Consulting with a Conscience™

A cruciallogics blog

Written by Amol Joshi
on May 30, 2024

It’s no secret that data loss can be catastrophic for an organization, leading to financial losses and reputational damage. Yet, surprisingly, in many cases, it is not malicious actors but rather basic security missteps that lead to data loss. This article will discuss ten common malpractices in the IT community that can result in data losses within just ten days.

1. No Defence Against Phishing: According to Verizon, a staggering 81% of all cyber-attacks start with a phishing email. Organizations are exposed to a wide range of risks without proper anti-phishing defence, including spoofing and ransomware attacks.

2. Poor User Password Practices: Password hygiene is essential for maintaining a secure network environment. Unfortunately, many organizations still rely on weak passwords and need proper password protocols such as enforcing multi-factor authentication or password expiry dates.

3. No Endpoint Protection: Endpoint protection solutions such as antivirus software and firewalls are vital components of an effective cybersecurity strategy. Without them, it is impossible to protect against malware threats and other malicious activity at the endpoints on a network.

4. Letting Unauthorized Users Access Corporate Devices: Allowing unauthorized users access to corporate devices increases the likelihood of data breaches due to their lack of understanding of corporate safety standards or policies. Attackers can easily take advantage of this vulnerability by exploiting any weak points or misconfigured systems for their gain.

5. Poorly Managed High-Privileged Accounts: When privileged accounts are not managed properly, they become one of the most vulnerable entry points into corporate networks and systems; leaving them unanswered also opens up plenty of opportunities for attackers to gain access to sensitive information and resources which could lead to massive data loss if not dealt with immediately.

6. Poor Patch Management Practices: Not applying security updates regularly exposes organizations to various cyber threats, including viruses, ransomware, Trojans and other malicious programs that exploit system weaknesses or vulnerabilities associated with old software versions or applications installed on the system. Proper patch management practices ensure that all critical patches are implemented as soon as possible so as not to expose the organization’s assets unnecessarily for an extended period without protection from emerging security threats.

7. No Multifactor Authentication (MFA): MFA is one of the most important layers of security when defending against cyber criminals, as it requires multiple authentication factors like passwords and tokens before granting access. Without MFA enabled, it is much easier for attackers to successfully breach an organization’s systems using stolen credentials from compromised accounts.

8. Open RDP Ports: Remote Desktop Protocol (RDP) allows users to connect remotely from one computer/device over another computer/device, which creates opportunities for hackers and malicious actors who leverage these ports and connections routes through brute force attempts and dictionary attacks resulting in significant data loss if left unprotected.

9. No Breach Detection Mechanism: A breach detection mechanism is vital when attempting to detect signs of compromise so anomalies and suspicious activities can be detected early on with necessary steps taken accordingly. Without such a mechanism, organizations may find themselves ill-prepared when dealing with any potential incidents resulting in significant data losses if discovered late.

10. No Security Awareness Training: Educating staff members about good security practices and raising awareness around various cyber risks associated with online activities helps improve overall security posture. Unfortunately, many organizations fail to invest enough resources into employee training resulting in severe consequences should any attacks occur.

Our experienced team can help you resolve any of these issues. Please contact us today to discuss how we can help.

You may also like:

Data Security Cybersecurity

Data Loss Prevention – Protect Your Data with a Risk Plan

Protecting your data and understanding how you recover from a data loss event is key for any IT department. Even the bes...

IAM Active Directory Data Security Artificial Intelligence

4 Cybersecurity Solutions Everyone Is Talking About

Cybersecurity is a hot topic due to the steady rise of cyberattacks and threats. Companies of all sizes have many vulner...

Security Data Security Cloud Security

A Guide to Cloud Security Monitoring & Benefits (+best practices)

Modern technologies bring solutions, but sometimes they come with pain points that, if ignored, lead to failure. Compani...