Cyber hygiene top tips

David Sutton, a cyber security expert, author and speaker details essential steps users should take if they want to stay safe online.

News of the ‘WannaCry’ virus attack may have not come as a great surprise, but the scale of it was - I had expected it to have a considerably wider impact, and it is to the credit of the IT and security specialists around the world that its spread was limited and dealt with so quickly, although a great many people had a thoroughly frustrating and exhausting weekend.

For those unaffected by the attack, this is no time to be complacent - here are some top tips users should undertake in order to protect themselves and their computers from potential future outbreaks like this:


  • Always choose long passwords and/or use a password management application;
  • Remember that passwords are like toothbrushes - they should be changed frequently and never shared;
  • Never include personal information such as your name in your passwords.

Operating systems

  • Always upgrade to the latest version of your operating system before it goes out of support;
  • Enable automatic updates to your operating system, major applications and Internet browser;
  • Enable your operating system’s firewall feature.


  • Never open email attachments unless you are absolutely certain of their origin;
  • Never reply to unsolicited email or text messages - simply delete them.

Surfing the world-wide web

  • Never click on web page links unless you are absolutely certain where they will lead;
  • Always delete the cookies, browser history and temporary Internet files when you have finished using public computers;
  • Never use public computers to carry out financial transactions.

Anti-virus software

  • Turn on Windows Defender on Windows 7 and Windows 10;
  • Install reputable antivirus software on an Apple Mac;
  • Update the threat database daily and run an antivirus scan at least every week.

Sharing information

  • Only ever share the minimum amount of personal information on social networks or when making purchases over the Internet.

File safety

  • Back up your files regularly - and check that you can restore them;
  • Lock your computer/tablet/smartphone screen when you’re not actually using it;
  • Encrypt your most important files and consider encrypting the entire hard drive.

Free stuff

  • Never accept ‘free’ memory sticks from strangers - they could contain malware;
  • Never trust ‘free’ WiFi networks - they can leak your data;
  • Never download pirated software, films or music;

Remember - there’s no such thing as a free lunch, and if it sounds too good to be true, it almost certainly is!

Let us hope that the lessons have been learned; that out-of-support software is replaced, patches are applied and the good cyber hygiene recommendations followed.

It is not a question of if another attack occurs, but when; and when it does, it may well be far more aggressive.

About the author
David Sutton's career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He has delivered lectures on information risk management and business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. David is co-author of Information Security Management Principles (Second edition) and author of Information Risk Management and Cyber Security.
Information Security Management Principles - Second edition Information Risk Management Cyber Security - A practitioner's guide

Comments (2)

Leave Comment
  • 1
    Amit Suralia wrote on 25th May 2017

    A very succint checklist to be pro-active that could minimise the chances of being a potential victim.

    Report Comment

  • 2
    Martin Brown wrote on 2nd Jun 2017

    I mostly agree with the suggestions above but a few comments:

    Passwords should be appropriate to the resources they protect. My bank account login requires a very much more secure password than one for playing chess online or filing bug reports.

    Always use the maximum range of alphabet permitted ie numbers, letters and symbols.
    Don't use single words that are in dictionaries, 123456 or qwerty

    Making people change high entropy passwords too often results in them being written on post-its stuck at the side of the screen which totally defeats any security. And it is the really senior people who do it!

    OS auto update will always cause you pain and suffering if you permit it. Reboots invariably happen at the most inconvenient time if Windows is left to its own devices. Auto download and let me choose when is better. YMMV

    Emails. It is a difficult balancing act since most of the hostile binaries I ever see arrive from people who I know and have previously done business with or from friends. The give away is the bad English and an unusual phrasing of subject. Fake notifications from couriers are becoming ever harder to spot if you are in a hurry.
    New clients often attach Word documents or images in the stuff they send me. Am I supposed to ignore all potential new clients who choose to make initial contact by email?

    Webpage URLs. There are plenty of hostile typo squatting sites imitating major high traffic sites to catch you out. Sometimes social media ads unwittingly point at hostile URLs. Running the browser in a sandbox and allowing your AV to blacklist known hostile URLs is a good idea.

    AV. I wouldn't trust Windows "defender" to save me from anything. It has been a vector for some of the most dangerous recent zero day exploits only last month with "crazy bad" MSA 4022344.

    or with MS spin

    Free stuff. There is plenty of good free software around but the days of inspecting the code and compiling it yourself are really long gone now. There are reputable archives of precompiled stuff around but also places that will add a load of unwanted junk if you don't opt out or choose where to download it from more wisely.

    Certain types of software seem particularly bad for containing malware and PUPs - notably things for grabbing video streaming content and saving it to a PC. Various neighbours have been bitten by this several times as kids download random applications. Even Adobe isn't above bundling unwanted junk with its version updates.

    PS You have an America dictionary checker applied to the input text. It wants me to use "neighbors" (sic).

    Report Comment

Post a comment

Search this blog

August 2017