IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

5 security mistakes you must never make

Avoiding these mistakes could save your organisation money, time and reputation

Security attack

The threat landscape is changing with criminals targeting financial targets such as banks, payment processors, retailers, hotels, and anywhere where point of sale terminals are used. But regular users and small and medium-sized businesses are still in the firing line when it comes to financial cybercrime.

According to a whitepaper published by Kaspersky (download), the share of financial phishing increased 13.14 percentage points to 47.48% of all phishing detections in 2016.

So, what are the five biggest security mistakes you can make, and how do you avoid them.

Bad password and security question policies

Hackers will always try the easy things first, this means passwords and security questions that are easy to guess. A security administrator should ensure that any passwords used are easily guessable and security questions should avoid the typical mother's maiden name questions when it comes to resetting passwords. The best ones are long but still easy to use. Don't make the mistake of making too many demands on users, else they will probably forget their passwords.

Also, make sure that users don't use the same password for everything. Hackers rely on people user the same password so they can access various systems without too much effort.

Also, according to Kaspersky's research (you can read that in detail here), you should never disclose your passwords or PIN-codes to anyone not even your closest family and friends or your bank manager. Sharing these will only increase the level of risk and exposure to your personal accounts. This could lead to your financial information being accessed by cybercriminals, and your money stolen.

Answering a phishing email

Financial phishing is one of the most widespread types of cybercriminal activity. Among all existing types of cybercrime, phishing is the most affordable in terms of the investment and level of technical expertise required, according to the Kaspersky whitepaper. You should never click on links sent to you by unknown people or open suspicious ones even if sent to you by friends via social networking or e-mail. These malicious links are designed to download malware onto your device or lead you to phishing webpages aimed at harvesting user credentials.

Not bothering to test a disaster recovery plan

All your servers have been backed up. They are done everyday at a scheduled time. Sounds like you have everything in hand, but have those backups actually been tested? Can they be restored? Are those backups stored in a secure location physically separate from servers? IF you can't answer yes to any of these questions, then you could be making a very big mistake, especially in light of recent ransomware attacks.

Disabling security controls and application updates

A lot of users often have administrative privileges on their machine to make it easier for them to do their jobs in as far as making sure an app works as expected or they can access certain infrastructure, but is in reality a security nightmare. It is sacrificing security for convenience.

When security controls are disabled, catastrophes occur. With an administrator account enabled, an ordinary user can be much more exposed to malware.

In addition, machines also need to be updated frequently. All too often, hackers take advantage of systems that haven't downloaded the latest security patch. Never postpone a vital security update, it could introduce a significant security risk.

Thinking you will never be attacked

Never think for one moment that your company will never be targeted by hackers. While hackers may not be targeting your organisation, they are trying to ensnare as many victims as possible by trying to make users click on a link in a phishing email or download a malware-infected file. This is why they target millions of users. If you think you are not going to be attacked, you have made a massive mistake.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022