Consulting with a Conscience™

A cruciallogics blog

Written by Amol Joshi
on March 31, 2023

It’s no secret that data loss can be catastrophic for an organization, leading to financial losses and reputational damage. Yet, surprisingly, in many cases, it is not malicious actors but rather basic security missteps that lead to data loss. This article will discuss ten common malpractices in the IT community that can result in data losses within just ten days.

1. No Defence Against Phishing: According to Verizon, a staggering 81% of all cyber-attacks start with a phishing email. Organizations are exposed to a wide range of risks without proper anti-phishing defence, including spoofing and ransomware attacks.

2. Poor User Password Practices: Password hygiene is essential for maintaining a secure network environment. Unfortunately, many organizations still rely on weak passwords and need proper password protocols such as enforcing multi-factor authentication or password expiry dates.

3. No Endpoint Protection: Endpoint protection solutions such as antivirus software and firewalls are vital components of an effective cybersecurity strategy. Without them, it is impossible to protect against malware threats and other malicious activity at the endpoints on a network.

4. Letting Unauthorized Users Access Corporate Devices: Allowing unauthorized users access to corporate devices increases the likelihood of data breaches due to their lack of understanding of corporate safety standards or policies. Attackers can easily take advantage of this vulnerability by exploiting any weak points or misconfigured systems for their gain.

5. Poorly Managed High-Privileged Accounts: When privileged accounts are not managed properly, they become one of the most vulnerable entry points into corporate networks and systems; leaving them unanswered also opens up plenty of opportunities for attackers to gain access to sensitive information and resources which could lead to massive data loss if not dealt with immediately.

6. Poor Patch Management Practices: Not applying security updates regularly exposes organizations to various cyber threats, including viruses, ransomware, Trojans and other malicious programs that exploit system weaknesses or vulnerabilities associated with old software versions or applications installed on the system. Proper patch management practices ensure that all critical patches are implemented as soon as possible so as not to expose the organization’s assets unnecessarily for an extended period without protection from emerging security threats.

7. No Multifactor Authentication (MFA): MFA is one of the most important layers of security when defending against cyber criminals, as it requires multiple authentication factors like passwords and tokens before granting access. Without MFA enabled, it is much easier for attackers to successfully breach an organization’s systems using stolen credentials from compromised accounts.

8. Open RDP Ports: Remote Desktop Protocol (RDP) allows users to connect remotely from one computer/device over another computer/device, which creates opportunities for hackers and malicious actors who leverage these ports and connections routes through brute force attempts and dictionary attacks resulting in significant data loss if left unprotected.

9. No Breach Detection Mechanism: A breach detection mechanism is vital when attempting to detect signs of compromise so anomalies and suspicious activities can be detected early on with necessary steps taken accordingly. Without such a mechanism, organizations may find themselves ill-prepared when dealing with any potential incidents resulting in significant data losses if discovered late.

10. No Security Awareness Training: Educating staff members about good security practices and raising awareness around various cyber risks associated with online activities helps improve overall security posture. Unfortunately, many organizations fail to invest enough resources into employee training resulting in severe consequences should any attacks occur.


Our experienced team can help you resolve any of these issues. Please contact us today to discuss how we can help.

You may also like:

Security Artificial Intelligence

How Microsoft Security Copilot Is Changing Security Monitoring

Security professionals face a daunting challenge in today's cyber threat environment with a massive amount of data and s...

Security Data Security

5 Mistakes to Avoid in EndPoint Management

Endpoint management is a critical aspect of IT security, and failure to implement it correctly can have severe consequen...

Security Business Advisory

5 Tips for Convincing the CFO to Invest More in Cybersecurity

As a chief information security officer (CISO), you understand the importance of investing in cybersecurity to protect y...