The COVID-19 pandemic has dramatically changed the ecosystem and the workflow of the IT industry. With people transitioning to working from home, there has been an uptick in overall online activity, and consequently, cyber security threats. Cybercrimes have risen 600% during the pandemic due to increased opportunities and attack vectors for threat actors. Companies are likely to suffer a predicted loss of $10.5 trillion annually by 2025, with a 15% year-on-year spike in the run-up to that period.
While some nation-state-sponsored cyber attacks and targeting of critical infrastructure like the Colonial Pipeline hack in the previous year are indicative of the astonishing advancements in cyber attack methodologies, not every cyber attack happens due to the sheer commitment of threat actors. Most of the time, it comes down to human errors and negligence, and some insecure practices users follow. Bad cyber security habits are an open invitation for an attacker to breach your system.
Here are some of the most common top cyber security bad habits you must get rid of in 2022:
- Unsafe Browsing
Unsafe browsing is one of the prime reasons for malware attacks. Threat actors lay a series of landmines on the internet, waiting for someone careless to step on it. At least some, if not all, of the web pages users visit daily might be infected. Attackers use social engineering tricks to lure users to respond to links on the pages without giving it much thought.
With the rise of malvertising, it’s difficult to trust even ads that look legitimate. Sometimes the attacker can initiate a malware attack just by making the user visit a website with JavaScript code that auto-executes once loaded. Some users also fall for emails sent by attackers, which seem to originate from a genuine source, and push them to download and open documents that contain malicious codes. Some install plugins from unknown sources, which might be another malware. Most of these lapses can be avoided if users double-check the websites, URLs, and emails before taking any action.
- Using Outdated Software
Threat actors often leverage vulnerabilities in the operating systems, browsers, firewalls, and antivirus to initiate an attack. According to the National Institute of Standards and Technology’s vulnerability analysis, more than 18,000 security vulnerabilities were disclosed in 2020 at an average rate of 50 Common Vulnerabilities and Exposures (CVEs) per day. This is the highest number of CVEs reported in any year to date. Most software vendors rectify the vulnerabilities in their products by releasing updates.
For example, in December 2021, a zero-day vulnerability was unearthed on Java applications that use the Log4j logging framework. This allowed attackers to use the application interface to download malicious payload into any device using the framework. The developers of Log4j – Apache Software Foundation – later released a patch and recommended that every software vendor update to the latest version 2.17.0. Users who have not installed the patch are still at risk.
Most users do not install updates and patches because sometimes it obstructs their work, or sometimes they are plain lazy. The more you delay installing updates and keep using outdated software, the more vulnerable your system becomes. Using the updated versions of software protects you from cyber threats up to a certain extent.
- Using Public Wi-fi
While public Wi-Fi is useful when you have to check on important stuff when traveling or out for a coffee, it’s not always safe. Public routers are goldmines for cyber attackers as they can easily hack into the network and steal your information. Attackers also use unsecured Wi-Fi connections to distribute malware if users enable file sharing protocol across the network. It’s better if you avoid public Wi-Fi networks altogether, but if you have to, refrain from accessing important accounts.
- Insecure Passwords
Applications and accounts have passwords for a reason. They are supposed to protect your account and personal information from any unauthorized access. But if you are using passwords like 00000 or 123456, you’re defeating the purpose. According to a poll by Google, 24% of Americans still use passwords of these kinds. Worse, 59% incorporate their name and birthdays into their passwords.
Attackers adopt a method called password phishing, where they use an application that breaches a series of ‘easy and common’ passwords to hack into an account. Using a weak password makes your account vulnerable to phishing attacks. That is why most vendors now mandate that the users create strong passwords that contain at least an uppercase letter, a lowercase letter, a special character, a number, and avoid birth dates and names.
Creating a complex password is one thing, but remembering it is admittedly tough. That is why most users have a habit of memorizing a single complex password and using it for various accounts, ranging from social media to banking. This is a risky business because if an attacker acquires your password, all your accounts will be compromised.
Some users create complex passwords for each account but due to the difficulties in remembering them, they store them in a document and save it in their mail or some such place. Imagine what would happen if someone hacks into your email account and stumbles upon your ‘password master sheet’. In such cases, using a password manager – a program that allows you to keep all your passwords in a single secure location – would be helpful.
- No Backup
Cyber attackers, if they get into your system, can install malware that either locks you out or encrypts your sensitive data and prevents access until you pay a significant amount of money. Such ransomware attacks have not only increased with each passing year but have also evolved into double extortion, where you have to pay twice; once to gain access and a second time to prevent data from being made public. Most of these attackers keep a victim’s data as leverage. If the victim has a backup of their important data, they can blunt the extortion bid.
Even if an organization is not attacked by ransomware, losing data to a cyber attack might affect its daily operations, and worse, its reputation. It’s always safer to back up data, preferably on hard drives, so that data breaches cause minimal impact.
- Not Staying Updated
If you run an enterprise or manage a team of IT professionals, you must stay updated on everything happening in the world of cyber security. But most managers do not update themselves on new malware attacks and vulnerabilities. This can cost your enterprise a fortune. Staying updated on cyber security news, at least on a peripheral level, helps you prepare for any eventuality.
- Untrained Staff
Speaking of enterprises, employees, too, play a major role in keeping the systems and network secure. Untrained staff largely develop bad habits like using easy passwords, clicking on random links on websites and emails, or installing unwanted plugins. Attackers leverage their inexperience to gain unauthorized access to the enterprise through their accounts.
Untrained staff often make careless mistakes that can cause serious cybersecurity issues. For example, an employee at a National Health Service trust in the United Kingdom accidentally leaked the personal information of 800 patients enrolled at its HIV clinic. This could have been averted had the staff been sensitized to good cyber behavior.
Final Thoughts
With the onset of the COVID-19 pandemic, enterprises across the globe are forced to embrace remote work culture. Bad cybersecurity habits by enterprise C-suites, managers, and employees can create new attack vectors for threat actors. With the rapid evolutions in cyberattack modes, it’s very important to stay cautious while using your systems and avoid habits that could potentially allow a breach to occur. Law enforcement authorities can help only after an attack. Prevention must start at the user level. If you do not have a New Year’s resolution yet, using better cybersecurity habits is a good one to make!