Bad Cybersecurity Practices to Avoid

  • By David Lukic
  • Published: Oct 13, 2021
  • Last Updated: Mar 18, 2022

 The ransomware epidemic has ignited a flurry of best practices lists coming from cybersecurity professionals warning innocent victims about what to do to stay safe online. However, on Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added to its list of some bad cybersecurity practices to help professionals understand the things they may be doing that put them in harm's way.

Who is CISA?

As described on its website CISA, “CISA is the Nation's risk advisor, working with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future.”

CISA's job is to evaluate the national risk of cyber threats and advise the government and the private sector on how to protect themselves. In addition, CISA partners with other government agencies and private threat assessment organizations to find the most viable solutions to mitigate and prevent threats to our collective digital security.

bad cybersecurity practices

Bad Cybersecurity Practices

On Monday, CISA published its list of risky behaviors and bad practices for cybersecurity, and they added to this list single-factor authentication. In its notice, CISA called single-factor authentication "exceptionally risky."

Single-factor authentication refers to signing into an online resource such as a website or app using only one way to verify your identity, such as a password. CISA explains that it is considered very low security because of "matching one factor — such as a password — to a username to gain access to a system."

The biggest issue with passwords is that most are weak and insecure, and they have been stolen in data breaches and show up on the dark web for anyone to steal.

What is poor cyber security

According to CISA What is Poor Cybersecurity?

  1. "Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
  2. Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
  3. The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet."

CISA hammered home this message with "The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public."

Other bad cybersecurity practices to steer clear from include:

  • Clicking links that come through unsolicited, suspicious emails or downloading attachments without first verifying the sender.
  • Using weak or easy-to-guess passwords.
  • Creating passwords from familiar details (your child's birthday, pet's name, etc.).
  • Using apps on unsecured networks (FREE Wi-Fi).
  • Poor physical management/control over devices.
  • Improper privileges to network resources.
  • Not encrypting data between networks.
  • Storing critical files on unencrypted cloud servers.
  • Not installing robust networking monitoring and antivirus on all servers and computers.
  • Insufficient staff training around social engineering and phishing campaigns.
  • Not updating devices, software, and operating systems with the latest security patches. 
  • Not properly vetting third-party systems and vendors.
  • Not keeping solid backups.
  • Not employing multi-factor authentication for all devices, systems, and services.


About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

What You Need to Know about the Medtronic Data Breach

What You Need to Know about the Medtronic Data Breach

Medtronic Plc is an American-Irish medical device company founded in 1949. As one of the largest medical device companies in the world and with over 90,000 employees, the company operates in about 150 countries.

What You Need to Know about the Novo Nordisk Data Breach

What You Need to Know about the Novo Nordisk Data Breach

Novo Nordisk is a leading global healthcare company headquartered in Denmark with production facilities in two other countries.

What You Need to Know about the Carnival Data Breach

What You Need to Know about the Carnival Data Breach

Headquartered in Doral, Florida, Carnival Corporation is one of the world's largest cruise operators, with a fleet of more than 90 ships visiting over 800 ports and destinations.

What You Need to Know about the Charter Communications Data Breach

What You Need to Know about the Charter Communications Data Breach

Widely known through its Spectrum brand, Charter Communications is one of the largest broadband and cable service providers in the United States.

What You Need to Know about the BWH Hotels Data Breach

What You Need to Know about the BWH Hotels Data Breach

BWH Hotel Group is one of the world's largest hotel networks, operating more than 4,000 hotels in over 100 countries. The company evolved from Best Western and today manages a multi-brand portfolio spanning budget to luxury hospitality.

What You Need to Know about the Amtrak Data Breach

What You Need to Know about the Amtrak Data Breach

Amtrak was created by Congress in 1970 as the National Railroad Passenger Corporation. It operates a nationwide rail network with over 300 trains serving more than 500 destinations in 46 states, three Canadian provinces, and the District of Columbia on more than 21,400 miles of route.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close