10 Worst Cybersecurity Habits to Stop Immediately

April 4, 2019 Lenny Simon Lenny Simon

It’s all too easy to fall into bad habits—especially when those habits either make your day a little easier or trick you into thinking you’re doing something worthwhile. Many companies practice bad cybersecurity habits without ever realizing what they’re doing wrong or how these habits put them at risk of falling victim to different cybersecurity threats.

To help you recognize these bad habits (and, hopefully, avoid them), here’s a list of the worst cybersecurity habits that you should work to stop immediately:

Bad Cybersecurity Habit #1: Taking a Careless or Negligent Attitude Towards Cyber Threats and Vulnerabilities

One of the worst cybersecurity habits any organization could fall into is assuming that they’re the exception to the rule that “everyone is a target, and no one is immune to attack.” They think that they’re either too small to be targeted by a serious attack, or too big to be affected. So, they take a lackadaisical attitude towards emerging cyber threats.

As a consequence, when an attacker does target them and succeeds, they’re totally unprepared to effectively deal with the fallout. Also, because they haven’t been staying up-to-date with their security measures, attacks are more likely to succeed in the first place.

The best fix for this bad habit is to take cybersecurity seriously by staying informed of the latest cyber threats and the best strategies to counter them.

Bad Cybersecurity Habit #2: Thinking Basic Solutions Will Be Enough

Many organizations assume that all they need is the bare minimum security that is required to achieve compliance. They’ll enact basic cybersecurity solutions and leave it at that without any further assessment of their specific risk profile or new and emergent cyber threat signals.

The end result is that when attackers target these organizations, they will often be able to easily overcome the most basic cybersecurity measures and attack with impunity.

Bad Cybersecurity Habit #3: Treating Cybersecurity Like a “Black Box”

Not everyone can be a cybersecurity expert. However, even without a degree in network security, there is no reason to treat cybersecurity like some kind of “black box” technology that can’t be measured, managed, or improved.

All it takes is some time and effort—or maybe a little help from a dedicated team of experts—to find ways to shore up your cybersecurity in an efficient and cost-effective manner.

Bad Cybersecurity Habit #4: Not Using Email Protection

All too many organizations completely overlook the need for strong email security measures—choosing instead to rely on whatever built-in security their email client of choice implements. This is a severe mistake, as it is all too easy to sneak a cyber threat such as a malware download or a malicious website link into an email.

So, it’s imperative for companies to use strong email protection measures such as virus/malware scanning, anti-phishing technology, and rigorous training in email safety best practices to avoid email-based cybersecurity threats and vulnerabilities.

Bad Cybersecurity Habit #5: Poor Password Hygiene

Weak passwords are a common vulnerability that attackers exploit to illicitly access systems. A weak, easy-to-guess password lets attackers hijack user accounts with ease. However, on the other hand, passwords that are too long and difficult to remember also lead to users practicing poor password hygiene—they often write their passwords down where others can find them or deliberately share passwords with coworkers and family members in an effort to avoid forgetting the password.

This makes it all too easy for someone to hijack a user account and use it to commit fraud—all while laying the blame at the hijacked employee’s feet.

So, it’s important to enforce the use of strong passwords and to ensure that employees know good password hygiene—basically not writing passwords down where they can be easily copied and not sharing their passwords with others for any reason.

Bad Cybersecurity Habit #6: Not Using Multifactor Authentication

Multi-factor authentication (also known as multi-factor authentication or MFA) increases user account security by combining multiple authentication methods to verify a user’s identity. These authentication methods include two or all three of the following:

  • Something You Know. This could be a password, one-time authentication code, or answer to a security question.
  • Something You Are. This usually involves a biometric signature such as a thumbprint, voice recognition, retinal scan, etc.
  • Something You Have. This can be a physical authentication token/USB key, or the use of a pre-registered computer or another device.

Adding multi-factor authentication for user accounts vastly increases security over just having a username/password combination.

Bad Cybersecurity Habit #7: Forgetting to Set Up Disaster Recovery/Incident Response Plans

Many companies focus so much on their preventative cybersecurity measures that they forget about the need to prepare a plan for an actual data breach—or, they assume that their preventative measures will stop any attacks from succeeding, so they don’t create an incident response plan (IRP) or set up a disaster recovery (DR) solution.

Unfortunately, no business, regardless of how well-protected it is, will ever be 100% immune to attack. If there’s a legitimate way to access your data, then there will be a way for an attacker to get at it, too. So, creating IRPs and DR plans is a must.

Bad Cybersecurity Habit #8: Not Setting Up Security Automation When Available

Even the best crack team of cybersecurity experts can’t respond to an active breach immediately. It takes time for a person to notice an alert, investigate it, figure out what’s going on, and take the appropriate steps to resolve the issue.

Setting up automated security systems that will immediately start working to contain a breach as soon as it’s detected can massively improve response time. This gives intruders less time to navigate the network and start breaking into other systems beyond the one they landed in—helping to minimize the impact of a security breach.

Bad Cybersecurity Habit #9: Blindly Adopting Enterprise Security Controls

Cybersecurity is not a device. In fact, blindly adding shiny new security controls without considering how they will integrate with your current cybersecurity protocols and business processes is a pretty solid recipe for disaster.

Just because a security control or tool is popular doesn’t mean that it’s right for the enterprise. So, it’s important to assess each tool and its potential impacts carefully to verify that the security benefits outweigh the potential drain on business processes.

Also, it helps to consider the user experience for each new security measure you add. If there are too many complicated cybersecurity processes that need to be navigated, employees may try to circumvent them. Remember: Nothing takes place in a vacuum—cybersecurity tools will impact both the business and its employees.

Bad Cybersecurity Habit #10: Adding Weak Links Via IoT Devices

The Internet of Things (IoT) offers many conveniences for modern offices. However, IoT devices can also introduce a lot of unnecessary security threats and vulnerabilities to an organization. Adding too many Wi-Fi capable devices to the office network gives intruders a wealth of opportunities to hijack these devices and leverage them to attack the company’s network.

So, when looking at an IoT device for the office, it’s important to consider whether the convenience factor of the device is worth the risk of a potential cybersecurity breach. If so, how can the risk of a cyberattack against the device be mitigated? Does the manufacturer release periodic security updates to prevent the device from being hacked?

This list highlights just a few of the worst cybersecurity habits that the Compuquip team has encountered over the years. If you need help kicking one of these bad habits, reach out to us today! We’ll be happy to help you find ways to improve your cybersecurity strategy so you can focus on meeting your business goals.9-it-practices-putting-businesses-at-high-risk

cdo-guide-to-omnichannel-security