5 security mistakes you must never make

Avoiding these mistakes could save your organisation money, time and reputation

Security attack

The threat landscape is changing with criminals targeting financial targets such as banks, payment processors, retailers, hotels, and anywhere where point of sale terminals are used. But regular users and small and medium-sized businesses are still in the firing line when it comes to financial cybercrime.

According to a whitepaper published by Kaspersky (download), the share of financial phishing increased 13.14 percentage points to 47.48% of all phishing detections in 2016.

So, what are the five biggest security mistakes you can make, and how do you avoid them.

Bad password and security question policies

Advertisement - Article continues below
Advertisement - Article continues below

Hackers will always try the easy things first, this means passwords and security questions that are easy to guess. A security administrator should ensure that any passwords used are easily guessable and security questions should avoid the typical mother's maiden name questions when it comes to resetting passwords. The best ones are long but still easy to use. Don't make the mistake of making too many demands on users, else they will probably forget their passwords.

Also, make sure that users don't use the same password for everything. Hackers rely on people user the same password so they can access various systems without too much effort.

Also, according to Kaspersky's research (you can read that in detail here), you should never disclose your passwords or PIN-codes to anyone not even your closest family and friends or your bank manager. Sharing these will only increase the level of risk and exposure to your personal accounts. This could lead to your financial information being accessed by cybercriminals, and your money stolen.

Answering a phishing email

Financial phishing is one of the most widespread types of cybercriminal activity. Among all existing types of cybercrime, phishing is the most affordable in terms of the investment and level of technical expertise required, according to the Kaspersky whitepaper. You should never click on links sent to you by unknown people or open suspicious ones even if sent to you by friends via social networking or e-mail. These malicious links are designed to download malware onto your device or lead you to phishing webpages aimed at harvesting user credentials.

Not bothering to test a disaster recovery plan

Advertisement - Article continues below

All your servers have been backed up. They are done everyday at a scheduled time. Sounds like you have everything in hand, but have those backups actually been tested? Can they be restored? Are those backups stored in a secure location physically separate from servers? IF you can't answer yes to any of these questions, then you could be making a very big mistake, especially in light of recent ransomware attacks.

Disabling security controls and application updates

A lot of users often have administrative privileges on their machine to make it easier for them to do their jobs in as far as making sure an app works as expected or they can access certain infrastructure, but is in reality a security nightmare. It is sacrificing security for convenience.

When security controls are disabled, catastrophes occur. With an administrator account enabled, an ordinary user can be much more exposed to malware.

Advertisement - Article continues below

In addition, machines also need to be updated frequently. All too often, hackers take advantage of systems that haven't downloaded the latest security patch. Never postpone a vital security update, it could introduce a significant security risk.

Thinking you will never be attacked

Advertisement - Article continues below

Never think for one moment that your company will never be targeted by hackers. While hackers may not be targeting your organisation, they are trying to ensnare as many victims as possible by trying to make users click on a link in a phishing email or download a malware-infected file. This is why they target millions of users. If you think you are not going to be attacked, you have made a massive mistake.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020