BharatNotes What is Cyber Hygiene?
Cyber hygiene is the set of routine, low-cost, repeatable practices that keep digital systems healthy — the cyber equivalent of personal hygiene. For an individual it means strong unique passwords, multi-factor authentication (MFA), regular software/OS updates, verified downloads, and caution with phishing links. For an organisation it extends to access management, timely patching, secure configuration ("hardening"), log retention, data backups and incident reporting. The goal is to reduce the "attack surface" so that the most common threats — malware, phishing, credential theft and exploitation of unpatched systems — fail before they cause damage.
Why It Matters for India
India is among the most targeted countries for cyberattacks. CERT-In, the national nodal agency for responding to cyber incidents under Section 70B of the Information Technology Act, 2000 (operational since 2004, under MeitY), has tracked a steep rise in reported incidents — climbing into the millions annually, with roughly 22.68 lakh incidents registered in 2024 (per CERT-In data; figures vary by reporting basis). With UPI, Aadhaar-linked services and government portals carrying sensitive data, a single weak password or unpatched server can compromise public services. Good cyber hygiene is therefore both an individual responsibility and a matter of national security and economic resilience.
Government Initiatives
| Initiative | Launched | Agency | Purpose |
|---|---|---|---|
| Cyber Swachhta Kendra (Botnet Cleaning & Malware Analysis Centre) | 21 Feb 2017 | MeitY; operated by CERT-In | Detect botnet infections; offer free clean-up tools |
| Cyber Surakshit Bharat | 19 Jan 2018 | MeitY + NeGD (PPP model) | Train CISOs and IT officials; spread awareness |
| CERT-In Directions under Sec 70B | 28 Apr 2022 | CERT-In | Mandatory incident reporting; log retention |
| Guidelines on Information Security Practices for Government Entities | Jun 2023 | CERT-In | Baseline security for government bodies |
The 2022 CERT-In Directions are a key compliance milestone: organisations must report specified cyber incidents to CERT-In within 6 hours of detection and retain ICT system logs securely for 180 days within India. The Cyber Swachhta Kendra distributes free tools (e.g., bot-removal utilities and the M-Kavach mobile security app) so end-users can clean infected devices.
Core Practices (Quick Reference)
- Use strong, unique passwords; enable MFA wherever available.
- Patch operating systems, apps and antivirus promptly (updates close known holes).
- Avoid unknown links, attachments and untrusted downloads (phishing defence).
- Back up critical data regularly; encrypt sensitive information.
- For organisations: harden configurations, manage access, monitor logs, and have an incident-response plan.
UPSC Angle
Examiners reward institution-specific, current answers. Anchor responses to CERT-In's statutory mandate (Section 70B), name the operative schemes (Cyber Swachhta Kendra, Cyber Surakshit Bharat) and the 2022 reporting directions, and link cyber hygiene to broader themes — critical information infrastructure (NCIIPC), data protection (DPDP Act, 2023) and the National Cyber Security Strategy. This connects the micro-habit of patching to the macro-goal of a secure Digital India.
