Bad cybersecurity habits to abandon this 2020

Bad cybersecurity habits to abandon this 2020

A new year is almost upon us, and many people are coming up with “New Year’s resolutions” — pledges to accomplish a personal or professional goal, or to improve someone’s life. Whatever the intention may be, it’s important to be realistic and stay focused on what needs to be accomplished.

The same principle applies to your business’s cybersecurity. Your workforce may have been victims of cyberattacks, such as malware and phishing, this year primarily due to bad security habits. So this 2020, it’s important to teach your employees to change these habits. Educating them won’t just make them more aware of the threats they need to stay away from, but it will also protect your company and prevent confidential information from landing in the wrong hands.

Let’s take a look at some of the worst cybersecurity habits to get rid of this 2020:

#1. Negligence towards cyberthreats

Many small- to medium-sized businesses (SMBs) still have the notion that cybercriminals only go after the large companies. They think that they have nothing of value to be stolen, so hackers won’t bother attacking their organization.

Unfortunately, 43% of cyberattacks are actually targeting small business, according to the Verizon 2019 Data Breach Investigations Report (DBIR). This is because cybercriminals know that many SMBs are negligent and don’t have proper cybersecurity solutions in place.

SMBs should be aware that they are just as vulnerable as large companies when it comes to cyberattacks. To mitigate the risk of threats, invest in proper cybersecurity software like anti-malware programs, firewalls, and the like. Partnering with a managed IT services provider (MSP) like Binatech can also go a long way. MSPs protect SMBs from all threats 24/7/365, and ensure that data will always stay safe.

#2. Using poor passwords

Having poor passwords remains to be the primary reason why businesses fall victim to cyberattacks. The 2019 DBIR found that 80% of hacking-related breaches involved compromised and weak credentials. Meanwhile, 29% of all breaches involved the use of stolen credentials.

Too many users still don’t care about having secure passwords for their accounts. They use easy-to-guess passwords such as “12345678,” “qwerty,” “letmein,” and “passw0rd123,” among others.

Most companies recommend including special characters and numbers, but this makes passwords harder to remember. To combat this problem, the National Institute of Standards and Technology (NIST) has recommended a new policy that makes things easier not just for employees, but for companies as well:

  • Use passphrases. These are composed of a sentence or a combination of words such as “correcthorsebatterystaple,” or “flatlylandladypatchytripping”. A long password containing dictionary words is easier to remember and are harder to crack.
  • Use multifactor authentication (MFA). This solution uses more than one verification method, like a one-time SMS code or a fingerprint, to confirm a user’s identity. By adding another security layer, hackers won’t be able to infiltrate into an account even if they gain a hold of a user’s login credentials.
  • Reset passwords only after breaches. Changing passwords monthly is a common office policy, but frequent password updates can make users suffer from password overload. Instead, companies are now recommended to require a password reset only after a data breach. For example, if a malware attack successfully invades your system, force your employees to change their passwords immediately to prevent any more data from being stolen.

#3. Not regulating mobile phones at work

Personal mobile devices such as smartphones, laptops, and tablets now play an essential role in the workplace because many employees take advantage of their portability and ease of use. However, your workforce can inadvertently leak your data if these gadgets are not regulated.

Let’s say an employee brings their personal laptop to your office and uses it for work. If the device is loaded with spyware and other malicious programs, cybercriminals can easily steal your files.

To lessen the risk of cyberattacks, implement an effective mobile device management (MDM) policy. MDM makes it easier to remotely administer mobile devices that your workforce uses in and out of the office.

One of its significant features that protect your information is remote data wiping. In the instance where a company-registered smartphone gets stolen, MDM can delete all of the handset’s contents to prevent any breaches. Other features include patching enforcement, password policy management, and application whitelisting.

#4. Lack of backups

No matter how affordable or compelling your services are, clients won’t trust you if your company is constantly experiencing downtime or if you fail to protect their confidential information. That’s why it’s important to back up and secure your data.

Natural and man-made disasters such as flash floods, forest fires, and malware attacks will inevitably happen, and having a backup can help you recover from them and resume operations quickly. You can utilize external hard drives and USB flash drives, but it’s best for businesses to back up their files on cloud-based servers. Because of its geo-redundant features, data will be saved on multiple locations around the world. If a file cannot be retrieved in a certain server, the cloud can simply grab another copy from another location, making recovery easier than ever.

Binatech offers customizable and cost-effective cloud computing solutions for your organization. All your servers and solutions will be housed within our own data center, making it possible to keep your data more secure than ever without the need to buy expensive hardware.

#5. Not regularly training your employees

Just because you have conducted a cybersecurity training in the past year doesn’t mean you won’t have to do it again. The cybersecurity landscape is always shifting, and hackers are constantly coming up with new ways to steal data from businesses.

Conduct cybersecurity training sessions at least once or twice a year to keep your employees updated on what they need to look out for and how they can stay protected from cyberattacks. For instance, you can conduct regular phishing simulations to see how your employees will react in such situations. After gathering the results, provide necessary training to those who struggled with the exercise.

Make better New Year’s resolutions for your business by consulting with Binatech. Our cybersecurity solutions will protect your IT infrastructure inside and out 24/7/365, and keep downtime at bay. By partnering with us, you’re securing your business success for the coming year. Interested? Give us a call today to know more.