Secure habits, big impact

Cyber Hygiene Guide

Practical steps to stay safe online: strong passwords, smart social settings, safer browsing, and malware awareness—sourced from leading guidance. [CISA/NIST]

Open Checklist Start with Passwords
Aligned with up-to-date cyber hygiene and password guidance. [CISA/NIST]

Password safety

Use long passphrases, allow all characters, avoid forced resets; add MFA and a password manager to reduce account takeover risk. [NIST/CISA]

Use a long passphrase
Prefer 15+ characters; length beats complexity, spaces allowed for usability. [NIST]
Block breached passwords
Check against known-compromised lists; never truncate during verification. [NIST]
Enable MFA (avoid SMS when possible)
Use authenticator apps, hardware keys, or passkeys for stronger protection. [NIST]
No forced resets
Change after compromise or suspicion; forced cycles weaken choices. [NIST]
Developer: allow paste, store with slow salted hashing, throttle login attempts. [NIST]

Social media safety

Tighten privacy, curate followers, think before posting; enable 2FA to protect identity and reputation. [CISA]

Review privacy controls
Limit post visibility, disable location on public posts, audit connected apps. [CISA]
Curate connections
Block unknowns, verify handles, report impersonation or harassment. [CISA]
Protect personal info
Avoid sensitive details and beware data-mining “quizzes.” [CISA]
Enable 2FA everywhere
Prefer app-based codes or passkeys for socials and email recovery. [CISA]

Safe browsing

Keep systems updated, verify links, and prefer HTTPS on sites handling any sign-in or payments. [CISA]

Update automatically
Enable auto-updates for OS, browsers, and extensions. [CISA]
Verify before clicking
Hover to inspect URLs and check domain spelling; avoid unexpected attachments. [CISA]
Use HTTPS
Lock icon is not enough—ensure the domain is correct. [CISA]
Limit extensions
Install from trusted publishers and remove unused ones. [CISA]
Public Wi‑Fi caution
Avoid sensitive logins on open networks; consider a reputable VPN. [CISA]
Cloud accounts: least privilege, review tokens, monitor sign-ins. [CISA]

Malware awareness

Spot common red flags, keep reputable endpoint security, and follow the 3‑2‑1 backup rule to reduce ransomware impact. [CISA]

Know the red flags
Fake update popups, unexpected installers, macro prompts, cracked software sites. [CISA]
Protect and limit
Use real-time protection, run daily as non-admin, allow only needed apps. [CISA]
Back up with 3‑2‑1
Keep 3 copies on 2 media with 1 off-site/immutable. [CISA]
If infected, act fast
Disconnect, note symptoms, scan/quarantine, restore clean backups, rotate credentials. [CISA]