In-depth

5 security mistakes you must never make

Avoiding these mistakes could save your organisation money, time and reputation

Security attack

The threat landscape is changing with criminals targeting financial targets such as banks, payment processors, retailers, hotels, and anywhere where point of sale terminals are used. But regular users and small and medium-sized businesses are still in the firing line when it comes to financial cybercrime.

According to a whitepaper published by Kaspersky (download), the share of financial phishing increased 13.14 percentage points to 47.48% of all phishing detections in 2016.

So, what are the five biggest security mistakes you can make, and how do you avoid them.

Bad password and security question policies

Hackers will always try the easy things first, this means passwords and security questions that are easy to guess. A security administrator should ensure that any passwords used are easily guessable and security questions should avoid the typical mother's maiden name questions when it comes to resetting passwords. The best ones are long but still easy to use. Don't make the mistake of making too many demands on users, else they will probably forget their passwords.

Also, make sure that users don't use the same password for everything. Hackers rely on people user the same password so they can access various systems without too much effort.

Also, according to Kaspersky's research (you can read that in detail here), you should never disclose your passwords or PIN-codes to anyone not even your closest family and friends or your bank manager. Sharing these will only increase the level of risk and exposure to your personal accounts. This could lead to your financial information being accessed by cybercriminals, and your money stolen.

Answering a phishing email

Financial phishing is one of the most widespread types of cybercriminal activity. Among all existing types of cybercrime, phishing is the most affordable in terms of the investment and level of technical expertise required, according to the Kaspersky whitepaper. You should never click on links sent to you by unknown people or open suspicious ones even if sent to you by friends via social networking or e-mail. These malicious links are designed to download malware onto your device or lead you to phishing webpages aimed at harvesting user credentials.

Not bothering to test a disaster recovery plan

All your servers have been backed up. They are done everyday at a scheduled time. Sounds like you have everything in hand, but have those backups actually been tested? Can they be restored? Are those backups stored in a secure location physically separate from servers? IF you can't answer yes to any of these questions, then you could be making a very big mistake, especially in light of recent ransomware attacks.

Disabling security controls and application updates

A lot of users often have administrative privileges on their machine to make it easier for them to do their jobs in as far as making sure an app works as expected or they can access certain infrastructure, but is in reality a security nightmare. It is sacrificing security for convenience.

When security controls are disabled, catastrophes occur. With an administrator account enabled, an ordinary user can be much more exposed to malware.

In addition, machines also need to be updated frequently. All too often, hackers take advantage of systems that haven't downloaded the latest security patch. Never postpone a vital security update, it could introduce a significant security risk.

Thinking you will never be attacked

Never think for one moment that your company will never be targeted by hackers. While hackers may not be targeting your organisation, they are trying to ensnare as many victims as possible by trying to make users click on a link in a phishing email or download a malware-infected file. This is why they target millions of users. If you think you are not going to be attacked, you have made a massive mistake.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021