All organizations, regardless of their size or industry, are potential targets for cyberattacks. These events can lead to significant financial, operational and reputational damage that can be difficult or impossible to recover from. Fortunately, strong cyber hygiene practices can reduce the likelihood of data breaches and other cyber incidents, and many of these practices are relatively low-cost and easy to implement. Below are five common cybersecurity mistakes organizations make and actionable solutions for each.
- Relying on Weak or Reused Passwords
Users often resort to simple passwords they can easily remember. They may also use the same password for multiple devices and accounts. However, cybercriminals can more readily exploit weak, easy-to-guess passwords to gain unauthorized access to devices, networks and accounts. Utilizing weak passwords increases data vulnerability, and reusing passwords across different systems can compromise multiple accounts from a single breach. To address these issues, employers should require that staff use unique and strong passwords for each account, device and network. They should also mandate that these login credentials be changed regularly. Passwords should not be common or predictable (e.g., “password”) or sequential letters or numbers (e.g., “abcde” or “123456”). Using a combination of upper and lowercase letters, as well as special characters, can further strengthen passwords. Employees can consider using a verified password manager to store and generate passwords securely.
- Not Updating Software
If software and system updates are delayed or neglected, cyberattackers can more readily exploit known security gaps to gain access to or control of devices, networks or systems. Updates and patches can address these vulnerabilities. Cybersecurity policies should require that automatic updates are enabled on all devices and applications, and there should be processes that regularly check for and install updates, especially for security software that protects against viruses. Employers should stay informed about critical updates released by software vendors so they can be implemented without delay.
- Neglecting Employee Training
Human error is a leading cause of security breaches, and employees who are unaware of common schemes cybercriminals use (e.g., phishing attacks) may more easily fall victim to them. Untrained employees may also be unaware of best practices for safe data handling and can inadvertently compromise security. Employers should implement cybersecurity training sessions for all employees upon hire and at regular intervals. These sessions should be interactive and include real-life scenarios. They should allow employees to raise questions or concerns openly, fostering a culture of cybersecurity awareness within the organization.
- Not Using Multifactor Authentication (MFA)
Relying solely on one password for account and device security presents security risks because cybercriminals can steal or guess it, especially if it is weak. MFA adds a layer of security and significantly reduces the risk of unauthorized access by requiring users to verify their identity through a separate form of authentication (e.g., a time-based one-time password sent through text message or email). Employers should require MFA on all business accounts and devices that support it, especially those containing sensitive information. Employees should also use authentication apps or hardware tokens for secure verification and regularly review and update MFA settings to ensure optimal protection.
- Utilizing Unsecured Public Wi-Fi
Publicly available unsecured Wi-Fi can be an entry point for cybercriminals to access networks, intercept data and steal sensitive information. Additionally, unsecured networks increase the risk of man-in-the-middle attacks, in which a malicious actor intercepts communications between two parties, reads the information, potentially alters it and transmits the communication without either party recognizing this is occurring. Employees should avoid accessing sensitive information on public Wi-Fi and only use trusted networks. They should also turn off automatic Wi-Fi connection and file-sharing settings to prevent unintended connections or data leaks. Users should ensure they use virtual private networks that encrypt data transmissions if they are connecting to public Wi-Fi and confirm their firewall is enabled to add protection against malware and other cyberthreats.
Conclusion
Cyberattacks are a serious threat to all organizations, and cybercriminals often exploit vulnerabilities created by poor cyber hygiene practices. By recognizing these mistakes, realizing their significance, taking action to avoid them and implementing cybersecurity best practices, organizations can improve their cybersecurity posture and reduce the risk of costly cyberattacks occurring.
Contact us to see how you could minimize risk: