One careless click. One login reused too many times. That’s all it takes. These mistakes may seem small on the surface, but when you realize that 95% of all cybersecurity breaches are caused by human error, these are just the starting points for a dangerous fire.
For executives and business leaders, overlooking small cybersecurity mistakes can cost more than money. It can damage your brand, disrupt operations, and cause a snowball effect that puts some companies out of business. Here are five small cybersecurity mistakes that can have big consequences, and what your company should do instead.
1. Using Weak or Reused Passwords
Sounds way too simple, right? Yet over 73% of people were reportedly using the same passwords for personal and work accounts. Managing a lot of unique and complex passwords can be difficult, so it makes sense that people would do this.
However, all it takes is one single password to be in a data breach for credential stuffing hacks to occur. This is where hackers will use automated systems to repeatedly inject stolen usernames and passwords across thousands of sites. This attack works often since, as we saw, most people tend to reuse work and personal passwords.
What to do instead:
- What we at Kirkham IronTech recommend is to use a 16+ character, unique password with symbols, numbers, and uppercase/lowercase letters. Doing so will dramatically increase the time it takes for a hacker to crack it. Also, if you want a place to store these passwords, use a password manager. They can protect, create, and keep all your passwords in one safe place. Having proper password security is crucial for staying secure online.
Photo by Panda Dome
2. Ignoring Software Updates and Patches
In a study of over 2,000 organizations, more than 50% of computers were running an outdated version of an operating system, and over 8,500 companies had failed to update browsers on over half of their machines.
When companies neglect updating software, it leaves doors open for hackers to enter and attack. The point of software updates is to patch vulnerabilities that were previously unknown to protect data security.
What to do instead:
- We recommend enabling automatic updates if possible and keeping track of your system’s software so that it’s up to date. With our helpdesk services, we’re able to assist in troubleshooting hardware and software issues, such as helping with OS updates and closing vulnerabilities before attackers can find them.
3. No Cybersecurity Awareness Training
For nearly 70% of organizations, employees lack fundamental security awareness. This is a shocking number since most of the time, employees are usually an organization’s first line of defense.
Whether it be through a phishing email or a download on a random site, employees should be trained on how to spot and avoid these scams. Before it’s too late.
What to do instead:
- Spending time to talk with your team and train them on the ever-evolving world of cyber threats. We train our own employees and offer cybersecurity training for our clients. Because we understand that employees can have the power to stop major cyberattacks with knowledge of security best practices.
Photo by emPower
4. Ignoring Multifactor Authentication (MFA)
In a report dating back to 2020, Microsoft said that 99.9% of compromised accounts did not use multi-factor authentication. MFA is basically like a door with more than one lock on it. Even if your password is compromised, the attacker will need other authentication methods to get in.
What to do instead:
- Enable MFA every time if possible. This can be a strong layer of defense for keeping sensitive information, such as company emails or bank information, protected.
5. Poor Physical Security Habits
Sticky notes with passwords. Unlocked computers when not at your desk. Shared logins. We see these mistakes all too often in busy offices. They often don’t realize how costly it can be.
Physical mistakes, such as losing devices and insecure office behavior, contribute to 15% of data breaches in small businesses.
What to do instead:
At Kirkham IronTech, we help eliminate these risks with policies that make physical security a priority. This can range from a clean desk policy, user access controls, or remote device management.
Photo by PrivacySense
6. (One More Secret Mistake): Not Partnering with a Managed Security Service Provider (MSSP)
Many executives believe cybersecurity is “handled” because they have antivirus software or an internal IT team. But here’s the truth: cybercriminals are organized, persistent, and constantly evolving.
Trying to manage security with specialized help is like going into battle without armor.
What to do instead:
Let us act as your sidekick, we can be your dedicated cybersecurity partner or build onto your existing cybersecurity and IT infrastructure. Using our IronTech Framework as a shield, we combine cybersecurity, infrastructure, and governance.
If your team has been guilty of some or all the mistakes above, realize that these have a snowball effect. What may not be an issue in one month could cause tens of thousands of dollars wasted due to downtime or a ransomware attack. If you want to secure your business today, here’s what you should do:
- Try our free IT Infrastructure and Risk Assessment – To see what gaps you may have
- Call Us: (479) 434-1400 – Get in contact with our team of professionals.
- Visit Our Website: kirkhamirontech.com – Learn more about our services.
- Email Us: info@kirkhamirontech.com – What’s your current biggest IT headache?
Tom Kirkham brings more than three decades of software design, network administration, and cybersecurity knowledge to organizations around the country. During his career, Tom has received multiple software design awards and founded other acclaimed technology businesses.
