By Zachary Amos, Features Editor at ReHack
Every day, a small business is attacked with ransomware, or a Fortune 500 employee is a victim of phishing. There doesn’t appear to be an end to the cyber threat onslaught, and building defenses includes incorporating new technologies and strategies alongside removing outdated practices.
Workplace cybersecurity is rife with old tactics. Recommendations flood the space frequently, so keeping up with the best cybersecurity practices is challenging. Despite this, staying on top of expert suggestions and compliance is the only way to provide a company with the highest walls against threat actors.
1. Keeping Cybersecurity Practices to the Experts
Human error causes most workplace cybersecurity breaches, and most of it is avoidable if companies perform more comprehensive and mandatory cybersecurity hygiene training. The IT and cybersecurity sectors are full of jargon, making it inaccessible to laypeople, so companies are responsible for normalizing discussions around digital protections.
It’s essential to let the experts handle risk remediation, but keeping that information behind closed doors will jeopardize a company in the long run.
2. Collecting Too Much Data
Employers collect employee data even before hiring. After onboarding, employees’ Social Security numbers, emails, emergency contacts and other information sits for hackers to compromise. From an HR perspective, much of this data is essential for operations, but is it all required?
Instead of collecting as much information as a “just in case” measure, businesses should practice data minimization, gathering only what they will use while being transparent to employees about how they will collect, store and use that information. How regularly will they back up information? Do they delete out-of-date data stores? A data minimization strategy can simplify what businesses keep on hand while protecting their employees’ identities more thoughtfully.
3. Assuming There Will Never Be a Breach
Small and large businesses are making headlines for mind-blowing data breaches. Many companies believe it won’t happen to them because they are small businesses or the entity is so large that a hacker wouldn’t dare touch them. Neither of these assumptions is true — in reality, everyone is susceptible.
Every organization should anticipate they will be next in line for a cybersecurity breach instead of believing they are impenetrable. Even if a company has high cybersecurity practices, they should assume hackers will break their walls too. Shifting the mentality to “when” not “if” can make cybersecurity and business continuity planning more proactive.
4. Trusting Third Parties
Companies are moving to cloud providers or outsourcing vulnerability scanning. Businesses work with numerous suppliers to perform their operations and use third-party software and assets to allow their digital nomads remote access. These are only a few examples of how large an attack area can be with cybercriminals, and it isn’t always a company’s best choice to unthinkingly trust a third party just because they offer security-related products or services.
Every organization a business partners with must be subject to the same cybersecurity auditing and questioning as the company seeking the security. Companies should be able to prove their compliance and have professionals with proper certifications. Third parties, like suppliers, should be open to boosting their cybersecurity if it’s lacking to protect themselves and their B2B relationships.
5. Relying on Perimeter Security
Perimeter security is an old method of defense that focuses on the outermost boundary of the network. Usually, professionals use tools like firewalls, intrusion detection systems, border routers and virtual private networks to keep unwanted intruders out and alert them when hackers attempt to enter the barriers. Though stopping threat actors at the outer wall sounds well-intentioned, overreliance on perimeter security could make teams ignore what’s within.
Numerous businesses, such as cloud providers, use external services from their servers to protect their data. Perimeter security can’t safeguard those products. It’s one example of how perimeter security can’t adapt to technological revolutions like the Internet of Things (IoT) tech and standard third-party practices. Perimeter security works for a portion of a safety strategy, but it isn’t foolproof.
6. Constantly Changing Passwords
Updating a password every 60 days is the old suggestion. Cybersecurity compliance and best practices outfit NIST advises the opposite when discussing single personal credentials. Frequent password change prompts have the opposite intended impact, and users are more tempted to make easy-to-remember passwords with minimal variance in each iteration.
A user is more likely to create a stronger, more secure password once. Shared accounts are a different story and should be changed regularly. For single accounts, it’s better to bolster password safety with password managers, two-factor authentication or biometrics.
Growing out of Old Cybersecurity Practices
Workplace cybersecurity is a constant effort to empower employees and bolster digital defenses. Hackers are getting more clever by the day, and investing in the next big trend in digital safety is equally important to eliminate outdated methods that are gradually damaging efforts.
Eliminating these mentalities will be just as valuable, if not more, than incorporating new software or hiring more employees because it means there is more dedication to proactive security features instead of passive attention.
As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.