Sometimes it’s the little things that make the biggest difference. These might seem like obvious pitfalls to swerve, but it’s scary how frequently we hear about some disaster following a really basic cybersecurity error.
1. Not regularly reviewing user access and permissions
It can feel like a never-ending job but keeping track of new joiners, leavers, job changes, and the impact this has on user management really matters. Just think of the damage a disgruntled ex-employee could do if, after heading off to a competitor, they can still access the CRM and print off a handy copy of your client list.
So start by breaking down the task into 2 steps. First, you look at who has access to what - 'does this person really need to use this system to do their job?' - and if the answer is yes, take a look at just how much access they have: do they need view-only or full admin rights?
Most applications these days come with the ability to support different levels of user access, so start with the priority systems and work your way down the list from there.
2. Not taking GDPR seriously
Everyone’s hitching their horse to the GDPR bandwagon and promising to get you 'GDPR ready' in some way or another. The danger of this of course is that it all begins to feel somewhat overwhelming, the magnitude of required change too great and so paralysis sets in. But whilst we can sympathize with a lack of GDPR enthusiasm, now it's in place, all businesses must comply.
3. Not taking advantage of 2FA where you can
Two-factor authentication (2FA) builds on the advice in point one. It helps to layer security to make infiltration just that little bit harder for cybercriminals and make sure someone really is who they say they are.
2FA requires not only a password and username for someone to login but for verification via another means to prove it’s definitely them, this is typically done via a code or prompt on a mobile phone. Just a word of warning, advice is not to use SMS verification as it can come with its own problems.
If you’re still not convinced about robust passwords and 2FA then we have one word for you: Equifax.
4. Not doing regular pen testing
Penetration testing (pen testing for short) is where you simulate an attack on your computer network so you can effectively evaluate just how secure it is. Pen testing doesn’t have to be all about the weaknesses, such as possible entry points for unauthorized parties, but it also highlights your network’s strengths. Doing this regularly keeps you up-to-date with what you need to be keeping an eye on and what needs to be fixed as soon as possible.
5. Not deploying DMARC
DMARC is the email authentication protocol that not only gives you complete visibility into how your domains are being used (and abused!) to send emails, but most importantly helps you to lock it down so that only authorized senders can send emails using your domain. It’s an open, standard protocol, widely endorsed by email providers and government agencies alike, so there’s really no excuse for not protecting yourself against email phishing attacks.
Take the first step towards safer email today
So that’s it, our top 5 common cybersecurity mistakes to definitely avoid. If you're wondering where to start on your journey to safer email, then why not take the first step and see how your current email security setup looks?
Use our free investigate tool to quickly and easily check the SPF, DKIM, and DMARC setup of your domain, you won't regret it!
