.svg)
June 2022
Omar Zarabi
#1 Human Error
Nine out of ten data breach incidents are caused by employee mistakes, a 2020 study noted.1 While that seems a little high, the point is clear: human error is causing a disproportionate amount of compromise. “A joint report from cybersecurity firm ESET and business psychology provider the Myers-Briggs Company revealed that human error has led to an increase in the cybersecurity risks and challenges for 80% of businesses during the pandemic,” adds CISO Mag.2 While those risks and challenges are rooted largely in malware, ransomware and APTs, there’s no need to help out the bad actors. We’ll explore the most common mistakes we make when it comes to network security, and how we can get out of our own way.
#2 Password issues
We’ve heard it over and over before: change your passwords. How many of us actually do? Not enough. According to Google, 65% of people reuse their passwords. This leaves them open to credential stuffing attacks, account take-over and permissions abuse.Switching to MFA methods or ModernAuth would be the advisable route, but if that’s not an option, change your password often, never use the same password on multiple sites, and consider a password generator to create truly random, hard-to-crack credentials.
#3 Mishandling sensitive data
Never send your Personally Identifiable Information (PII) over unsecured channels. We’ll paint the picture:
- 45% of human error breaches come from sending sensitive information to the wrong party via email (don’t get phished).
-16% stems from unintended release of sensitive information.
-The young are more susceptible to those sneaky emails, with 32% of employees between 31-40 admitting to clicking on a phishing link, as compared to only 8% over age 50.
Best tips to avoid getting phished? Train your employees alert your organization when a phishing attempt pops up, and teach your team to stay suspicious. If a legitimate company wants to query your data, there are usually better ways.
#4 Outdated or hidden software
Legacy software riddled with bugs can sink your boat. You’d think bad actors would be after the “sophisticated attacks,” but they’re not above some low hanging fruit. It has been estimated that as many as a third of all breaches occur due to known vulnerabilities failing to be patched in a timely manner. Don’t disable those auto-updates.
Even worse than old, vulnerable software is software that can’t be found. Shadow IT applications lurk in the unorganized gaps of your network and act as ticking time-bombs, ready to remain hidden while their certificates expire and leave you open to compromise and attack.
Find a software solution that can help you gain visibility across your enterprise and within the cloud to ferret out Shadow IT devices, and patch until you can update legacy equipment.
#5 Unauthorized device access
This is a big problem with remote work. With a BYOD (bring your own device) culture becoming the norm in many places, it’s often hard to pull back from convenience and remember the security implications of our actions.
Employees with too much access may be caught inadvertently “installing unauthorized software, changing settings and configurations, downloading malicious files from the internet, [and] accessing confidential corporate data.”
#6 Failing to create a security culture
Building a culture of cybersecurity is more than just putting some policies in place and requiring office-wide training. It’s taking into account age level, technology background and online habits of employees - your weakest link (nothing personal).
Says Tim Sadler, CEO of Tessian: “Cybersecurity training needs to reflect the fact that different generations have grown up with technology in different ways. It is also unrealistic to expect every employee to spot a scam or make the right cybersecurity decision 100% of the time.”
To “do it right,” our cybersecurity training courses will account for demographic, experience level and be customizable.
As the analogy goes, it’s no use devising a super lock when you’re just going to leave the key under the mat. We can’t make those kinds of mistakes. Cybercriminals already find ways to breach the most well-guarded environments, so there’s no point in making the job any easier by failing to do our part.
