Mistake #1 – Poor Password Management By Users
It’s as old as the hills but still prevalent. Weak passwords are simply an easy option and a great temptation for many. Even a very simple technique such as stringing three seemingly unrelated words together to form a password is a sound first step. A different password is needed for logging on to each website or application. Users also need constant reminding. Consider holding them responsible for their password management practices.
Mistake #2 – Lack Of Thorough Cyber Security Awareness Training For Users
Phishing, social engineering and keylogger scams are becoming slicker and more professional. Often these are initiated through email but can be over the phone or even through face to face contact. They represent a real and growing risk and require staff training with regular refresher sessions to raise awareness - alert them to the latest developments and establish a security mindset.
Mistake #3 – Not Patching All Software And Firmware Immediately
The vast majority of successful hacks take advantage of known vulnerabilities that are often in the public domain for many months or even years. A Gartner report puts the figure at 99% of hacks. Shut off these potential exploits through a thorough and methodical discovery program that identifies every piece of software in the estate and identifies those that need patching. Rinse and repeat at regular intervals.
Mistake #4 – Not Using HTTPS Everywhere
All IT departments deploy security measures to protect infrastructure appliances and servers but many overlook the potential risk posed by any exposed web services. HTTPS defends against hackers who intercept traffic to your websites (and potentially applications) from users’ browsers to inject malicious code. HTTPS should be seen as an “entry-level” standard for website design in this day and age.
Mistake #5 – Weak IT Asset Disposal Practices
Data security is put at risk when you hand over end-of-life IT equipment to any third party for recycling or disposal. If you cannot be absolutely certain that any residual data will be thoroughly sanitised, then your process comes into question. With the severe financial penalties that GDPR has introduced for non-compliance as well as actual breaches, taking short cuts with IT asset disposal is simply too serious an existential risk for any organisation to even consider. Engage an accredited professional service.
As fully-accredited IT asset disposal experts, we at Absolute IT Asset Disposals Ltd are especially aware of data security and protection. Our stringent data sanitisation processes ensure that your legal responsibilities are 100% complied with when disposing of old equipment.