The cyber hygiene test: how clean are you?

When was the last time you cleaned your teeth? How long ago did you have a shower? Did you put clean underwear on this morning?

There’s a good chance the answers to these questions are: this morning, less than 24 hours ago, yes. Personal hygiene is something that most of us take care of without a second thought.

And, with Cyber Security Month in full swing, cyber security experts are now arguing that cyber hygiene – aka protecting your online activities – should be seen as just as important.

So how cyber hygienic are you and/or your business?

Take this two-minute quiz to find out….

Q1: Have you ever used a food, a sport, or an animal as part of your password?

Q2: Have you ever used the same password for more than one account sign in eg for your email and for your Zoom account?

Q3: When was the last time you or your business backed up your data?

Q4: How many times do you ignore a software update notification before you give in and go through the update?

Q5: Do your personal computers, your business computers and/or the computers your team use have antivirus software installed?

Q6: Are your own or your client’s websites protected by a monitoring and protection tool?

Q7: Do you encrypt files before sharing them with team members?

ANSWERS

Q1: If you answered yes, you need to improve your cyber hygiene in this area. Hackers can brute-force their way into accounts by throwing known common passwords and common dictionary words at them.

According to an analysis of more than 500 million leaked passwords by NordPass, some of the most common passwords in the world include food, sport and animal names.

The passwords monkey, soccer, football, chocolate, butterfly, dragon and cookie are especially common. A strong password should be at least 12 characters long, include a combination of letters, numbers and special characters, and not include any dictionary words.

Q2: If you answered yes to this, you need to up your cyber hygiene.

In 2019, Microsoft analysed a database of three billion leaked passwords and found that 44 million accounts were using passwords that had already been compromised elsewhere.

Why is this a problem?

Microsoft explained: "Once a threat actor gets hold of spilled credentials or credentials in the wild they can try to execute a breach replay attack.

“In this attack, the actor tries out the same credentials on different service accounts to see if there is a match."

Q3: If the answer to this question is ‘I don’t know’, ‘I can’t remember’, ‘never’ or any amount of time above seven days, then you need to improve your cyber hygiene in this area.

World Backup Day suggests that 30 per cent of people have never backed up their personal data.

Other statistics suggest that seven per cent of businesses don’t backup their data either. Seven per cent may not seem like that big a statistic. However, when you consider that downtime can cost a small business up to £6,215 per minute, the stat suddenly becomes a lot more serious.

Even if you’re lucky enough to have an in-house IT team or staff member who is responsible for backups, it’s still important as an owner of a company to double check these backups are taking place, or at least have the expected timeline for backups detailed in a cyber security policy.

Q4: Software update alerts never come at the right time. You’re usually on a deadline or rushing to log into a Zoom call.

Sucuri’s recent SiteCheck Malware Report found that 2,726,174 of 17,138,086 websites scanned for malware and errors in September 2020 contained outdated software, including core CMS, server software, and extensible third-party components like plugins and themes. That’s almost 16 per cent.

However, not completing software updates in a timely way can leave you open to cyber-attacks.

Q5: Which? suggests that 88 per cent of people in the UK use some sort of antivirus protection on their laptop or desktop computer.

So, if you’re not using it yourself, you’re in the minority. There are free options available, but quality paid-for versions can cost as little as £20 a year.

Q6: In 2019, the WP Beginner editorial team revealed that they had blacked 450,000 WordPress attacks over a course of just three months with the help of Sucuri Website Security.

Sucuri Website Security packages start from as little as £4.99 a month at tsoHost.

Q7: If you answered ‘no’ to this question you’re not alone. The 2019 Global Data Risk Report by Varonis found that 22 per cent of folders used by businesses are open to everyone.

They also found that in 17 per cent of the businesses polled, all the company’s sensitive files were accessible to every employee.

However, there’s certainly room for improvement here. You can read about encrypting Microsoft files in the Microsoft Support Centre.

For an extra layer of defence, you can look into encryption apps such as Folder Lock, AxCrypt, CryptoForge and Certainsafe.