5 common cybersecurity mistakes to avoid

Sometimes it’s the little things that make the biggest difference. These might seem like obvious pitfalls to swerve, but it’s scary how frequently we hear about some disaster following a really basic cybersecurity error.

1. Not regularly reviewing user access and permissions

It can feel like a never-ending job but keeping track of new joiners, leavers, job changes, and the impact this has on user management really matters. Just think of the damage a disgruntled ex-employee could do if, after heading off to a competitor, they can still access the CRM and print off a handy copy of your client list.

So start by breaking down the task into 2 steps. First, you look at who has access to what – ‘does this person really need to use this system to do their job?’ – and if the answer is yes, take a look at just how much access they have: do they need view-only or full admin rights?

Most applications these days come with the ability to support different levels of user access, so start with the priority systems and work your way down the list from there.

2. Not taking GDPR seriously

Everyone’s hitching their horse to the GDPR bandwagon and promising to get you ‘GDPR ready’ in some way or another. The danger of this of course is that it all begins to feel somewhat overwhelming, the magnitude of required change too great and so paralysis sets in. But whilst we can sympathize with a lack of GDPR enthusiasm, now it’s in place, all businesses must comply.

3. Not taking advantage of 2FA where you can

Two-factor authentication (2FA) builds on the advice in point one. It helps to layer security to make infiltration just that little bit harder for cybercriminals and make sure someone really is who they say they are.

2FA requires not only a password and username for someone to login but for verification via another means to prove it’s definitely them, this is typically done via a code or prompt on a mobile phone. Just a word of warning, advice is not to use SMS verification as it can come with its own problems.

If you’re still not convinced about robust passwords and 2FA then we have one word for you: Equifax.

4. Not doing regular pen testing

Penetration testing (pen testing for short) is where you simulate an attack on your computer network so you can effectively evaluate just how secure it is. Pen testing doesn’t have to be all about the weaknesses, such as possible entry points for unauthorized parties, but it also highlights your network’s strengths. Doing this regularly keeps you up-to-date with what you need to be keeping an eye on and what needs to be fixed as soon as possible.

5. Not deploying DMARC

DMARC is the email authentication protocol that not only gives you complete visibility into how your domains are being used (and abused!) to send emails, but most importantly helps you to lock it down so that only authorized senders can send emails using your domain. It’s an open, standard protocol, widely endorsed by email providers and government agencies alike, so there’s really no excuse for not protecting yourself against email phishing attacks.

Take the first step towards safer email today

So that’s it, our top 5 common cybersecurity mistakes to definitely avoid. If you’re wondering where to start on your journey to safer email, then why not take the first step and see how your current email security setup looks?

Use our free investigate tool to quickly and easily check the SPF, DKIM, and DMARC setup of your domain, you won’t regret it!

check email setup

PUBLISHED BY

Clare Holmes

18 Jan. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more
DMARC

Mail Check is changing: What UK public sector organisations must know about…

Jack Lilley

The National Cyber Security Centre (NCSC) has suggested a change to Mail Check services starting on 24 March 2025. This change mainly involves ending DMARC aggregate reporting. This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of…

Read more
DMARC

Beyond DMARC: How Red Sift OnDMARC supports comprehensive DNS hygiene

Red Sift

Registrable domains and DNS play a crucial role in establishing online identity and trust, but their importance is often taken for granted. During new service setups, record updates are often overlooked, accumulating outdated entries. As infrastructure teams become increasingly overstretched,  services may be incorrectly shut down without proper cleanup, leaving behind a sprawl of…

Read more
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more