The cybersecurity landscape is ever-changing. The more technology evolves, the more we have to keep up with the issue of cyber attacks and cybersecurity. What used to be perfectly good cyber workplace practices a decade ago may instead lead to a breach today.
While it’s true that some things never change, like the importance of identity, privilege, and asset management — these are only the exceptions and not the rule. Most of the time, you may be surprised to find that you’re doing your business more harm than good by inadvertently following these outdated cybersecurity workplace practices.
1. Thinking Your Business is Too Small to Be a Target
Size doesn’t matter when it comes to cyber-attacks. You’re only fooling yourself if you think your business is too small a target to be worthwhile. The reality of the situation is that everyone can be a target.
SMBs relying on their size to evade cyber-attacks may find themselves in deep trouble when one does occur. This is mainly due to the fact that these SMBs won’t have had the necessary infrastructure and training to combat cyber attacks.
2. Relying on Outdated Cybersecurity Tools
A perimeter firewall and antivirus were the go-to tools for any cybersecurity expert back in the day. These days, however, this software has become obsolete. In fact, 73% of hackers say that traditional firewalls and antiviruses are irrelevant or obsolete.
If you’re currently using only these software, you may want to invest in more up-to-date technology to either provide additional layers of security or replace them entirely.
3. Downloading Software from the Source
These days, commercial apps (like Microsoft Office) have two sources. You either get them directly from the manufacturer or from an established app store.
Downloading apps directly from the manufacturer assures that the software is genuine. This also ensures that the software hasn’t been tampered with.
However, installing that same app from an established app store may have some advantages. You may find it easier to deal with compatibility issues. Also, you won’t have to look for app updates since they’ll be automatically available.
4. Ignoring Software Updates
Updating software can be a hassle. It can be both time-consuming and expensive — but ultimately worthwhile. This is because software updates often come with security updates for that software.
You see: Attackers know of — and rely on — people’s aversion to software updates. Once they get information on a software update, they’ll then try to hack users between the time the update became available and the time users actually installed those updates.
Ignoring these updates can, therefore, allow hackers to exploit known vulnerabilities that should have already been addressed.
5. Frequently Changing Passwords
Changing passwords regularly is sound advice when it comes to cybersecurity. An ever-changing password makes it harder for hackers to crack. However, this only works if you’re doing it correctly.
People required to change their passwords frequently tend to create easy-to-remember passwords. This tendency to rely on simpler (easily-hackable) passwords is simply due to burnout. When hard-to-remember passwords ARE created, they’re often forgotten because of the frequency that they’re being changed.
There are two ways around this problem: Either train employees to change their passwords ONLY when they believe their account has been breached; or implement the use of a company-issued password manager.
6. Relying on Two-factor Authentication
On the topic of password security, it’s highly likely that you’ve used or are using 2FA. It acts as a second layer of defense against would-be hackers who somehow gain access to your username and password.
Most companies implement one-time authorization codes (OTAC) to provide 2FA. The problem is that advanced phishing attacks actually target OTAC.
To prevent this, your company can opt for multi-factor authentication (MFA) instead. MFA usually involves factors such as knowledge (something only the user knows), possession (something only the user has), and inherence (something the user and only the user is).
7. In-house Servers Only
In-house servers give you physical control over data that doesn’t need an internet connection to access. It also keeps data away from third parties and is certainly a viable option for SMBs.
However, aside from requiring more capital for hardware and infrastructure, in-house servers are also more susceptible to data loss during disaster situations. This is why much of today’s modern software is cloud-hosted. Most cloud-hosting services can provide exactly what your business needs all while keeping your data secure in the event of theft, disaster, etc.
8. Focusing Only on Technology
A chain is only as strong as its weakest link. When it comes to cybersecurity, that weakest link is the human element. Locking down your cybersecurity with million-dollar tech won’t matter if your employees open the gate from the inside.
Company cybersecurity has to be everyone’s concern. Everyone involved, from rank-and-file to the CEO, has to be aware of the best cybersecurity practices. You can limit employees’ access to sites, but they’ll bypass those prohibitions with a VPN if they don’t understand WHY certain websites are prohibited.
9. Reversing What Employees Learned at a Corporate Training Session
Let’s say your company DOES train its employees in cybersecurity, but are you sure they’re using up-to-date practices? The problem with corporate training sessions is that employees can miss a lot of information by just missing one training session.
If you’re not clearly outlining changes to existing policies, some employees may not know about some of those changes and continue using outdated cyber practices. Employees may become confused or frustrated and instead resist the current policies if they weren’t made aware of such changes.
10. Making Everything too Complex
“Sometimes less is more.”
This is especially true in cybersecurity. A simpler infrastructure means implementing only the most important features. This can help ensure that new applications work well with the rest of the tools in your business.
This also carries through to your threat response procedure. Keeping things simple here means trained employees will find it easier to report attempted attacks once a possible threat has been identified.
As technology evolves, cyber-attacks and cybersecurity are constantly looking to gain the upper hand over the other. What was perfectly good cybersecurity advice a decade ago may no longer apply today. Protect your company by avoiding these outdated cybersecurity workplace practices.
Never think that your business is too small. Discard or bolster traditional cybersecurity software. Consider downloading software from established app stores and never ignore software updates.
Change your passwords only when you think your account has been compromised or use a company-issued password manager. Make use of MFA when protecting your accounts.
Consider using a cloud-hosted server.
Cover all bases and invest in employee cybersecurity training as well. Outline any changes made to cybersecurity policies. And remember to keep everything as simple as possible.