By Sam Chester
Be it stolen customer data, phishing, or ransomware attacks, successful cyberattacks can affect businesses of any size and in any industry. A 2018 study by Juniper Research unveils that breaches in cybersecurity are likely to result in the theft of over 146 billion records by the year 2023, while identity theft has affected over 60 million Americans (as found by a 2018 survey by Harris Poll).
Whether you are offering personal services or running a business operation, establishing an online web presence has now become a necessity for success. A security breach can destroy your business in numerous ways including loss of website visitors due to downtime, loss of customer trust and business revenue, along with loss of sensitive customer data.
Thanks to the expanding awareness of cyber attacks and online threats, business enterprises are investing millions into improving their cybersecurity through the latest technology and tools. Still, an analysis of even the most complex online attacks reveals that website security is often imperiled by the most elementary mistakes that can be easily fixed by enterprises.
Below we look at the top eight mistakes in cybersecurity that you should dodge in the coming years.
- Poor Password Management
Weak passwords are among the principal reasons for most of the cybercrimes including brute force attacks. An instance of a successful brute force attack is the March 2018 Magento case where almost 1,000 user accounts were compromised due to weak user account passwords. Examples of weak passwords that are still used include “123456,” “password,” and “qwerty.”
Listed below are some of the best practices in password management that can improve cybersecurity:
- Use of complex passwords that incorporates alphanumeric and special characters.
- Enable 2-Factor Authentication (or 2FA) that can be used with strong passwords to safeguard user access.
- Avoid the use of the same passwords in multiple business accounts.
- Use of desktop or smartphone apps that can securely store (or even regenerate) passwords instead of writing them down on a post-it or note pad.
- Maintain the habit of periodically changing passwords for all your accounts.
- Perception of Being Exempt from Online Attacks
Small-scale business enterprises or SMBs have this false opinion that their business is too small or trivial to be targeted by hackers. The fact is that every business, large or small, are possible targets for hackers. A 2018 study on the state of cybersecurity in small and medium-sized businesses revealed that 67% of the SMBs have encountered a cyberattack while another 58% have had a data breach in the previous 12 months.
Furthermore, companies that do not manage credit card data or any customer information believe that cybercriminals will not target their security network. In truth, hackers are targeting several computer networks to find vulnerabilities and obtain sensitive information or cause damage.
The fact is if your business has a digital presence, you are at risk and must adopt cybersecurity as a business strategy to guard both your stored data and website resources.
- Public Wi-Fi Usage
Be it at the local coffee shop or at the airport, public Wi-Fi hotspots are becoming extremely common and free for public use. But free Wi-Fi does not necessarily mean that you should always use them whenever available to you.
Internet networks such as public Wi-Fi are often not secure and are increasing the number of man-in-the-middle (or MITM) attacks that are used to intercept confidential data like credit card details and login credentials.
You can prevent (or decrease) the chances of such cyber-attacks by:
- Curbing the use of public Wi-Fi connections for performing sensitive tasks like making online payments or file sharing.
- Employ a Virtual Private Network (or VPN) when accessing from a public place. The use of VPNs keeps your online activities safe from being intercepted by hackers.
- Ineffective Privilege Management
Are you providing the bulk of your users with unrestricted rights and privileges to your security network? Or do you have many users with “admin” privileges?
Neglecting the security risk posed by human users can be harmful to any business. This can involve granting admin privileges or access to critical business data to temporary workers, freelancers, consultants, or even your clients. The April 2018 Credit card data breach reported by Lord & Taylor that compromised 5 million credit cards along with other data breaches in 2018 could have been prevented through proper privilege management.
As most security networks allow full account privileges to admin users, hackers try to break into admin accounts to gain access to the backend data. The following privilege management practices can be useful in improving cybersecurity:
- Restricting the number of admin users to only those who actually need it.
- Assigning user rights and privileges on the basis of user roles.
- The additional approval process for high-risk tasks such as deletion done by admin users.
- Withdrawing access rights with third-party users at the end of the working relationship.
- Annual training programs with employees to understand safe cybersecurity practices.
- The “Outdated Network” Problem
Regardless of which network technology or tool that you use, they have to be regularly updated to fix any crucial security bugs that hackers can abuse. The 2018 case of the Spectre and Meltdown security flaws in computer CPUs affected a bulk of computer processing equipment that needed the release of security patches and fixes for hardware & software, along with operating systems.
While countering every attack may not be possible, you must be well-versed in the overall architecture and structure of your security network and implement practices to keep all your tools and website components updated to their latest version. Along with the latest anti-virus software tools, deploying security mechanisms like ransomware blockers along with frequent updates can boost your cybersecurity measures.
- Bad Email Practices
According to the U.S Federal Bureau of Investigation (or FBI), there has been a 60% rise in the year 2018 in fraudulent email activities aimed at theft of money or personal information. Among the most famous email phishing scams in 2018, technology companies, Google and Facebook were deceived of over $100 million by a hacker impersonating as a computer parts vendor.
Even after many repeated warnings against responding to unsolicited email messages, email users continue to fall victim to bogus emails about investment opportunities, job offers, and tax savings.
Here are email security best practices that are necessary to improve cybersecurity:
- Don’t open links or attachments sent through unsolicited emails.
- Confirm the source of emails by checking the sender’s email address or contacting them by phone or in person.
- Don’t respond to unsolicited emails.
- Don’t share sensitive information such as credit card details or passwords.
- Just an “IT” Problem
Is cybersecurity just an “IT” issue? Can it be fulfilled by employing IT security personnel who will implement solutions that can safeguard your network? If your response to these questions is “Yes,” then you are in for a blow. Cybersecurity is no longer the responsibility of the IT department but demands accountability from everyone in the firm including the C-suite.
While IT personnel can devise and execute the best of security systems and processes for your business, guaranteeing cybersecurity at every level must be the duty of every department group and employees. Here are some steps to assure that cybersecurity is not just limited to the IT department:
- Proper employee training on the business risks linked with cyberattacks.
- Highlight the significance of applying regular updates and safe email practices to your employees and its pertinence to cybersecurity.
- Plan and administer a complete risk management framework that covers cybersecurity.
- The “Shadow IT” Issue
With the increase of offsite cloud-based solutions and smartphone apps, your workforce is now accessing both in-premise applications (that are mostly secure) and many shadow applications that may not be secure against cyber-attacks.
While it’s not feasible to restrict employees from accessing these shadow applications from their devices, companies should be able to monitor these applications and sort them on the basis of their risk profile. Moreover, you can formally approve the “safe” and “trusted” apps so that they can be used just like any other in-house application.
The increasing numbers and complexity of cyber-attacks around the globe is surely a catalyst for raising awareness about cybersecurity practices and investment in the most modern security tools.
Nevertheless, committing a majority of the cybersecurity blunders (as described in this post) can still threaten and compromise the best of IT security systems and infrastructure.
About the Author
Sam Chester is a cybersecurity engineer who highlights the ways to be safe online. He is the co-founder of BestVPNZone.