apress, 2016.