The Biggest Cybersecurity Mistakes You Don’t Want To Make
It’s surprising how many people are clueless about the security of their online behavior. Have you ever wondered if your data or passwords are on the dark web? Have you ever looked? According to a recent Varonis survey, 64 percent of Americans have never even checked to see if they were affected by a data breach. That’s crazy! Data breaches and cyber-attacks are happening at an alarming rate and you have to take responsibility for your data before finding yourself or your company data compromised.
The following is our list of the biggest cybersecurity mistakes people make and the potential dangers associated with them.
Clicking Links or Attachments from Unknown Senders
This should seem obvious by now. Clicking on links or attachments from unknown senders whether it’s in an email or text message is a hard no. Phishing is still the primary way hackers gain access to your sensitive information and hack your infrastructure.
Reportedly 69 percent of organizations don’t believe the threats they’re seeing can be blocked by their anti-virus software. As phishing attacks become more devious and harder to detect, it is more important than ever to know how to recognize a phishing scam.
Make sure your IT department implements technology to protect you and your staff from these threats and make sure they are training your staff regularly. The moment you’re most vulnerable is when you think you’re safe. Staying vigilant will make you more likely to recognize and report phishing scams before becoming a victim of one.
Sharing or Reusing Passwords
Sharing or reusing passwords for multiple accounts is another poor cybersecurity practice. Unfortunately, nearly everyone does it on some level even when they know they shouldn’t. It’s hard to make up a strong and unique password every time – am I right?
The problem here is that whenever you share or reuse your password, you allow hackers to potentially gain access to more than a single entry point. If you also use that same password on multiple accounts and one of them is hacked, all those other accounts, devices, etc. are now considered vulnerable or hacked too. In order to prevent this, limit your password sharing to an absolute minimum and update your passwords monthly.
You can also leverage a password manager to help manage your passwords and take the stress out of creating and remembering what password goes to each account.
Installing Unauthorized Applications
Applications on a desktop or device, can be a great way to track your health, access your bank accounts, play games or meet people but they can also expose your personal information in ways that you may not expect. Every app you install increases the likelihood of exposure, so thoughtfully decide if you’re okay accepting the risk to your privacy and that you understand the consequences before you install it.
Never install programs unless you know what they do, and if you’re unsure, ask your IT department to be safe before you hit the install button. As a cybersecurity standard, all employees should have user-only privileges on their machines. The admin privileges should be reserved for your IT team. A written corporate policy detailing what users can and can’t do with their technology is another useful guideline.
Disabling Automated Security Settings
Remember that security update you disabled because it was taking too long? And then never actually installed or re-enabled it? This should go without saying, but every time you do that, you are putting your data at risk.
Hackers love to access your data through poor updates and patch management. Make sure both your office and home office gear is updated regularly. This includes routers, modems, Internet of Things (IoT) devices (smart thermostats, assistants, etc.), mobile devices and your computers.
According to Symantec’s Q3 Threat Landscape Trends, server vulnerability exploit attempts in 2020 are on the rise following an abundance of critical server vulnerability disclosures. These types of vulnerabilities are particularly tempting for hackers by offering access to enterprise servers and any sensitive data stored there. Servers are also an ideal platform for launching further attacks.
Visiting Untrusted Websites
There is no doubt that you’ve run into this issue at some point while browsing online. You were happily Googling when all of a sudden you quickly click a link that goes to an unsecured phishing website or run into an SSL certificate error. Secure websites rely on valid SSL certificates in order to encrypt traffic exchanged between your browser and the website you are interacting with.
Sometimes a given website’s certificate has expired or is self-signed. If either of these situations exist, you will get a warning screen in your browser telling you that “Your connection is not private.” Although annoying, this message is a good thing, as it is trying to protect you from doing something bad. It’s considered a best practice to steer clear of websites that are not verified with a valid SSL certificate.
Connecting to Unsecured WiFi Networks
This goes for anytime you are doing anything sensitive online. While public Wi-Fi may be convenient, free, and ubiquitous, it’s also a great way to have your sensitive data (i.e. usernames, passwords, credit card numbers, etc.) compromised. It may be fine for checking the score of the ballgame, but it’s not safe for checking your bank account.
If you want connect safely while on the go, disconnect from Wi-Fi and use your 4G or LTE network. You can also leverage a virtual private network (VPN). Many companies offer VPNs for users and these VPNs provide some additional security when using public Wi-Fi by encrypting your network communications. They are not fool proof, so if you plan to do anything where sensitive info is exchanged either do it from your 4G/LTE connection or from a trusted Wi-Fi network, such as your work or home networks.
The biggest mistake you can make with your online security is to do nothing at all. Now that you’re aware of the cybersecurity mistakes you could be making, it’s time to take charge of your data. Start small by implementing one change at a time. Before you know it you’ll be able to recognize a scam when you see one and help others up their security game too.
As always, your trusted CMIT advisor is here to help. Contact us to learn more about our cybersecurity employee training programs and let us help your team avoid making any of these mistakes.