In today's digital age, cybercrime is increasing at an alarming rate, and it has become more critical than ever for organizations to prioritize adopting best practices in cyber hygiene to safeguard their personnel and resources from cyberattacks. As personal hygiene keeps one clean and healthy, cyber hygiene combines behaviors to enhance data privacy. This paper aims to explore the common cyber-attacks currently faced by organizations and how the different practices associated with good cyber hygiene can be used to mitigate those attacks. This paper also emphasizes the need for organizations to adopt good cyber hygiene techniques and, therefore, provides the top 10 effective cyber hygiene measures for organizations seeking to enhance their cybersecurity posture. To better evaluate the cyber hygiene techniques, a systematic literature approach was used, assessing the different models of cyber hygiene, thus distinguishing between good and bad cyber hygiene techniques and what are the cyber-attacks associated with bad cyber hygiene that can eventually affect any organization. Based on the case study and surveys done by the researchers, it has been deduced that good cyber hygiene techniques bring positive behavior among employees, thus contributing to a more secure organization. More importantly, it is the responsibility of both the organization and the employees to practice good cyber hygiene techniques. Suppose organizations fail to enforce good cyber hygiene techniques, such as a lack of security awareness programs. In that case, employees may have the misconception that it is not their responsibility to contribute to their security and that of the organization, which consequently opens doors to various cyber-attacks. There have not been many research papers on cyber hygiene, particularly when it comes to its application in the workplace, which is a fundamental aspect of our everyday life. This paper focuses on the cyber hygiene techniques that any small to larger organization should consider. It also highlights the existing challenges associated with the implementation of good cyber hygiene techniques and offers potential solutions to address them.

Cyber hygiene; cyber-attacks; cybersecurity in the workplace; process innovation

M. H. U. Sharif and M. A. Mohammed, “A literature review of financial losses statistics for cyber security and future trend,” World J. Adv. Res. Rev., vol. 15, no. 1, pp. 138–156, 2022.

CyberGhost, “How to Improve Cyber Hygiene & Stop Cyber Attacks.” Accessed: Jan. 28, 2023. [Online]. Available: https://www.cyberghostvpn.com/en_US/privacyhub/what-is-cyber-hygiene

K. Bennouk, N. Ait Aali, Y. El Bouzekri El Idrissi, B. Sebai, A. Z. Faroukhi, and D. Mahouachi, “A comprehensive review and assessment of cybersecurity vulnerability detection methodologies,” J. Cybersecurity Priv., vol. 4, no. 4, pp. 853–908, 2024.

S. Kalhoro, M. Rehman, V. Ponnusamy, and F. B. Shaikh, “Extracting Key Factors of Cyber Hygiene Behaviour Among Software Engineers: A Systematic Literature Review,” IEEE Access, vol. 9, pp. 99339–99363, 2021, doi: 10.1109/ACCESS.2021.3097144.

M. Muthuppalaniappan and K. Stevenson, “Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health,” Int. J. Qual. Heal. Care, vol. 33, no. 1, Feb. 2021, doi: 10.1093/intqhc/mzaa117.

S. Furnell and J. N. Shah, “Home working and cyber security – an outbreak of unpreparedness?,” Comput. Fraud Secur., vol. 2020, no. 8, pp. 6–12, Jan. 2020, doi: 10.1016/S1361-3723(20)30084-1.

T. Karayel, B. Aktaş, and A. Akbıyık, “Human factors in remote work: examining cyber hygiene practices,” Inf. Comput. Secur., vol. 33, no. 1, pp. 96–116, Jan. 2025, doi: 10.1108/ICS-11-2023-0215.

M. Johnson and T. Lee, “Data protection strategies in modern organizations,” in International Conference on Cybersecurity and Information Systems (CIS), 2023, pp. 88–92.

NIST, “You’ve Been Phished.”

A. A. Cain, M. E. Edwards, and J. D. Still, “An exploratory study of cyber hygiene behaviors and knowledge,” J. Inf. Secur. Appl., vol. 42, pp. 36–45, Oct. 2018, doi: 10.1016/j.jisa.2018.08.002.

K. Kioskli, T. Fotis, S. Nifakos, and H. Mouratidis, “The Importance of Conceptualising the Human-Centric Approach in Maintaining and Promoting Cybersecurity-Hygiene in Healthcare 4.0,” Appl. Sci., vol. 13, no. 6, p. 3410, Mar. 2023, doi: 10.3390/app13063410.

K. Maennel, S. Mäses, and O. Maennel, “Cyber Hygiene: The Big Picture,” 2018, pp. 291–305. doi: 10.1007/978-3-030-03638-6_18.

A. Boiko, V. Shendryk, and O. Boiko, “Information systems for supply chain management: uncertainties, risks and cyber security,” Procedia Comput. Sci., vol. 149, pp. 65–70, 2019, doi: 10.1016/j.procs.2019.01.108.

A. Aliyu et al., “A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom,” Appl. Sci., vol. 10, no. 10, p. 3660, May 2020, doi: 10.3390/app10103660.

S. Butler Lamar, “Managing cyber hygiene at a higher education institution in the united states,” 2022.

I. Skarga-Bandurova, I. Kotsiuba, and E. R. Velasco, “Cyber Hygiene Maturity Assessment Framework for Smart Grid Scenarios,” Front. Comput. Sci., vol. 3, p. 614337, 2021.

L. Li, W. He, L. Xu, I. Ash, M. Anwar, and X. Yuan, “Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior,” Int. J. Inf. Manage., vol. 45, pp. 13–24, Apr. 2019, doi: 10.1016/j.ijinfomgt.2018.10.017.

A. R. Neigel, V. L. Claypoole, G. E. Waldfogle, S. Acharya, and G. M. Hancock, “Holistic cyber hygiene education: Accounting for the human factors,” Comput. Secur., vol. 92, p. 101731, May 2020, doi: 10.1016/j.cose.2020.101731.

J. Thebarge, M. Reith, and W. Henry, “Increasing industry profitability and cyber hygiene utilizing awareness progression methods,” in International Conference on Cyber Warfare and Security, Academic Conferences International Limited, 2022, pp. 325–332.

A. S. Wilner, H. Luce, E. Ouellet, O. Williams, and N. Costa, “From public health to cyber hygiene: Cybersecurity and Canada’s healthcare sector,” Int. J. Canada’s J. Glob. Policy Anal., vol. 76, no. 4, pp. 522–543, Dec. 2021, doi: 10.1177/00207020211067946.

R. Manning, “Yubico Research Reveals Lackluster Cybersecurity in Europe,” Yubico. [Online]. Available: https://www.yubico.com/blog/yubico-research-reveals-lackluster-cybersecurity-in-europe/

D. Singh, N. P. Mohanty, S. Swagatika, and S. Kumar, “Cyber-hygiene: The key concept for cyber security in cyberspace,” Test Eng. Manag., vol. 83, pp. 8145–8152, 2020.

S. Anawar, D. L. Kunasegaran, M. Z. Mas’ud, and N. A. Zakaria, “Analysis of phishing susceptibility in a workplace: a big-five personality perspectives,” J Eng Sci Technol, vol. 14, no. 5, pp. 2865–2882, 2019.

T. R. Reshmi, “Information security breaches due to ransomware attacks - a systematic literature review,” Int. J. Inf. Manag. Data Insights, vol. 1, no. 2, p. 100013, Nov. 2021, doi: 10.1016/j.jjimei.2021.100013.

A. Mallik, “Man-in-the-middle-attack: Understanding in simple words,” Cybersp. J. Pendidik. Teknol. Inf., vol. 2, no. 2, pp. 109–134, 2019.

J. R. Brown, “Data Loss: What it is, How it Works, Common Causes,” Investopedia. Accessed: Feb. 27, 2023. [Online]. Available: https://www.investopedia.com/terms/d/data-loss.asp

B. Krstic, “15+ Scary Data Loss Statistics to Keep in Mind in 2023,” WebTribunal, 2023. Accessed: Feb. 13, 2023. [Online]. Available: https://webtribunal.net/blog/data-loss-statistics/

A. U. Nabi, M. Ahmed, and A. Abro, “An overview of firewall types, technologies, and functionalities,” Int. J. Comput. Relat. Technol., vol. 3, no. 1, pp. 10–16, 2022.

A. Maurushat and K. Nguyen, “The legal obligation to provide timely security patching and automatic updates,” Int. Cybersecurity Law Rev., vol. 3, no. 2, pp. 437–465, Dec. 2022, doi: 10.1365/s43439-022-00059-6.

OWASP, “Transport Layer Protection – OWASP Cheat Sheet Series.” Accessed: Feb. 13, 2023. [Online]. Available: https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html

OWASP, “Cryptographic Storage – OWASP Cheat Sheet Series.” Accessed: Feb. 13, 2023. [Online]. Available: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html

Z. Xu and J. Ni, “Research on network security of VPN technology,” in 2020 International Conference on Information Science and Education (ICISE-IE), IEEE, Dec. 2020, pp. 539–542. doi: 10.1109/ICISE51755.2020.00121.

W. Y. Leong, Y. Z. Leong, and W. S. Leong, “Strengthening Security in Computing,” in 2024 IEEE Symposium on Wireless Technology & Applications (ISWTA), IEEE, Jul. 2024, pp. 113–116. doi: 10.1109/ISWTA62130.2024.10651781.

STATE OF THE PHISH, “2021 State of the Phish: An In-Depth Look at User Awareness, Vulnerability and Resilience,” 2021. [Online]. Available: https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-state-of-the-phish-2021.pdf

C. Carvalho and E. Marques, “Adapting ISO 27001 to a Public Institution,” in 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), IEEE, Jun. 2019, pp. 1–6. doi: 10.23919/CISTI.2019.8760870.

IBM, “Cost of a data breach report 2022,” IBM. Accessed: Feb. 15, 2023. [Online]. Available: https://www.ibm.com/reports/data-breach