5 common cybersecurity mistakes to avoid

Sometimes it’s the little things that make the biggest difference. These might seem like obvious pitfalls to swerve, but it’s scary how frequently we hear about some disaster following a really basic cybersecurity error.

1. Not regularly reviewing user access and permissions

It can feel like a never-ending job but keeping track of new joiners, leavers, job changes, and the impact this has on user management really matters. Just think of the damage a disgruntled ex-employee could do if, after heading off to a competitor, they can still access the CRM and print off a handy copy of your client list.

So start by breaking down the task into 2 steps. First, you look at who has access to what – ‘does this person really need to use this system to do their job?’ – and if the answer is yes, take a look at just how much access they have: do they need view-only or full admin rights?

Most applications these days come with the ability to support different levels of user access, so start with the priority systems and work your way down the list from there.

2. Not taking GDPR seriously

Everyone’s hitching their horse to the GDPR bandwagon and promising to get you ‘GDPR ready’ in some way or another. The danger of this of course is that it all begins to feel somewhat overwhelming, the magnitude of required change too great and so paralysis sets in. But whilst we can sympathize with a lack of GDPR enthusiasm, now it’s in place, all businesses must comply.

3. Not taking advantage of 2FA where you can

Two-factor authentication (2FA) builds on the advice in point one. It helps to layer security to make infiltration just that little bit harder for cybercriminals and make sure someone really is who they say they are.

2FA requires not only a password and username for someone to login but for verification via another means to prove it’s definitely them, this is typically done via a code or prompt on a mobile phone. Just a word of warning, advice is not to use SMS verification as it can come with its own problems.

If you’re still not convinced about robust passwords and 2FA then we have one word for you: Equifax.

4. Not doing regular pen testing

Penetration testing (pen testing for short) is where you simulate an attack on your computer network so you can effectively evaluate just how secure it is. Pen testing doesn’t have to be all about the weaknesses, such as possible entry points for unauthorized parties, but it also highlights your network’s strengths. Doing this regularly keeps you up-to-date with what you need to be keeping an eye on and what needs to be fixed as soon as possible.

5. Not deploying DMARC

DMARC is the email authentication protocol that not only gives you complete visibility into how your domains are being used (and abused!) to send emails, but most importantly helps you to lock it down so that only authorized senders can send emails using your domain. It’s an open, standard protocol, widely endorsed by email providers and government agencies alike, so there’s really no excuse for not protecting yourself against email phishing attacks.

Take the first step towards safer email today

So that’s it, our top 5 common cybersecurity mistakes to definitely avoid. If you’re wondering where to start on your journey to safer email, then why not take the first step and see how your current email security setup looks?

Use our free investigate tool to quickly and easily check the SPF, DKIM, and DMARC setup of your domain, you won’t regret it!

check email setup

PUBLISHED BY

Clare Holmes

18 Jan. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more
Certificates

Never miss an expiring certificate again with Red Sift Certificates Lite

Francesca Rünger-Field

SSL/TLS certificates are the backbone of secure, uninterrupted digital experiences—but managing them effectively to prevent downtime remains a persistent challenge. With browser and certificate authorities looking to reduce certificate durations to as little as 90 or even 47 days, keeping track of renewals has never been more critical. That’s why we’re excited to introduce…

Read more
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more