In-depth

5 security mistakes you must never make

Avoiding these mistakes could save your organisation money, time and reputation

Security attack

The threat landscape is changing with criminals targeting financial targets such as banks, payment processors, retailers, hotels, and anywhere where point of sale terminals are used. But regular users and small and medium-sized businesses are still in the firing line when it comes to financial cybercrime.

According to a whitepaper published by Kaspersky (download), the share of financial phishing increased 13.14 percentage points to 47.48% of all phishing detections in 2016.

So, what are the five biggest security mistakes you can make, and how do you avoid them.

Bad password and security question policies

Hackers will always try the easy things first, this means passwords and security questions that are easy to guess. A security administrator should ensure that any passwords used are easily guessable and security questions should avoid the typical mother's maiden name questions when it comes to resetting passwords. The best ones are long but still easy to use. Don't make the mistake of making too many demands on users, else they will probably forget their passwords.

Also, make sure that users don't use the same password for everything. Hackers rely on people user the same password so they can access various systems without too much effort.

Also, according to Kaspersky's research (you can read that in detail here), you should never disclose your passwords or PIN-codes to anyone not even your closest family and friends or your bank manager. Sharing these will only increase the level of risk and exposure to your personal accounts. This could lead to your financial information being accessed by cybercriminals, and your money stolen.

Answering a phishing email

Financial phishing is one of the most widespread types of cybercriminal activity. Among all existing types of cybercrime, phishing is the most affordable in terms of the investment and level of technical expertise required, according to the Kaspersky whitepaper. You should never click on links sent to you by unknown people or open suspicious ones even if sent to you by friends via social networking or e-mail. These malicious links are designed to download malware onto your device or lead you to phishing webpages aimed at harvesting user credentials.

Not bothering to test a disaster recovery plan

All your servers have been backed up. They are done everyday at a scheduled time. Sounds like you have everything in hand, but have those backups actually been tested? Can they be restored? Are those backups stored in a secure location physically separate from servers? IF you can't answer yes to any of these questions, then you could be making a very big mistake, especially in light of recent ransomware attacks.

Disabling security controls and application updates

A lot of users often have administrative privileges on their machine to make it easier for them to do their jobs in as far as making sure an app works as expected or they can access certain infrastructure, but is in reality a security nightmare. It is sacrificing security for convenience.

When security controls are disabled, catastrophes occur. With an administrator account enabled, an ordinary user can be much more exposed to malware.

In addition, machines also need to be updated frequently. All too often, hackers take advantage of systems that haven't downloaded the latest security patch. Never postpone a vital security update, it could introduce a significant security risk.

Thinking you will never be attacked

Never think for one moment that your company will never be targeted by hackers. While hackers may not be targeting your organisation, they are trying to ensnare as many victims as possible by trying to make users click on a link in a phishing email or download a malware-infected file. This is why they target millions of users. If you think you are not going to be attacked, you have made a massive mistake.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is DevSecOps and why is it important?
Security

What is DevSecOps and why is it important?

30 Oct 2020
Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle
Security

Weekly threat roundup: NHS COVID-19 app, Nvidia, and Oracle

30 Oct 2020
Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020