What are the most common cybersecurity mistakes? Which ones are avoidable?

585 views2 Upvotes5 Comments

Senior Information Security Manager in Software, 501 - 1,000 employees
Two common mistakes are firms that put all of their security eggs into hardware and software while ignoring staff needed to use them properly.

And also not realize that larger enterprise tools require customization before they can be fully implemented. Very few things are plug-and-play.
CIO in Services (non-Government), 201 - 500 employees
Not realizing that there are severe gaps and overlaps between the toolsets we use.  No matter how many, or how good our tools are, we have to constantly remember that new, undiscovered threats emerge every day, so rather than rely on our tools/apps to protect us 100%, we have to rely on our methodologies and practices to notice patterns that might point to a threat; I always look for anomalies, unexplained performance degradation, sudden large increases in storage usage, regular "bursts" f traffic that seem too non-random, etc.

I always think that we tend to be too reliant on our third party apps, and that gives us a false sense of security.

Second, realizing that we are not getting enough help from our Cloud vendors.  They are NOT doing all they can to secure their environments, and that task falls to us, but without knowing where the vendors have issues, all we can do is try to plan for the worst.
Director of IT in Software, Self-employed
These are things that happen a lot in cybersecurity:

1. Failing to keep software and systems up to date
2. Using weak passwords or reusing passwords across multiple accounts
3. Leaving default usernames and passwords unchanged
4. Not using two-factor authentication
5. Ignoring security warnings
6. Failing to back up data and systems
7. Not using secure networks or encryption
8. Not monitoring for suspicious activity
9. Not training employees on security best practices
10. Not having a comprehensive incident response plan

Everything can be avoided, depending on the willingness of the CISOs or CTOs to stay alert to the basics or the little things. Because loopholes can come from the safest and simplest things.
Manager in Services (non-Government), 2 - 10 employees
Cybersecurity is a growing concern for businesses, organizations, and individuals alike. While the majority of people understand the importance of protecting their data and systems, many are still making common cybersecurity mistakes that can leave them vulnerable to attacks. Here are the most common cybersecurity mistakes and how to avoid them.
1. Weak Passwords: A weak or easily guessed password is one of the most common cybersecurity mistakes that people make. Using passwords such as “password” or “123456” leaves your accounts vulnerable to attack. It’s important to use strong, unique passwords for all of your accounts. That means using a combination of upper and lower case letters, numbers, and symbols.
2. Lack of Software Updates: Failing to update your software is another mistake that can leave you vulnerable to attack. Whenever a software vendor releases an update, it often includes security patches that help protect you from hackers and other malicious actors. Make sure to keep all of your software up to date.
3. Neglecting to Back Up Data: Backing up your data is an essential part of protecting your systems. If your data is lost or corrupted, you will be able to easily restore it with a backup. Make sure to back up your data regularly, and store it safely in case of an emergency.
4. Reusing Passwords: Many people make the mistake of using the same password for multiple accounts. This puts all of your accounts at risk if one of them is compromised. Make sure to use a unique password for each account.
5. Ignoring Multi-Factor Authentication: Multi-factor authentication (MFA) is a great way to add an extra layer of security to your accounts. MFA requires the user to provide additional verification such as a code sent to their phone or an email address. Whenever possible, enable MFA on your accounts.
6. Poor Physical Security: In addition to digital security, it’s important to remember physical security. Make sure to always lock your devices when you’re not using them, and keep them in a secure location.
These are some of the most common cybersecurity mistakes that people make. Fortunately, all of them are easily avoidable with a few simple steps. Make sure to use strong passwords, keep your software updated, back up your data regularly, use unique passwords for each account, enable multi-factor authentication, and practice good physical security. Doing so will help keep your data and systems safe from attack.
Director of Tech and Cyber Strategy in Finance (non-banking), 1,001 - 5,000 employees
Focusing on tools instead of outcomes, especially at the onset of a program.

Start with high-impact outcomes that can resonate with the business and have a quick payback such as SSO and MFA, especially where it can improve security and the user experience such as SSO.

In addition, build your program around the skills you can procure. If security is not going to be managed in-house focus on governance; conversely if you internalize security recognize that you will likely have to set aside the funds and time to skill up staff because the landscape will constantly evolve.

Finally don’t link security spending to a percentage of IT budget. Security is insurance so spending should be based on your organization’s risk tolerance and exposure. For example if you store information on the cloud the value of that information is likely a lot higher than the cost of cloud storage.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41k views131 Upvotes319 Comments