While threat operators are always enhancing their attacks to overcome measures adopted by IT security specialists, the number one weakness in every defence is often deemed to be human users and their approach to cybersecurity.
To assist users in avoiding putting both their personal and enterprise data at risk, the following are a list of some commonly made IT security errors, and some better practices that are well worth considering.
1. Using easy-to-guess passwords
From dates of birth to the names of family members and football teams to simplistic number sequences and the word “password”, easy-to-guess credentials can help attackers access networks and email accounts.
The National Cyber Security Centre (NCSC) recently advised users to employ passwords that combine three words as a method of creating secure codes that aren’t tricky to recall. Two-factor authentication codes can be a useful addition to string passwords, adding an extra protection layer to accounts.
2. Interacting with emails from unknown senders
Phishing emails are sent out by attackers to persuade recipients to take specific actions. Users should never interact with a message from an unknown sender until they have been fully verified. This means questions must not be replied to and no links should be clicked on, or attachments downloaded. Information given may be used to exploit your firm, while links and downloads may be carrying a malware payload, just waiting to be triggered.
3. Failing to update software on schedule
A computer system is only secure if the latest updates are installed. These include security patches that fix known vulnerabilities, so if they are not installed, attackers can use these lapses to gain entry to your devices and network. From those designed for operating systems to antivirus packages, all updates must be actioned as soon as they are made available.
4. Using connections that are unsecure
Making use of public internet hotspots and other free connections is not a safe way to communicate or transfer private data, and can be a severe risk. Hackers can intercept data traffic and steal confidential information.
To keep exchanges secure, a Virtual Private Network (VPN) should be used whenever possible. The VPN ensures that your location and IP address remain invisible, and keeps your communication and data secure from eavesdroppers and attacks.
Cybernews have posted a great article on using a VPN, with details on why to use one, how to check it’s working and more!
5. Sharing personal information online
Threat operators scour the internet for any material made public they can use to inform or shape their attack strategies. Enterprises should discourage their staff from sharing both personal and company data online on chat forums and social media platforms, where information is easily accessible by attackers.
Private information gleaned by hackers can allow them to spoof email addresses and impersonate trusted colleagues and clients in social engineering attacks on companies, and give threat operators hints on passwords and other protective processes.
6. Not using encryption
Finally, firms and users who are not employing encryption software are leaving their information and systems at risk. At Galaxkey our secure platform can ensure all your company data remains unreadable by attackers, whether it is being emailed or stored on your server.
Contact our team today for a free online demonstration.