The Top 5 IT Mistakes Your Users Could Be Making

Many cyber attacks begin with the tiniest breach in a company’s IT defenses. Unfortunately, several of these weak points in a company’s cyber security framework can be caused by the casual carelessness of a user who may not have adequate IT training, or by an oversight by even the tech-savvy employee. Below are some of the top IT mistakes that users make regularly, and why your IT might not be as secure as you think.

1. Falling for Phishing Scams

While many users are now aware of the dangers of clicking strange links from emails or websites pretending to be legitimate, there are still regular reports of compromised organizations and accounts due to people not paying due diligence. Phishing scams can attempt to glean information as serious as credit card details or just simple knowledge that can be used to access personal accounts. While 10-100 has covered the subject in the past, it’s still important to run regular phishing simulators on your organization to make sure your users are trained in recognizing and reporting phishing attempts—and to locate users that may need additional training in how to keep your business safe from these attacks.

2. Delaying Computer Restarts / Never Doing Software Updates

It’s often tempting just to leave computers on overnight so you can return to an important document or a tab you were working on the day prior. This can lead to a severe habit of never restarting a work computer—up to weeks or months at a time. Restarting your computer refreshes the temporary memory, prevents memory leaks, and often solves any bugs you might be encountering. It’s also important to allow your computer to update software regularly during this time, as it usually patches critical software vulnerabilities or applies necessary updates for glitches and bugs you may be experiencing. By rule of thumb, it’s a good idea to shut down or restart your computer every day, but it can be easier to make a habit of it at the end of the day on Fridays.

3. Weak Passwords and Reusing Passwords

This one is relatively straightforward: passwords should never be the same across every website, and should always include at least one capital letter, one number, and one special symbol and be longer than 8 characters. A good way to set your passwords is to use a Password Manager or follow conventions such as replacing letters with symbols for more complex passwords.

4. Social Media Unawareness

While social media has made it a daily norm to share features about your life, your pets, your hometown, your birthday, the birthdays of your loved ones, or celebrations about your parents and family history, these are all instances of information that have traditionally been used by companies as ‘security questions’ on accounts. Be wary about what you share to social media, as this can often be used to impersonate you and gain unauthorized access to online accounts such as bank information and other sensitive information.

5. Not Using Multi-Factor Authentication

The use of an MFA program such as the Microsoft Authenticator or simply using a phone number to receive a one-time code whenever accessing an online account is one of the most effective ways of preventing malicious attempts of hijacking the account. Receiving a text message when accessing an account is often one of the first signs that someone may have access to a compromised password and will alert a user immediately to the need to change the password in question. While it does add an extra step to the log-in process, the protection that a Multi-Factor Authentication method adds to the account makes the few extra seconds it takes to sign in more than worth it.

Are your users making these mistakes? Are you concerned about how your users might fail to step up to the requirements of safe IT standards? Get in touch with our Sales team today at 01908 087000. Our experienced technicians can test your defenses with phishing attack simulators and provide a framework to boost your cyber security to mitigate many of these risks.