5 common cybersecurity mistakes to avoid

Sometimes it’s the little things that make the biggest difference. These might seem like obvious pitfalls to swerve, but it’s scary how frequently we hear about some disaster following a really basic cybersecurity error.

1. Not regularly reviewing user access and permissions

It can feel like a never-ending job but keeping track of new joiners, leavers, job changes, and the impact this has on user management really matters. Just think of the damage a disgruntled ex-employee could do if, after heading off to a competitor, they can still access the CRM and print off a handy copy of your client list.

So start by breaking down the task into 2 steps. First, you look at who has access to what – ‘does this person really need to use this system to do their job?’ – and if the answer is yes, take a look at just how much access they have: do they need view-only or full admin rights?

Most applications these days come with the ability to support different levels of user access, so start with the priority systems and work your way down the list from there.

2. Not taking GDPR seriously

Everyone’s hitching their horse to the GDPR bandwagon and promising to get you ‘GDPR ready’ in some way or another. The danger of this of course is that it all begins to feel somewhat overwhelming, the magnitude of required change too great and so paralysis sets in. But whilst we can sympathize with a lack of GDPR enthusiasm, now it’s in place, all businesses must comply.

3. Not taking advantage of 2FA where you can

Two-factor authentication (2FA) builds on the advice in point one. It helps to layer security to make infiltration just that little bit harder for cybercriminals and make sure someone really is who they say they are.

2FA requires not only a password and username for someone to login but for verification via another means to prove it’s definitely them, this is typically done via a code or prompt on a mobile phone. Just a word of warning, advice is not to use SMS verification as it can come with its own problems.

If you’re still not convinced about robust passwords and 2FA then we have one word for you: Equifax.

4. Not doing regular pen testing

Penetration testing (pen testing for short) is where you simulate an attack on your computer network so you can effectively evaluate just how secure it is. Pen testing doesn’t have to be all about the weaknesses, such as possible entry points for unauthorized parties, but it also highlights your network’s strengths. Doing this regularly keeps you up-to-date with what you need to be keeping an eye on and what needs to be fixed as soon as possible.

5. Not deploying DMARC

DMARC is the email authentication protocol that not only gives you complete visibility into how your domains are being used (and abused!) to send emails, but most importantly helps you to lock it down so that only authorized senders can send emails using your domain. It’s an open, standard protocol, widely endorsed by email providers and government agencies alike, so there’s really no excuse for not protecting yourself against email phishing attacks.

Take the first step towards safer email today

So that’s it, our top 5 common cybersecurity mistakes to definitely avoid. If you’re wondering where to start on your journey to safer email, then why not take the first step and see how your current email security setup looks?

Use our free investigate tool to quickly and easily check the SPF, DKIM, and DMARC setup of your domain, you won’t regret it!

check email setup

PUBLISHED BY

Clare Holmes

18 Jan. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more
Certificates

How to build an inventory of certificates for PCI DSS 4.0 Requirement…

Rebecca Warren

We talk to organizations daily that are preparing for PCI DSS 4.0 requirements. March 31, 2025 marks the end of the transition period, and on this date, businesses must be fully compliant with PCI DSS v4.0.1.  One of the ways PCI 4.0.1 varies from PCI 3.2 is an updated Requirement 4, which covers encrypting…

Read more
DMARC

Getting started with the OnDMARC API

Nadim Lahoud

The OnDMARC API is great for performing bulk or repetitive tasks that need to be performed quickly, often and without error – and you don’t need to be a developer or even know how to code to use it. Here, I will walk you through how to perform the common task of updating the…

Read more