19 Mar 2025

Cybersecurity Hygiene Best Practices Checklist

Cybersecurity is everyone’s responsibility, which means that while organisations need to prioritise cyber hygiene, so must individual employees. With that in mind, end users need to be aware of the following cyber hygiene best practices.

Management of Assets

• Keep a current log of all devices, software, and equipment associated with the network
• Regularly conduct audits of hardware and software to identity potential vulnerabilities
• Ensure that the installation of all new hardware and software is recorded.
• Safely decommission unused equipment to prevent any data breaches.

Control of Access

• Restrict administrative access to only those necessary
• Assign access rights based on individual roles and responsibilities
• Use multi-factor authentication (MfA) for all critical systems and applications
• Regularly review user access logs to detect any irregularities

Security of Network

• Implement network firewalls and intrusion detection/prevention systems (IDS/IPS)
• Employ network segmentation to minimise potential damage in the event of a breach.
• Secure routers and wireless network by changing default settings, enabling encryption, and using robust passwords
• Be cognisant of partner networks connected to our infrastructure and put in place security measures to mitigate risks.

Protection of Endpoints

• Deploy next generation endpoint security software
• Use regularly updated anti-virus and anti-malware tools
• Enforce strong access controls, encryption, and remote wipe capabilities for mobile device security

Management of Patches & System Updates

• Regularly update software and operating systems with the latest security patches.
• Keep hardware maintained and up to date to prevent performance and security issues

Protection & Backup of Data

• Deploy next generation endpoint security software
• Use regularly updated anti-virus and anti-malware tools
• Enforce strong access controls, encryption, and remote wipe capabilities for mobile device security.

Security of Email & Communication

• Use email security solutions to identity and block threats from phishing and malware
• Train staff to recognise and avoid phishing and other social engineering attacks
• Limit email attachments and links from untrusted sources

Awareness & Training for Security

• Implement ongoing cybersecurity training for staff.
• Inform users about creating robust passwords, securing personal devices, and identifying cyber threats.
• Regularly communicate clear security policies.

Response to Incidents & Compliance

• Develop and regularly test a plan for responding to incidents
• Keep an updated list of contacts for personnel responsible for managing security events
• Conduct post-incident evaluations to Improve future response strategies. Ensure all legal and regulatory obligations related to cybersecurity are met.

Cyber Insurance & Mitigation of Risks

• Consider acquiring cyber insurance to cover potential financial losses from cyber incidents
• Regularly review and update cybersecurity policies to adapt to evolving threats
• Implement clear cybersecurity policies and enforce them across the organisation.

LoughTec are cyber security experts, if you want to find out more on how LoughTec can help protect your business see below options. 

Click to find out more about how much a cyber attack could potentially cost your business. 

Click to find out more about Security Operations Centre SOC 24-7-365 protection.

Click to find out more about Staff Cyber Security Awareness Training.

Click to find out more about Ransomware Protection.