Rarely a day passes without news of a cyber attack at yet another company, institution, or government body.
Many businesses continue to implement poor network security procedures in the face of identified risks. Here are 7 negative habits that are all too prevalent in cybersecurity, or lack thereof.
7 Worst Cybersecurity Habits
Here are the worst cybersecurity practices you might have seen, or been guilty of yourself.
Poor Password Security Rules
Commonly used and short passwords are a weak spot for your network, cloud apps, and email services. Such passwords can be easily guessed by potential attackers. So think about using a password manager tool. Such a tool helps you create and remember your unique logins. Another thing that helps is MFA (multi-factor authentication).
Also, consider not giving users admin access. That is sometimes given to users during troubleshooting, and then forgotten. Such a practice leaves you in a very vulnerable spot.
Bypassing Corporate Controls
Cybersecurity specialists frequently work around company controls – they disable them, or change repetitive settings only to forget to revert the changes after finishing.
Sure, it’s possible to disable or remove security measures like antivirus software, network security protocols, or MFA, but that exposes your system and unencrypted documents to attacks. And you should educate the rest of your staff on the dangers of bypassing corporate controls, too. Denying access to certain websites is done not just for productivity reasons but also to implement healthy cybersecurity habits.
Using Outdated Technology
Many businesses continue to use Windows Server 2003, despite the fact that it has a number of unpatched security vulnerabilities.
Rigidity is a common problem in the IT sector—if something isn’t broken, why fix it? Despite the fact that something may be functional, it is weak in terms of security. Even if an older piece of technology has been patched, that doesn’t guarantee that it is safe or that another vulnerability won’t expose it in the near future.
Companies must stop with the outdated methods and implement cybersecurity habits that can handle modern problems.
Failing to Review the Environment as a Whole
Security experts frequently don’t look at the wider picture to assess whether an environment is getting less safe. They are too busy responding to pressing problems. For instance, a senior admin’s privileges may be elevated to super admin status for the day, but due to urgent issues not revoked afterwards.
A thorough system review should be conducted following a penetration test. After a penetration test, we shouldn’t sit idly; instead, we should use the test as a starting point. Networks are incredibly dynamic, and updating or adding software can quickly alter your security posture.
Using Company Equipment for Personal Use
A lot of us are quick to use company devices for personal use. One personal email may not seem like a lot, but the outcome could be huge and damning.
Educate and train your staff on the dangers of misusing company equipment. Online shopping and downloading non-company apps and software can have wide-reaching company consequences. Especially if it opens the door for potential cyberattackers.
Your staff shouldn’t keep their personal data on company devices, and vice versa – no company data should be on their personal devices. To help them with the latter, get them all company devices to use so they don’t have to use their own laptop to perform tasks.
Negligence Toward False Positives
Some cybersecurity experts are careless when it comes to false positives, which happen when a security system identifies a benign file as malicious and blocks it. Data corruption, service interruptions, or a total inability to function are all potential consequences of this.
The cybersecurity habits some security professionals have is to minimize the possibility of high false positives and choose security stack solutions that are configured to overly cautious levels, which leads to false positives.
Not Patching Straight Away
Companies regularly invest thousands of dollars on security systems only to have them thwarted by something as simple as delaying the installation of a security patch. Many businesses put themselves at danger by delaying the installation of crucial security upgrades for at least a week after they are released.
Patch management weak spots include pushing out updates too quickly and devices going offline. But the most notable risk is simply and bafflingly leaving a system open to cyberattackers by not patching straight away.
There is no one-size-fits-all when it comes to good cybersecurity practices and innovations. But we can all universally agree on bad cybersecurity practices. Never stop re-evaluating your security assets and how big a risk they pose. Vigilance in keeping a certain cybersecurity level is the foundation for strong security best practices.