Top 5 Worst Cybersecurity Habits
Cybersecurity teams will know too well the stress, frustration, and premature greying that can come with the job. Not only must they protect against outsider threats, but they must also close the doors that staff may leave wide open for attack. Unfortunately, there are a number of bad cybersecurity habits that individuals, inside and outside of the office, don't seem to want to kick, despite the dangerous consequences. In turn, cybersecurity teams everywhere are left to play a game of cyber threat Whack-a-Mole that they didn't want to join in the first place.
Here are some of the worst cybersecurity habits that send IT teams' stress levels through the roof. Cybersecurity personnel: look away now – it's painful!
Poor password practices
Qwerty. 123456789. abc123. Each of these passwords send a shiver down cybersecurity teams' spines. At EM360, we like to preach that your password should look like you've sat on a keyboard. The more random the characters and case types, the better. Otherwise, you might as well leave hackers a welcome note. Worse still, some employees may even reuse these weak passwords, making access even easier. At that point, you might as well admit defeat and agree to set up a direct debit for your attackers.
Furthermore, some employees will write their passwords down on, say, Post-it notes, and stick them to their desktop. What they might not realise is the potential this causes for attack. For example, in the event of a break-in, a thief could walk out not only with your employee's devices, but their credentials too. What's more, if your employees are working remotely, like from a coffee shop, someone only has to peer over their shoulder to get what they need. Then, of course, the toughest pill to swallow: disgruntled employees. They may use someone else's exposed credentials to cause some serious damage without leaving a trace of themselves.
"It won't happen to me."
Unfortunately, companies large and small – even tech giants like Facebook – have succumbed to cyber attacks. In other words, no one has complete immunity. Making matters worse is the general consensus that, despite the rife cyber threat landscape, we as individuals think we are the exception to the rule. People either believe their company is too big to be on an attacker's radar, or too small to be of interest.
Thus, their digital behaviour tends to become more lax. In turn, they end up leaving digital breadcrumbs behind that will entice attackers.
Not using protection
A phrase that conjures up images which are definitely NSFW, not using protection is in fact a cybersecurity matter for the workplace. In particular, organisations must ensure that all devices are kitted out with security software. However, your investments in security tools are just the beginning.
Once IT configure a new device for an employee, they often never see it again. This is because (and we have all been guilty of this) once those popups begin (you know, the "Your Subscription is Running out!" kind), employees have a tendency to ignore them. It's strange that in our nature, we prefer to exhaust the 'Remind Me Later' button than be proactive about it. In this case, organisations must lay out clear steps for what to do when security software nears its expiration date.
Not covering up
Covering up webcams and even microphones are simple steps, but with great reward. Voyeurs and webcam hackers will try to gain access to corporate laptops to see and listen through the webcam and microphone. In turn, they can eavesdrop in a bid to steal corporate secrets and information for personal gain or to hold as ransom.
Frustratingly, all it takes to avoid such situations is a cover. You might notice people using Blu Tack or tape, but these have potential to cause damage to webcams. Instead, organisations should stock up on actual camera covers and use tape to cover microphones only.
Bad email etiquette
Phishing and email scams have been plaguing enterprises and individuals alike for too long a time. Why? Because people are still clicking on malicious links and downloading malicious attachments.
Of course, those who don't work in cybersecurity may not be aware of how complex email threats have become. No longer the work of the 'Nigerian prince', email attacks have evolved so much that they can impersonate people within an organisation. This is where it becomes especially dangerous. If your employee receives a message from an address that looks like that of the finance department, they are unlikely to question it and may unwittingly send over sensitive information.
To combat this, businesses should make employees aware of just how sophisticated these threats have become. Employees should also be given a clear outline of steps to take when opening any email, such as always copying and pasting URL links into the browser and not clicking directly on them.
A culture shift is also needed in which people verify their communications in more than one way. For example, if someone in HR reaches out to an employee for sensitive information, the people in conversation should also interact via telephone (or other communication method) to validate the request. Put simply, we must start exercising the motto: question everything.
Next, find out what security considerations come with remote working.