(And how to fix them)
Recently a conversation was overheard between an Apple Store employee (a Genius, no less) and a customer. The customer couldn’t remember her password. The Genius said, “Oh, I just use the same password for everything to keep it simple.” The surprised customer asked, “Even for work? You’re at Apple!” “Well, no,” he sheepishly replied. “They require a unique password and we have to change it all the time.”
Genius or no genius, at least his company requires appropriate security.
Let your employees do what they will at home; in the workplace, if you are still making any of these 5 cyber security mistakes, go ahead and fix them ASAP!
1. Not Being Smart About Passwords
Just like the Apple employee who likely had a, “It could never happen to me” attitude, your employees probably care more about remembering passwords than about protecting your digital assets. That makes passwords the top of any list of cyber threat assessments.
So make it company policy:
- Complicated passwords: not words, containing symbols, mixing upper and lower case, all the rules outlined clearly for stellar passwords.
- Regularly changed passwords, at an interval you monitor. In a “threat active” high-profile sector, once per quarter, at least.
- 2-step verification enabled, a small inconvenience for greater protection.
Protecting passwords system-wide is a simple way to stop the spread of an infiltration of a huge variety, plus it puts cyber security front-and-center with your team.
Which brings us to point two.
2. Not Training Personnel
Too many people still click on weird attachments in strange emails or otherwise fall for dumb phishing scams—even the truly lame-looking scams. Yet, phishing scammers are getting even smarter and forging websites and emails more convincingly.
Since a chain is only as strong as its weakest link, you need your personnel to have some understanding of basic cyber threats and risk assessment. Start by covering what phishing is and how to avoid falling hook, line, and sinker.
3. Not Updating Software
Sure, a software update might include new features or redesigned fonts, but most updates are really about patches.
Software developers don’t intentionally include flaws, of course. Development is just such a different job than searching for vulnerabilities. Many large companies outsource the search for system weaknesses through bug bounty programs. When vulnerabilities are discovered, a patch is created as quickly as possible, ideally before the flaw is made known, but that little, often complicated process, makes room for zero-day vulnerabilities.
All this is to say that threat identification of every kind is a lot to keep up with. Updating software every time an update become available is a simple measure to ensure you have the latest patches.
4. Focusing Too Much on the Perimeter
A firewall is essential, so keep using that tool. Anti-virus software isn’t going away, it’s a necessity as well. But having those two functions in place and thinking you’ve built a mote of safety around your entire infrastructure is flawed thinking.
You need to also have a program that addresses numbers 1-3 above, as well as number 5.
5. Not Utilizing Professionals
Maybe you have one IT professional attempting to do everything for everyone. Maybe you have enough IT experience you feel you can manage the situation yourself, piecing out little bits as you feel necessary.
In today’s cyber threat landscape, however, it pays to utilize cyber security experts, who can perform a custom cyber threat assessment for your organization, and advise you on a personalized action plan.
You don’t need to wait for the next WannaCry to make it happen.