In-depth

5 security mistakes you must never make

Avoiding these mistakes could save your organisation money, time and reputation

Security attack

The threat landscape is changing with criminals targeting financial targets such as banks, payment processors, retailers, hotels, and anywhere where point of sale terminals are used. But regular users and small and medium-sized businesses are still in the firing line when it comes to financial cybercrime.

According to a whitepaper published by Kaspersky (download), the share of financial phishing increased 13.14 percentage points to 47.48% of all phishing detections in 2016.

So, what are the five biggest security mistakes you can make, and how do you avoid them.

Bad password and security question policies

Advertisement
Advertisement - Article continues below

Hackers will always try the easy things first, this means passwords and security questions that are easy to guess. A security administrator should ensure that any passwords used are easily guessable and security questions should avoid the typical mother's maiden name questions when it comes to resetting passwords. The best ones are long but still easy to use. Don't make the mistake of making too many demands on users, else they will probably forget their passwords.

Also, make sure that users don't use the same password for everything. Hackers rely on people user the same password so they can access various systems without too much effort.

Also, according to Kaspersky's research (you can read that in detail here), you should never disclose your passwords or PIN-codes to anyone not even your closest family and friends or your bank manager. Sharing these will only increase the level of risk and exposure to your personal accounts. This could lead to your financial information being accessed by cybercriminals, and your money stolen.

Answering a phishing email

Financial phishing is one of the most widespread types of cybercriminal activity. Among all existing types of cybercrime, phishing is the most affordable in terms of the investment and level of technical expertise required, according to the Kaspersky whitepaper. You should never click on links sent to you by unknown people or open suspicious ones even if sent to you by friends via social networking or e-mail. These malicious links are designed to download malware onto your device or lead you to phishing webpages aimed at harvesting user credentials.

Not bothering to test a disaster recovery plan

All your servers have been backed up. They are done everyday at a scheduled time. Sounds like you have everything in hand, but have those backups actually been tested? Can they be restored? Are those backups stored in a secure location physically separate from servers? IF you can't answer yes to any of these questions, then you could be making a very big mistake, especially in light of recent ransomware attacks.

Disabling security controls and application updates

A lot of users often have administrative privileges on their machine to make it easier for them to do their jobs in as far as making sure an app works as expected or they can access certain infrastructure, but is in reality a security nightmare. It is sacrificing security for convenience.

When security controls are disabled, catastrophes occur. With an administrator account enabled, an ordinary user can be much more exposed to malware.

Advertisement
Advertisement - Article continues below

In addition, machines also need to be updated frequently. All too often, hackers take advantage of systems that haven't downloaded the latest security patch. Never postpone a vital security update, it could introduce a significant security risk.

Thinking you will never be attacked

Never think for one moment that your company will never be targeted by hackers. While hackers may not be targeting your organisation, they are trying to ensnare as many victims as possible by trying to make users click on a link in a phishing email or download a malware-infected file. This is why they target millions of users. If you think you are not going to be attacked, you have made a massive mistake.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019