CyberSecurity FAQ - What is cyber hygiene?

Cyber hygiene refers to activities that computer system administrators and users can undertake to improve their cybersecurity while online. The term cyber hygiene was coined by Vinton Cerf, an Internet pioneer, who used that the expression in his statement to the United States Congress Joint Economic Committee on 23 February 2000, where italics are added for emphasis:

It is my judgment that the Internet itself is for the most part secure, though there are steps we know can be take to improve security and resilience. Most of the vulnerabilities arise from those who use the Internet--companies, governments, academic institutions, and individuals alike--but who do not practice what I refer to as good cyber hygiene. They are not sufficiently sensitive to the need to protect the security of the Internet community of which they are a part. The openness of the Internet is both its blessing and its curse when it comes to security.

Cyber hygiene related activities for computer system administrators include, but are not limited to, segmenting networks, enforcing compartmentalized ("need to know") user permissions, enforcing strong password rules and bi- or multi-authorization procedures, ensuring that firewalls are properly installed, updating both “white lists" and "black lists", ensuring that all antivirus and spam ware protection software is properly installed, removing all unauthorized software, ensuring that all firmware and software patches are current.

Cyber hygiene related activities for computer system users include using strong passwords which are changed frequently and not written down, avoid accessing cybersecure systems on unauthorized and/or non-secure BYODs (Bring Your Own Devices), avoid mixing personal with cybersecure email and/or work documents.