The 4 Most Common Security Mistakes that Businesses Make

Cybersecurity is critical for businesses both small and large. We know that hackers and malware attacks make the news on a regular basis. But many companies still neglect the network security aspects of their business. These are four of the most common cybersecurity mistakes that businesses make, and the steps you can take to avoid them.

Mistake #1: Underestimating the Human Element

email

People are very susceptible to the lure of links. An email arrives in an employee’s email inbox from what seems to be one of the company’s software providers. It urges the receiver to click on the link to apply an important update to their software. Or to login and change their password because of a recent security vulnerability that was discovered. One click, and a drive-by download installs malware and makes it possible for a hacker to access the company’s network. Even the best web filters and email filters have trouble keeping up with all the new attack variants that aim to hack a network using unsuspecting employees.

Employees need to learn to view the email messages they receive with a critical eye. As well as how to browse the web safely and think carefully before they click on a link. They are often the last line of defense against hackers, and the weakest link in a company’s security chain. Money invested in training your employees about cybersecurity is money well spent.

Mistake #2: Mistakenly Allowing Former Employees to Continue to Access Company Data

fired from job

Too many companies are not careful enough about system access after an employee leaves the company. Some examples of forgotten details include the following:

  • Invalidating all of the employee’s account passwords, including workstation and network passwords
  • Removing the employee from access lists
  • Retrieving all backup data sources the employee may have used, including items such as external hard drives or thumb drives
  • Retrieving all work-related devices, including cell phones, tablets, laptops, etc.
  • Either deactivating or removing the employee’s accounts for things such as email, laptops, desktops, and servers

When an employee leaves voluntarily or is fired, every company (small or large) needs a protocol in place to make sure they do not still have access to company systems. Failure to enforce such a protocol not only puts the company at risk, but can lead to HIPAA violations if personal health information is involved.

Mistake #3: Failing to Upgrade and Update Software and Operating Systems

software upgrade

Refusing to upgrade to newer versions of software and hardware may seem like the most economical thing to do, but from a security standard standpoint it is very risky. Among other things, additional security measures are included in updates, which may be based on weaknesses discovered (often the hard way!) in previous versions.

Another issue with outdated software is that it may no longer be supported by the vendor, which means that security vulnerabilities go unresolved. Outdated software is commonly exploited by hackers, who often keep track of when applications are no longer supported. Using unsupported software can allow them to gain entry to your network and critical data. The same can be said of outdated hardware, which also can have serious vulnerabilities. A good example of exploiting hardware weaknesses is the VPNFilter malware, which originally targeted older model routers.

Updates are just as important, as they often provide critical patches for recently discovered bugs. Procrastinating when it comes to updates, as annoying and needlessly time-consuming as they seem, leaves your system unnecessarily open to malicious attacks. And this advice is equally applicable when it comes to firmware, too.

Mistake #4: Using Weak Passwords

updating password

Let’s start off by looking at some of the worst password practices out there:

  • Writing passwords down where someone can find them, including writing them on paper or storing them in a spreadsheet on your computer
  • Using passwords that are less than 12 characters long
  • Only using all lower-case or upper-case letters, and rarely (if ever) using numbers or symbols
  • Allowing browsers to save your passwords
  • Sharing passwords with fellow employees
  • Rarely change passwords
  • Use the default password for hardware and programs
  • Using the same password (or very similar passwords) for multiple accounts
  • Using something easy for someone to figure out, like birthdays, anniversaries, pop culture references, last names, and pet names

Did any of that look familiar? It turns out that most companies aren’t as careful as they should be about passwords, which can seriously compromise their cybersecurity. Experts recommend not only enforcing rigorous password standards, but including multi-factor authentication as an extra security measure. And, of course, educating employees on password standards and why they are so important.

Conclusion

You might have noticed that three out of the four common mistakes discussed above directly involve employee actions. All employees need to be informed about what they can do to support the cybersecurity of the company and how important a role they play as the last line of defense against hackers. And never underestimate the importance of applying all software and firmware updates, or letting your software become so outdated that the vendor no longer supports it.

Let ITSG Secure Your Company!

At ITSG, one of the many services we provide is network and data security. Whether it’s viruses, trojan horses, denial-of-service attacks, data theft, or any of a number of other cybersecurity threats, our team can work with you to make sure that your system is secure. We offer email security solutions, web filtering, and intrusion prevention as well. And if you feel overwhelmed by the thought of cybersecurity, our team can put things in terms that you will understand. Contact us today!