Are you aware of these cybersecurity risks?
Businesses fall into cybersecurity bad habits as easily as individuals do. These bad habits slowly become the norm, especially if they make the work process a little easier. Such habits even convince us that we are only bypassing the red tape to do something more important. Most people practice these bad cybersecurity habits without even realizing what they’re doing wrong. They are simply not aware of the risks that these poor cybersecurity practices are exposing them and their company to.
The scary thing is that even after they fall victim to a cyber attack, they may not realize that it was their habits that caused them to fall victim. While it is difficult to recognize our own bad habits, such is human nature that we are quick to see the faults in others. So to help you recognize these bad habits, I have put together a list of common cybersecurity bad habits. I hope this will help you recognize and avoid these poor cybersecurity practices.
Not Using 2FA/MFA
Not Setting A Disaster Recovery Plan
Treating Cybersecurity As A One Time Project
Not Updating Employee Knowledge/Cybersecurity Awareness
Over Confidence - Thinking it can’t happen to me.
At Jones IT, we take IT security very seriously. We have published a series of blogs on cybersecurity sharing useful information, tips, and general education. Most cybersecurity breaches arise from common mistakes and cybersecurity bad habits listed above. It is definitely worthwhile to weed them out before they put you and your company at risk.
1. Poor Password Management
Short, easy-to-guess passwords is a vulnerability that is most commonly exploited by cyber-criminals. On the other hand, long and complex passwords are often difficult to remember. People are so afraid of this that they often end up using the same password for multiple accounts. In fact, 59% of people use the same or similar password for multiple accounts. Besides, many write down their passwords where others can access them, or share them with colleagues or family members so that they don’t forget it. Such poor password management makes it easy for someone to hijack your account and commit fraud.
Many times, the fault is not with the users but rather with the super-users or admins. Standard security measures for network access have notoriously weak passwords such as “123456”, “qwerty”, and “password”. These passwords often remain unchanged making it very easy for malicious agents to compromise your network and steal your data.
2. Not Using 2FA (two-factor authentication)
There is no justification for not using 2FA ( two-factor authentication). It is 2019- it is really easy to set up and you don’t even need to use a token generator. Multi-Layered security, such as 2FA consists of an OTP (one-time password) in combination with a memorized password. Using such a combination makes it really difficult to hack your accounts. 2FA is a great tool- is easy to implement and provides layered security, which is a must for every business.
We recommend using a password manager such as LastPass along with Google Authenticator. This will save you from memorizing passwords for all your business, personal, and social apps, which can be rather taxing on your memory.
3. Not Setting Up Disaster Recovery Plan
Most companies tend to focus on preventive cybersecurity measures while neglecting to prepare for an actual security breach. While active cybersecurity measures will prevent the majority of the risks, it cannot guarantee 100% immunity to cybersecurity threats. No matter how well protected your IT infrastructure is, you will definitely need a disaster recovery plan.
Loss of data is a business owner’s worst nightmare. Such a loss can cause irreparable damage to your business. Even if you get back to current working levels, your customers may never be able to trust you with their data again. Given the risk that loss of data poses, a reliable data backup and recovery solution is a must-have for every business.
A comprehensive backup and recovery plan will minimize downtime and help keep your business functioning seamlessly even in the case of a disaster such as ransomware attack, virus infection, or a natural disaster.
4. Treating Cybersecurity As A One Time Project
Cybersecurity is not a one-time project. You can’t set it and forget it. In fact, this is one of the biggest mistakes that businesses make. They set up some IT security policies, implement some cybersecurity tools, and then leave it at that.
Cybersecurity threats are always evolving. With the advancement in technology, the cyber-criminals are also becoming more advanced in their attacks. They are constantly working on newer ways to exploit your computer and/or network. For many of them, developing these programs is their full-time job.
Therefore, to keep your IT infrastructure safe and secure, you will need to periodically revisit your IT security plan and measures. You need to check if your IT security policies, tools, and procedures are still relevant and/or effective against the ever-evolving threats.
Regular penetration tests and phishing drills will help detect vulnerabilities and come up with fixes before they can be exploited.
5. Not Updating Employees' Knowledge
We know that cybersecurity threats are ever-evolving. Therefore, to counter them, our knowledge of these threats also needs to keep pace. A little education can prevent the majority of cyber attacks as most of them are identifiable.
Human error has always been a big challenge to cybersecurity. A one-off IT security presentation during orientation will never be enough. At any moment, people have many things in their head and are frequently multitasking at work. This can lead to a lapse in concentration and all it takes is an innocent click on a harmless looking link to cause a massive breach.
Regular education about cybersecurity threats and preventive measures, password hygiene, and phishing drills should be part of your IT security plan. Periodically discuss your company’s IT policy along with your employees. Spear phishing attempts rely on the gullibility of your employees that may lead them to share sensitive information via email to a spoofed account of an authority figure. If employees know that the IT security policy prohibits them from sharing sensitive information via email or phone, then they are less likely to fall prey to such phishing attacks.
6. Overconfidence- Thinking it can’t happen to me
Overconfidence is probably the biggest security risk your business can face. Once you believe that you have implemented all the right IT security controls, you might be lulled into a false sense of security. And if there are no security incidents for a long period, you might think you are unhackable.
Further, most small businesses tend to think that they are too small a target for cybercriminals. But for a cybercriminal, you are never too small or too big. According to 2019 Data Breach Investigations Report by Verizon, 43% of cyber attacks were targeted at small businesses while only 14% of small businesses rate their cyber security as highly effective. Because of overconfidence and lack of preparedness, small businesses tend to be very vulnerable to malware infections, ransomware attacks, and data breaches.
The best remedy for this bad habit is to have a plan that requires you to regularly revisit your IT security measures. You also need to stay up-to-date on the latest developments in cybersecurity, cyber threats and the most effective strategies to counter them.
Preventing Cybersecurity breaches
No matter how careful we are about phishing, hacking, ransomware, etc. there is always the possibility that a threat may slip through the cracks. When educated properly and frequently, employees recognize the threats posed by a wide range of cybercriminal activities. The education should not just be about external threats but also about internal policies and security protocols. A well-informed workforce is a huge asset in your battle against cybercriminals.
These were some of the most common cybersecurity bad habits that we regularly come across. We would be happy to help you kick these habits as well as improve your cybersecurity measures. Feel free to reach out to us today.
If you liked the blog, please share it with your friends