3 ways to improve cyber hygiene

A single training session and advanced software are not enough to maintain robust cybersecurity.

Some insurers are lulled into a false sense of cybersecurity because they use the latest software, but regular updates and ongoing maintenance are crucial parts of good cyber hygiene. (Credit: Artur Szczybylo/Adobe Stock)

Cybercriminals may target insurers because the company files contain sensitive policyholder information and they believe insurance companies have deep pockets to extort. Most insurers and insured business owners understand the gravity of falling victim to a cyberattack but may not prioritize good cyber hygiene in everyday practices, which could have devastating consequences.

Cyber hygiene protects the health and security of networks, data, devices and users through regular maintenance. Adopting these habits to improve cyber hygiene can further safeguard insurers and policyholders from sophisticated cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) considers these three areas essential for good cybersecurity hygiene.

1. Strong passwords

“123456” is the most commonly used password in the U.S., according to CISA. A weak password makes it easy for cybercriminals to infiltrate company systems, access data and even hold these networks hostage. In 2022, Iranian-backed hackers targeted the Municipal Water Authority in Aliquippa, Pennsylvania and disabled a monitor for water pressure regulation. Luckily, plant managers could operate the service manually to ensure the water quality and distribution were not impacted. When the U.S. Department of Homeland Security investigated the cyberattack, they discovered hackers gained access because the plant was using the software’s default password of “1111.”

CISA recommends passwords run at least 16 characters long with a random assortment of numbers, symbols and mixed-case letters. A string of four to seven unrelated words may also suffice. Choose unique passwords for each account and do not write them down or share them with a trusted friend.

2. Regular software updates

Many people balk when they get a notification for a software update, putting it off until it’s absolutely necessary, but software updates are unsung heroes, providing stronger digital defenses. Software companies constantly analyze cyberattack trends and have entire security teams devoted to finding vulnerabilities. They proactively patch the software to protect customers. It’s tempting to select “remind me later” when these notifications pop up, but repeatedly delaying the update can lead to severe consequences, especially if it is for security purposes.

Software updates that fix security concerns make devices that are still using previous versions especially vulnerable because it is a known issue that cybercriminals can exploit. Hackers can find devices using the outdated version and gain access to the company’s system.

CISA recommends watching for notifications and installing software updates immediately to avoid malicious hackers or enrolling in automatic updates through the software settings.

3. Multi-factor authentication

Diligent software updates and complex passwords are great ways to bolster online defenses but won’t stop bad cyber actors completely. Multi-factor authentication (MFA) makes it that much harder for cybercriminals to access personal or company information. MFAs are a layered approach, also called 2-step verification or two-factor authentication, that requires a user to verify their identity with two or more credentials, such as a password and then a code sent via email or text, a fingerprint or face scan, or opening an application for authentication.

If the password is compromised, the additional credentials should stop unauthorized users from accessing the computing device, database, network or physical space. Cybercriminals won’t be able to satisfy the second round of MFA requirements, which should stop the cyberattack, but not always. MFAs improve cyber hygiene but can still be compromised.

Related: