Cybersecurity Best Practices: 4 Risky Mistakes to Avoid From a SOC Expert
While stopping 100% of security incidents is impossible, our team runs into quite a few threats and incidents that could have been prevented through more public awareness of some simple best practices.
Following are four common mistakes we see people making every day, along with some tips on how to avoid them. These suggestions are simple but very important steps anyone can take to better protect themselves and their organizations online.
1. Use Strong (Not Recycled) Passwords
One of the most frequent mistakes individuals make is using weak or recycled passwords. This is done mostly because it can be difficult to remember complicated passwords for numerous accounts. It is tempting to use an easy password such as “123456,” a birthday, or even a high school graduation date on multiple sites for convenience. However, this approach is just what hackers are hoping for. If a hacker cracks that one password, they can use it to access multiple accounts.
Recently we saw a real-life example of this with a user who used the same simple password for email and social media accounts. Unfortunately, a hacker accessed one social media account through that password and quickly tried the same one on an email account. The hacker gained access to even more sensitive information like bank details and personal files. When this happened, we immediately reset all passwords, enabled multi-factor authentication (MFA), and closed out all active sessions running on the account as a precautionary measure.
Using strong passwords for each account (each with a unique combination of letters, numbers, and symbols) is essential for protecting your online presence. Using a reputable password manager app is another way to safely keep track of passwords, ensuring protection without the need to memorize them all.
2. Take Action on Updates
We’ve all experienced that moment when a pop-up reminds us to update our phone or computer, but the timing feels off, or we’re too busy, so we click “Remind me later” (again and again). This small act of procrastination might seem harmless, but it can open the door to serious cyberattacks.
Most updates contain critical security patches that fix vulnerabilities in a device’s software or operating system. By continually postponing them, you may expose your devices to potential threats that could have easily been prevented.
As the saying goes, “An ounce of prevention is worth a pound of cure,” and this couldn’t be truer in the digital world. To avoid unnecessary risks, enable automatic updates for your devices and make it a habit to update apps, software, and systems as soon as they are available.
3. Recognize Signs of Phishing Scams
Cybercriminals have become more sophisticated in their phishing tactics. By sending bogus emails or messages that appear to be from reputable businesses or even people you might know, they make their scams more difficult to detect.
At Ostra, we fight against phishing very heavily. We once had a client who reached out to us when their spouse almost fell victim to a phishing scheme targeting their home computer. After receiving an email warning that the computer had viruses and that she needed to take immediate action, the client’s spouse got on a call with the threat actor. Things even got to the point where the cybercriminal persuaded her to download Remote Desktop Manager (RDM) software. Luckily, the client walked into the room and overheard what was happening before any credentials or machine access was shared. The user immediately contacted us and we took the necessary steps to remediate the situation.
Phishing scams are known for urging people to “act fast” or take advantage of deals that are too good to be true, which should immediately raise red flags. The idea is to deceive people into disclosing important information like login passwords, credit card data, or social security numbers. To protect yourself, be wary of unsolicited emails or communications—especially those asking for personal information or payment. Further, verify the source by checking the sender’s email address or looking on the company’s official website to find a contact number and call it directly for verification.
If you think you accidentally clicked on something you shouldn’t have, report it to your IT team or service provider immediately. The faster your security team can be aware of an issue, the faster they can work to contain it. Security professionals understand that everyone is human, and we’ve all clicked on things that later turned out to be a bad idea. At Ostra, we infuse security awareness training into our culture through security awareness training, phishing testing, and encouraging users to report all possible issues. And we encourage our clients and partners to do the same within their organizations. This approach helps ensure continuous learning as we all strive to make our organizations safer.
4. Protect Your Privacy on Social Media
Sharing our lives online can be fun, but oversharing personal details can turn us into easy targets for cybercriminals. Posting information such as your full birthdate, location, or answers to common security questions—such as your first pet’s name or where you grew up—can give hackers the tools they need to access your accounts. Cybercriminals often use this information for social engineering, manipulating their targets into revealing even more personal data or tricking companies into granting them access to personal accounts. To stay safe, be mindful of what you share online, review and adjust your privacy settings on social media often, and think carefully before posting anything that could potentially be used against you.
In conclusion, it is critical to understand the risks and take proactive measures to protect ourselves from cyber threats. While it’s easy to develop security-compromising habits, making simple changes can drastically lower your chances of a cyberattack. Strengthening your passwords, upgrading your software, remaining attentive to phishing schemes, and being cautious while using social media are foundational actions we can all take to be more secure online.
Remember, cybersecurity is more than just avoiding threats; it is about developing habits that protect personal information. Contact Ostra to learn more about creating a strong cybersecurity strategy and educating your employees so they can navigate the digital world with confidence.
Eunice Asemnor is a Security Analyst at Ostra Cybersecurity, a multi-layered and fully managed Security as a Service. With expertise in SIEM technologies, cybersecurity solutions, and advanced threat defense, Eunice plays a key role in protecting Ostra’s clients as a member of Your Trusted Cybersecurity Team.