Bad Cybersecurity Practices to Avoid

  • By David Lukic
  • Published: Oct 13, 2021
  • Last Updated: Mar 18, 2022

 The ransomware epidemic has ignited a flurry of best practices lists coming from cybersecurity professionals warning innocent victims about what to do to stay safe online. However, on Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added to its list of some bad cybersecurity practices to help professionals understand the things they may be doing that put them in harm's way.

Who is CISA?

As described on its website CISA, “CISA is the Nation's risk advisor, working with partners to defend against today's threats and collaborating to build more secure and resilient infrastructure for the future.”

CISA's job is to evaluate the national risk of cyber threats and advise the government and the private sector on how to protect themselves. In addition, CISA partners with other government agencies and private threat assessment organizations to find the most viable solutions to mitigate and prevent threats to our collective digital security.

bad cybersecurity practices

Bad Cybersecurity Practices

On Monday, CISA published its list of risky behaviors and bad practices for cybersecurity, and they added to this list single-factor authentication. In its notice, CISA called single-factor authentication "exceptionally risky."

Single-factor authentication refers to signing into an online resource such as a website or app using only one way to verify your identity, such as a password. CISA explains that it is considered very low security because of "matching one factor — such as a password — to a username to gain access to a system."

The biggest issue with passwords is that most are weak and insecure, and they have been stolen in data breaches and show up on the dark web for anyone to steal.

What is poor cyber security

According to CISA What is Poor Cybersecurity?

  1. "Use of unsupported (or end-of-life) software in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
  2. Use of known/fixed/default passwords and credentials in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet.
  3. The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in technologies accessible from the Internet."

CISA hammered home this message with "The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public."

Other bad cybersecurity practices to steer clear from include:

  • Clicking links that come through unsolicited, suspicious emails or downloading attachments without first verifying the sender.
  • Using weak or easy-to-guess passwords.
  • Creating passwords from familiar details (your child's birthday, pet's name, etc.).
  • Using apps on unsecured networks (FREE Wi-Fi).
  • Poor physical management/control over devices.
  • Improper privileges to network resources.
  • Not encrypting data between networks.
  • Storing critical files on unencrypted cloud servers.
  • Not installing robust networking monitoring and antivirus on all servers and computers.
  • Insufficient staff training around social engineering and phishing campaigns.
  • Not updating devices, software, and operating systems with the latest security patches. 
  • Not properly vetting third-party systems and vendors.
  • Not keeping solid backups.
  • Not employing multi-factor authentication for all devices, systems, and services.


About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

What Are Pretexting Attacks: Scam Types and Security Tips?

What Are Pretexting Attacks: Scam Types and Security Tips?

Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know?

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close