Jolly roger representing a lapse in cybersecurity.

Bad Security Practices That Hackers Love

When you think about hackers and security breaches, you often associate these attacks with large corporations. Although major security attacks do impact large businesses, small-to-medium businesses tend to be the easiest targets for hackers.

Unfortunately, smaller companies often don’t have a dedicated IT team to enforce digital best practices, leaving them vulnerable to criminals.

Luckily, even if you do not have a deep understanding of IT practices, you can still protect your company through good due diligence — all while avoiding common pitfalls that hackers love.

Be Mindful of These Bad Security Practices

You have likely heard about security best practices. However, it’s also important that you take a proactive approach in regards to bad practices. After all, only around 14% of small companies rate their ability to reduce cyber risks and attacks as highly effective.

Address the following bad practices as soon as possible in order to mitigate cyber-security risks.

Bad practice #1: Only implementing an “all-in-one” antivirus scanner

Back in the early 90s, all-in-one antivirus scanners were effective, as they were able to detect the dozens of worms and viruses lurking out there. Unfortunately, times have changed. Thousands (if not millions) of malware programs are released monthly, many of which will go undetected.

To protect your business, you need a combination of tools in a unified platform that is easy to manage. This platform should take care of things like file sharing security, email security, routine system scans, and more.

Bad practice #2: Reusing passwords

Many people have a “go-to” password, often using it across multiple online accounts. This has led to some major data breaches in the past, as hackers are able to easily steal a copious amount of information by just knowing a single password.

Each account needs to have a strong, unique password. Make sure each password is at least six characters (but the more the better) and that it includes a combination of numbers, letters (both lowercase and uppercase), and symbols.

Bad practice #3: A lack of training

One of the biggest issues associated with cybersecurity is human error. Whether your staff ignore security updates or is unaware of phishing scams, poor training and a lack of awareness are incredibly dangerous for your business.

Many companies do not make cybersecurity training a priority until it’s too late. Be sure to meet with your staff on a regular basis to discuss the latest techniques and methods, as well as recent trends and dangers (especially in relation to malware email attachments).

Related: The 3-2-1 Backup Rule — Why It’s Important

Bad practice #4: Not performing regular tests

You may have implemented security measures in the past, but that does not mean they’re up-to-date. This is where regular testing or “fire drills” come into play. If you created a security response plan within the last year, you should run a hypothetical drill.

Ideally, you should be revisiting your security plans quarterly — but many businesses are now opting to run drills monthly. This also applies to your disaster recovery plan (as hackers are not the only risk involved).

Bad practice #5: Ignoring the dangers of mobile devices

Since many companies are transitioning towards a “bring your own device” arrangement, business owners need to consider where critical data is being stored and accessed. This is because mobile devices are typically easy to crack.

If you currently have mobile device management (MDM) or enterprise mobility management (EMM) solutions in place, know that these do not protect you against hackers and malware. This is something that you can discuss with a managed service provider.

Create a Better Cybersecurity Strategy Today

Beginning today, it is imperative that you take a proactive approach, focusing on your company’s future. After all, cybersecurity entrepreneur and IT security futurist, Neil Rerup, said it best, “True cybersecurity is preparing for what’s next, not what was last.”

Now is the time to create a solid cybersecurity strategy and if you require assistance, please feel free to contact our team our team today!