Many cyber attacks begin with the tiniest breach in a company’s IT defenses. Unfortunately, several of these weak points in a company’s cyber security framework can be caused by the casual carelessness of a user who may not have adequate IT training, or by an oversight by even the tech-savvy employee. Below are some of the top IT mistakes that users make regularly, and why your IT might not be as secure as you think.
1. Falling for Phishing Scams
While many users are now aware of the dangers of clicking strange links from emails or websites pretending to be legitimate, there are still regular reports of compromised organizations and accounts due to people not paying due diligence. Phishing scams can attempt to glean information as serious as credit card details or just simple knowledge that can be used to access personal accounts. While 10-100 has covered the subject in the past, it’s still important to run regular phishing simulators on your organization to make sure your users are trained in recognizing and reporting phishing attempts—and to locate users that may need additional training in how to keep your business safe from these attacks.
2. Delaying Computer Restarts / Never Doing Software Updates
It’s often tempting just to leave computers on overnight so you can return to an important document or a tab you were working on the day prior. This can lead to a severe habit of never restarting a work computer—up to weeks or months at a time. Restarting your computer refreshes the temporary memory, prevents memory leaks, and often solves any bugs you might be encountering. It’s also important to allow your computer to update software regularly during this time, as it usually patches critical software vulnerabilities or applies necessary updates for glitches and bugs you may be experiencing. By rule of thumb, it’s a good idea to shut down or restart your computer every day, but it can be easier to make a habit of it at the end of the day on Fridays.
3. Weak Passwords and Reusing Passwords
This one is relatively straightforward: passwords should never be the same across every website, and should always include at least one capital letter, one number, and one special symbol and be longer than 8 characters. A good way to set your passwords is to use a Password Manager or follow conventions such as replacing letters with symbols for more complex passwords.
4. Social Media Unawareness
While social media has made it a daily norm to share features about your life, your pets, your hometown, your birthday, the birthdays of your loved ones, or celebrations about your parents and family history, these are all instances of information that have traditionally been used by companies as ‘security questions’ on accounts. Be wary about what you share to social media, as this can often be used to impersonate you and gain unauthorized access to online accounts such as bank information and other sensitive information.
5. Not Using Multi-Factor Authentication
The use of an MFA program such as the Microsoft Authenticator or simply using a phone number to receive a one-time code whenever accessing an online account is one of the most effective ways of preventing malicious attempts of hijacking the account. Receiving a text message when accessing an account is often one of the first signs that someone may have access to a compromised password and will alert a user immediately to the need to change the password in question. While it does add an extra step to the log-in process, the protection that a Multi-Factor Authentication method adds to the account makes the few extra seconds it takes to sign in more than worth it.
Are your users making these mistakes? Are you concerned about how your users might fail to step up to the requirements of safe IT standards? Get in touch with our Sales team today at 01908 087000. Our experienced technicians can test your defenses with phishing attack simulators and provide a framework to boost your cyber security to mitigate many of these risks.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.