CISA Report: The 3 Most Dangerous Business Behaviors (And How They Affect Cybersecurity)
A recent report released by the Cybersecurity and Infrastructure Security Agency detailed three common practices that put businesses’ cybersecurity in jeopardy. Avoiding these practices can mitigate some of the most common cybercrime threats active in the business world today.
3 Behaviors To Eliminate From Your Cybersecurity Practices
Single Factor Authentication
The most dangerous and common practice right now is the reliance on single-factor authentication—i.e., only requiring a password to gain access to business apps and data. At a recent RSA security conference, Microsoft engineers told attendees that 99.9% of the accounts that are compromised each month don’t have a multi-factor authentication solution enabled.
Multi-factor authentication is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.
Despite how basic and easy to use multi-factor authentication is, nearly every login event Microsoft tracks uses only basic authentication processes — a username and password. In January 2020, that resulted in 1.2 million breached accounts.
Too many businesses use default username and password combinations. Businesses that fail to update default passwords and other security standards in place with their hardware and software make easy targets for cybercriminals.
Despite the fact that passwords are the most direct way to access a user’s private information, most passwords in use today are simply not strong or complex enough.
Passwords protect email accounts, banking information, private documents, administrator rights and more — and yet, user after user and business after business continues to make critical errors when it comes to choosing and protecting their passwords.
Keep these tips in mind when setting your passwords:
- Password Strength: It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters. Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack. For a more secure passphrase, you’re encouraged to combine multiple unrelated words to create the phrase, for example, “goldielittlelamb3pigs.”
- Password Managers: These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.
End Of Life
It’s not uncommon for users to procrastinate on technology upgrades. The process can be expensive and complicated, but the fact is that there comes a point in the technology life cycle when failing to upgrade can present a number of serious concerns.
As important as cost control is, it is equally important to ensure you’re maintaining your competitive edge, using secure technology, and working as efficiently and effectively as possible.
This is especially important of technology that has reached end of life. The primary concern with end of life for any hardware or software is that there are no further security patches or updates, which can have dangerous effects:
- Your computers could be infected by malware,
- Your antivirus is out of date,
- Your online banking transaction protection may expire, and
- Your financial data could be exposed to theft.
That’s why it’s so important to implement a robust hardware refresh process and patch management strategy. All security updates need to be implemented immediately, and organizations need to track and plan for when their assets reach end of life.
Need Assistance Eliminating Your Bad Cybersecurity Behaviors?
Taken all at once, this report may seem like a lot to manage on your own. If you’re unsure of how to undertake this process, you should be sure to consult with the experts from HRCT for assistance.