Be it stolen customer data, ransomware attacks, or a website crash, successful cyber attacks can impact both small and large business websites in any industry domain. A 2018 study by Juniper Research reveals that breaches in cybersecurity are likely to result in the theft of over 146 billion records by the year 2023, while identify thefts has impacted over 60 million Americans (as found by a 2018 survey by Harris Poll).
Whether you are offering personal services or running a business enterprise, establishing an online web presence has now become a mandatory prerequisite for professional success. A serious security breach can damage your business in multiple ways including loss of website visitors due to downtime, loss of customer trust and business revenue, along with loss of confidential customer data.
Thanks to the growing awareness of cyber attacks and online threats, business enterprises are investing millions into enhancing their cybersecurity through the latest technology tools. However, an analysis of even the most complex online attacks reveals that website security is often compromised by the most basic mistakes that can be easily corrected by enterprises.
In the following sections, we shall look at the 8 most common mistakes in cybersecurity that you should avoid in the coming years.
1. Poor Password Management
Weak passwords are among the leading reasons for a variety of cyber crimes including brute force attacks. An example of a successful brute force attacks is the March 2018 Magento case where almost 1,000 user accounts were compromised due to weak user account passwords. Examples of weak passwords that are still used include “123456,” “password,” and “qwerty.”
Listed below are some of the best practices in password management that can enhance cybersecurity:
a) Use of complex passwords that includes alphanumeric and special characters.
b) Enable 2-Factor Authentication (or 2FA) measure that can be used with strong passwords to secure user access.
c) Avoid the use of the same passwords in multiple business accounts.
d) Use of desktop or smartphone apps that can securely store (or even regenerate) passwords instead of writing them down on a post-it or note pad.
e) Maintain the practice of periodically changing the password for all your user accounts.
2. Perception of being exempt from online attacks
Small-scale business enterprises or SMBs have this false perception that their business is too small or insignificant to be targeted by hackers. The reality is that every business, large or small, are potential targets for hackers. A 2018 study on the state of cybersecurity in small and medium-sized business revealed that 67% of the SMBs have experienced a cyber attack while another 58% have had a data breach in the previous 12 months.
Additionally, companies that do not handle credit card data or any customer information believe that cybercriminals will not target their security network. In reality, hackers are targeting a variety of computer networks to find vulnerabilities and extract sensitive information or cause damage.
The fact is if your business has an online digital presence, you are at risk and must adopt cybersecurity as a business strategy to protect both your stored data and website resources.
3. Inefficient Privilege Management
Are you providing most of your users with unrestricted rights and privileges to your security network? Or do you have many users designated with “special admin” privileges?
Ignoring the security risk posed by human users can be detrimental to any business. This can include granting admin privileges or access to critical business data to temporary workers, freelancers, consultants, or even your clients. The April 2018 Credit card data breach reported by Lord & Taylor that compromised 5 million credit cards along with other data breaches in 2018 could have been prevented through proper privilege management.
As most security networks grant full account privileges to admin users, hackers try to break into admin accounts to gain access to the backend data. The following privilege management practices can be effective in enhancing cybersecurity:
a) Restricting the number of admin users to only those who really need it.
b) Assigning user rights and privileges on the basis of user roles.
c) The supplementary approval process for high-risk tasks such as deletion performed by admin users.
d) Revoking access rights with third-party users at the end of the working relationship.
e) Regular training programs with employees to follow safe cybersecurity practices.
No matter which network technology or tool that you deploy, they have to be regularly updated to fix any critical security bugs that hackers can exploit. The 2018 case of the Spectre and Meltdown security flaws in computer CPUs affected a majority of computer processing equipment that required the release of security patches and fixes for hardware & software, along with operating systems.
While preventing every attack may not be possible, you must be well-versed in the overall architecture and structure of your security network and implement practices to keep all your software tools and website components updated to their latest version. Along with the latest anti-virus software tools, deploying security tools like ransomware blockers along with regular updates can boost your cybersecurity measures.
5. Poor Email Practices
According to the U.S Federal Bureau of Investigation (or FBI), there has been a 60% rise in the year 2018 in fake E-mail activities aimed at theft of money or personal information. Among the most popular E-mail phishing scams in 2018, technology companies, Google and Facebook were duped of over $100 million by a hacker posing as a computer parts vendor.
Despite the numerous warning against responding to unsolicited E-mail messages, Email users continue to fall victim to fake emails about investment opportunities, job offers, and tax savings.
Here is the best of Email practices that are necessary to improve cybersecurity:
a) Do not open links or attachments sent through unsolicited Emails.
b) Verify the source of Emails by checking the sender’s email address or contacting them by phone or in person.
c) Do not reply to unsolicited Emails.
d) Do not share sensitive information such as credit card details or passwords.
6. Insecure Wi-Fi Usage
Be it at the local coffee shop or at the international airport, public Wi-Fi Internet spots are increasingly becoming common and free for public use. However, free Wi-Fi does not necessarily mean that you should always use them whenever the opportunity arises.
Insecure Internet networks such as public Wi-Fi are boosting the number of man-in-the-middle (or MITM) attacks that are used to intercept confidential information like credit card details and login credentials.
You can prevent (or reduce) the chances of such cyber attacks by:
a) Restricting the use of public Wi-Fi connections for carrying out sensitive tasks like making online payments or file sharing.
b) Use a Virtual Private Network (or VPN) when accessing from a public place. Use of VPNs keeps your online activities secure from being intercepted by hackers.
7. Just an “IT” Problem
Is Cybersecurity just an “IT” problem? Can it be achieved by employing an IT security personnel who will implement solutions that can safeguard your network? If your answer to these questions is “Yes,” then you are in for a shock. Cybersecurity is no longer the responsibility of the IT department but requires accountability from everyone in the company including your business leader.
While IT personnel can design and implement the best of security systems and processes for your organizations, ensuring cybersecurity at every level must be the responsibility of every department group and employees. Here are some measures to ensure that cybersecurity is not just restricted to the IT department:
a) Proper employee training on the business risks associated with cyber attacks
b) Highlight the importance of applying regular updates and safe Email practices to your employees and its relevance to cybersecurity.
c) Design and execute a complete risk management framework that includes cybersecurity.
8. The “Shadow IT” issue
With the growth of offsite cloud-based solutions and smartphone apps, your company staff is now accessing both in-premise applications (that are mostly secure) and many shadow applications that are not necessarily secure against cyber attacks.
While it’s not possible to prevent employees from accessing these shadow applications from their desktop computers or smartphones, companies should be able to monitor these applications and rank them on the basis of their risk profile. Additionally, you can officially approve the “safe” and “trusted” apps so that they can be used just like any other in-house application.
The growing numbers and complexity of cyber attacks around the world is definitely a catalyst for increasing awareness about cybersecurity practices and investment in the latest security tools. However, committing a majority of the cybersecurity mistakes (as outlined in this article) can still undermine and compromise the best of IT security systems and infrastructure.
Check out Jigsaw Academy’s comprehensive training to upskill your cybersecurity career here.