Bad Cybersecurity Practices to Avoid

  • By David Lukic
  • Oct 13, 2021

 The ransomware epidemic has ignited a flurry of best practices lists coming from cybersecurity professionals warning innocent victims about what to do to stay safe online. However, on Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added to its list of some bad cybersecurity practices to help professionals understand the things they may be doing that put them in harm's way.

Who is CISA?

As described on its website CISA, “CISA is the Nation's risk advisor, working with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future.”

CISA's job is to evaluate the national risk of cyber threats and advise the government and the private sector on how to protect themselves. In addition, CISA partners with other government agencies and private threat assessment organizations to find the most viable solutions to mitigate and prevent threats to our collective digital security.

bad cybersecurity practices

Bad Cybersecurity Practices

On Monday, CISA published its list of risky behaviors and bad practices for cybersecurity, and they added to this list single-factor authentication. In its notice, CISA called single-factor authentication "exceptionally risky."

Single-factor authentication refers to signing into an online resource such as a website or app using only one way to verify your identity, such as a password. CISA explains that it is considered very low security because of "matching one factor — such as a password — to a username to gain access to a system."

The biggest issue with passwords is that most are weak and insecure, and they have been stolen in data breaches and show up on the dark web for anyone to steal.

What is poor cyber security

According to CISA What is Poor Cybersecurity?

  1. "Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
  2. Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
  3. The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet."

CISA hammered home this message with "The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public."

Other bad cybersecurity practices to steer clear from include:

  • Clicking links that come through unsolicited, suspicious emails or downloading attachments without first verifying the sender.
  • Using weak or easy-to-guess passwords.
  • Creating passwords from familiar details (your child's birthday, pet's name, etc.).
  • Using apps on unsecured networks (FREE Wi-Fi).
  • Poor physical management/control over devices.
  • Improper privileges to network resources.
  • Not encrypting data between networks.
  • Storing critical files on unencrypted cloud servers.
  • Not installing robust networking monitoring and antivirus on all servers and computers.
  • Insufficient staff training around social engineering and phishing campaigns.
  • Not updating devices, software, and operating systems with the latest security patches. 
  • Not properly vetting third-party systems and vendors.
  • Not keeping solid backups.
  • Not employing multi-factor authentication for all devices, systems, and services.


About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

What is an Incident Response?

What is an Incident Response?

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

What is a Social Engineering Attack? Techniques and Ways to Prevent

What is a Social Engineering Attack? Techniques and Ways to Prevent

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Side Channel Attack: Everything You Need To Know

Side Channel Attack: Everything You Need To Know

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close