When asking clients whether they are adequately protected against cyber crimes, these are the answers we receive most often:
-
“We have antivirus protection and have never had a problem.”
-
“Our employees know what and what not to click on.”
-
“I really don’t know.”
All organizations, regardless of size or industry, are at risk of being targeted by cybercriminals. Cyber crimes can lead to financial, operational and reputational damages that can be difficult or impossible to recover from.
Here are five common cybersecurity mistakes organizations make and solutions for each:
Weak or Reused Passwords
The Mistake: Users often resort to simple passwords they can easily remember, and often use the same password for multiple devices and accounts.
Why It Matters: Cybercriminals can more readily exploit weak, easy-to-guess passwords to gain unauthorized access to devices, networks, and accounts. Using weak passwords increases data vulnerability, and reusing passwords across different systems can compromise multiple accounts from a single breach.
How to Avoid It: Require your staff to use unique and strong passwords for each account, device and network. You should also mandate that these login credentials be changed regularly.
Passwords should not be common or predictable (don’t use “password” as your password) or sequential numbers or letters such as “12345” or “abcde.” Use a combination of upper and lowercase letters and special characters to strengthen passwords.
Ignoring Software Updates
The Mistake: Software and system updates are delayed or neglected.
Why It Matters: These vital updates often contain patches that address known vulnerabilities. When they are not installed, attackers can exploit outdated software or known security gaps to gain access to or control of devices, networks or systems.
How to Avoid It: Enable automatic updates on all devices and applications. Regularly check for and install updates, especially for security software that protects against viruses, intrusions and other threats. Stay informed about critical updates released by software vendors so they can be implemented without delay.
Lack of Employee Training
The Mistake: Not educating employees about cybersecurity best practices.
Why It Matters: Human error is a leading cause of security breaches, and employees who are unaware of common schemes cybercriminals used to trick them into revealing their password or other sensitive information) may more easily fall victim to them.
How to Avoid It: Implement cybersecurity training sessions for all employees upon hire and at regular intervals. Provide an opportunity for employees to raise questions or concerns and encourage a culture of cybersecurity awareness within the organization.
Overlooking Multifactor Authentication (MFA)
The Mistake: Users may rely solely on one password for account and device security.
Why It Matters: Cybercriminals can steal or guess passwords, especially if they are weak. MFA adds an extra verification step and significantly reduces the risk of unauthorized access.
How to Avoid It: Require MFA on all business accounts and devices that offer it, especially those containing sensitive information. This process requires users to verify their identity through a separate form of authentication such as a time based, one-time password sent through text message or email.
Using Unsecured Public Wi-Fi
The Mistake: Sensitive information is often accessed over publicly available Wi-Fi networks without password protection.
Why It Matters: Publicly available Wi-Fi can be a hot spot and entry point for cybercriminals to access networks and intercept data. Unsecured networks increase the risk of man-in-the-middle attacks, in which a malicious actor intercepts communications between two parties, reads the information, potentially alters it and transmits the communication without either party recognizing this is occurring.
How to Avoid It: Employees should avoid accessing sensitive information on public Wi-Fi and only use trusted networks. They should also turn off automatic Wi-Fi connection and file-sharing settings to prevent unintended connections or data leaks. Additionally, employees should ensure they use virtual private networks, or VPNs, that encrypt data transmissions if they are connecting to public Wi-Fi and confirm their firewall is enabled to add protection against malware and other cyberthreats.
Cyberattacks are a serious threat and cybercriminals often exploit vulnerabilities created by poor cyber hygiene practices. By recognizing these mistakes, taking action to avoid them, and implementing cybersecurity best practices, you can improve your cybersecurity posture and reduce the risk of costly cyberattacks occurring.
Contact us today for more information on how to protect your business.
