It’s 2020, Stop Making These 5 Common Cybersecurity Mistakes Now

essidsolutions

In the current SaaS-driven IT environment, getting users to follow good cybersecurity practices is becoming a real challenge. Organizations are beefing up security awareness by throwing training modules at users but the messaging somehow may not be getting across, perhaps the way IT teams want. Though empowering employees with secure access technologies is crucial to gain a competitive advantage, users often (not hackers) introduce viruses into the company’s systems through poor cyber practices. 

In this article, we round up the top 5 biggest security mistakes employees continue to make that can lead to data leakages and breaches and even regulatory risks.  

User Errors That Put Company Data at Risk 

There is a type of error in the IT world that is reviled by just about anyone. For security professionals, it is the most common reason for data breaches and for the criminally minded it is the easiest way to hack into a computer system.

This error often goes by a couple of different names, from PEBKAC to PICNIC. For those who don’t know, PEBKAC stands for “Problem Exists Between Keyboard And Chair” while PICNIC means “Problem In Chair, Not In Computer”.  

What this implies is that humans are the weakest link in cybersecurity.  

Learn More: Malware Threats Can Easily Bypass Antivirus Software (Know the Limits of Antivirus) 

Using Passwords That Are Hackable 

When it comes to security practices, for criminals, it is like being a kid in a candy store. Of course, the employees can’t take all the blame, even if they are the cause of a particular data breach. Ultimately it comes down to company policy, and more importantly, how well that policy is implemented. 

Users are notorious for using some of the worst passwords that are easily hackable.  Besides, most users tend to repeat some of these simple passwords until they’re asked to change. Here are some of the classics: 

Abcd123a
Abcd123b
Abcd123c

A password cracking program would be able to crack those passwords in less than two seconds. Actually, according to one password checker I tried, it will take 1.17 seconds to hack. The funniest thing I recently came across was a video conference where the system password was written on a whiteboard behind the speaker.

Falling for Social Engineering Attacks 

There are quite a few other ways that employees can cause security headaches. One of these is that people have a hard time saying no. If somebody can contact them, get on their good side, then start asking for information and get it. 

This is the type of social engineering that Kevin Mitnick, arguably the world’s greatest hacker, used most of all and it still works well today.

Another security snafu is when the employees have ingrained into them the automatic clicking of the “Yes” or “OK” or “Next” buttons on any dialog boxes which pop up. In a company computer where everything is already set up, those dialog boxes could be a malicious program trying to install itself. The employee is helping it achieve its goal. 

Again you really can’t blame the employees for that. They just want to do their work, and some OS have a habit of popping up these dialog boxes seemingly every second or so, and it becomes a habit to close those dialog boxes as fast as possible not to lose the train of thought.

Taking the Phish Bait 

These days email is a staple of the work environment.  Unfortunately, people don’t realize how insecure email is. It is not encrypted, so a simple man in the middle attack can easily read all incoming and outgoing email and modify it. That, coupled with employees discussing sensitive data over the email and using their personal devices to read the email, can result in a perfect storm of data discovery for criminal minds.

Rogue USB Sticks That Infect Systems  

Finally, there is a swag problem. Quite often, seminars and conferences give out goodies, and a lot of times, those goodies are cheap USB memory sticks. Now, suppose you go to a conference, get your swag, and on the way back to the car, you see another USB stick which has been dropped. Woohoo! An extra freebie. The problem is that extra freebies are pre-loaded with some surprises which open a back door of opportunity for hackers. Heck, even huge companies have distributed USB memory sticks with a virus on them. To mitigate these attacks, computer systems can be configured to block unregistered USB devices. Employee accounts can be restricted so programs cannot be installed, and email can be set up to use PGP encryption by default. 

Learn More: 5 Ways Hackers Can Get Around Your MFA Solution 

Summing Up 

What can a company do to mitigate these human-borne security breaches?  When it comes to passwords there are free programs which can check employees’ passwords and flag those using weak ones. Most importantly, never let employees use personal devices to manage company data. 

Cyber Security expert and CEO of ApproyoOpens a new window Chris Carter says a top way to fight back against insider threats is by bringing on solutions and software that will monitor the keystrokes of your employees. Most employees lack a clue about what is on their laptops when they’re working from home or from a remote location. “Tracking their work habits to see what documentation they bring down from the corporate servers to their laptops can be a vital way to secure your organization,” he told Toolbox. 

Do you think users are the weakest link in cybersecurity? Comment below or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA