The Top 10 Cyber Security Mistakes Your CISO Wants You To Avoid

It is more important than ever to ensure that you use the internet safely to protect both yourself and the companies you work for from cyber attacks. Cyber security mistakes made by individuals are the most common cause of cybersecurity breaches. Analysis of 2019 breach reports sent to the UK’s Information Commissioner’s Office (ICO) shows that 90% of data breaches were caused by a cyber security mistake. That’s a lot of costly mistakes.

In honour of Computer Security Day 2020, we compiled a list of the cyber security rules that everyone should know in order to stay safe and prevent data breaches.

Before we start, what is a CISO?

A CISO, or Chief Information Security Officer is the most senior officer in an organisation who has responsibility for making sure that the organisation has proper cybersecurity protections in place, and that they are doing their best to prevent cyber attacks, or have good plans in place to deal with them when they do take place. They are also responsible for making sure that every employee knows about their cybersecurity responsibilities and how to avoid making a cyber security mistake. The following 10 rules are just some of the things that they would like you to know. You’re welcome.

The best rules to follow to avoid making a cyber security mistake

1. Learn how to recognise the signs of a phishing email

More than 3 billion phishing emails are sent worldwide every single day, so the chances are that you receive them fairly frequently. While you may still receive an email from a Nigerian prince asking for money in return for his undying devotion, many phishing emails today are more sophisticated. They will use branding and wording taken directly from official organisations (check out this scam from earlier this summer), convincing the recipient that they are legit, and increasing their chance of success.

The aim of these emails is to trick you into making a cyber security mistake and giving them your personal information so that they can access your accounts. 

Stay email safe:

• Don’t open an email if you think it is suspicious
• Don’t open links or attachments in unsolicited emails
• Verify the sender – check the email address is genuine
• Don’t reply to unsolicited emails
• Never share sensitive information, such as your personal information, credit card numbers, or account passwords over email to someone you don’t know
• Report suspicious emails to your IT security officer
• Recognise the signs of a phishing email:
  • Poor spelling or grammar in the email
  • Errors in the text that don’t quite add up
  • Weird looking sender email addresses with numbers and random letters rather than names and words
  • Hidden domain names, and shortened links

2. Create strong passwords

Weak passwords are one of the most common cyber security mistakes that lead to data breaches. Cyber criminals have a variety of ways to get hold of passwords including getting information from phishing scams, and buying stolen passwords. They are also pretty good at guessing passwords, especially when people use unimaginative passwords such as ‘password’ or ‘123456’.

Below are some tips to creating strong passwords:

• Use more than 8 characters. Try the three random words rule to create long passwords that are easy to remember
• Get creative – add characters within words, or use random words and ideas
• Always change your password from a default password that someone else gives you (from a system administrator, to a preloaded password from the supplier)

• Don’t use common words, character combinations or easily available personal information in your passwords
• Don’t reuse passwords – create a new password for each online account
• Don’t create new passwords that are almost exactly the same as the last password

3. Be extra careful in public places

Another common cyber security mistake is to trust public Wi-Fi. Public Wi-Fi is free, and a great way to keep up with work while on the move, but it is also not secure. When you work on a public Wi-Fi network, it is easy for a cyber criminal to intercept confidential data using a Man-In-The-Middle attack, or even access your device.

Stay safe in public places:

• Don’t do sensitive tasks while connected to a public network, for example making payments, or sharing files
• Use a VPN when you are on a public Wi-Fi network to hide your location

4. When you see a software update for your computer – do it!

When you see a pop up in the corner of your screen with a software update, make sure you download the update ASAP. Software updates fix security weaknesses in the programs and applications that you use on your devices. They are usually a response to a known threat, which is already being exploited. Not updating leaves the applications you use at risk of being attacked. Check out what can happen if you don’t update your programs as soon as you see the update pop up.

Stay safe:

• Always download an update when you see it

5. Security features and programs are there to protect you

Your CISO and their team may have already added security features to your computers and work phones in order to protect the organisation’s networks. 

They may slow you down, or be a bit annoying, but they are there to help you. For example, firewalls protect your computer against viruses, malware and other threats to the network. Download restrictions help avoid someone mistakenly downloading malware, and spam filters remove harmful emails before they reach your inbox.

Stay safe:

• Don’t disable or override security settings on your computer or phone

6. Don’t browse untrusted websites

Another easily avoided cyber security mistake is browsing unsafe websites. Untrusted websites may contain spyware, and any links you click on could install malware on your computer or phone. If that device is connected to the office WiFi, it could expose the entire company. While the cat videos or funny clip someone may send you looks like harmless fun, the website they are hosted on may be anything but.

Stay safe when browsing the web:

• Don’t override the antivirus software that blocks the website
• Recognise the signs of unsafe websites including unusual url endings (for example .biz)
• Look for the S in ‘https’ at the start of the URL, or the green padlock icon in the URL bar. Both are signs of secure sites

7. Don’t plug unknown USB Flash Drives into your computer

If you don’t know who a flash drive belongs to, and can’t verify that it has been stored safely, don’t use it. USB flash drives can contain malware, which will be installed on your computer as soon as you plug it in.

Use USB flash drives safely:

• If in doubt, use a new USB flash drive
• Store your USB drives in a secure place, for example in a locked drawer
• Don’t lend your USB drive or borrow one from a colleague
• If you find a USB flash drive, give it to your IT team to check

8. Protect your phone or personal computers

Many people access their work email or other applications on their phones or personal computers so that they can stay connected outside the office. Once they connect to work applications outside the secure work network, they add a level of risk of security breach. Forgetting your device in a public place, or having it stolen while you aren’t watching it will not have a happy ending. 

If an infected outside device is connected to the work network, it will infect the entire network, and create havoc at work.

Stay safe outside the office:

• Don’t leave your computer or phone out of your sight
• Only use secured networks, or use a VPN if connecting to a public network
• Don’t take your devices out unnecessarily
• Use a password or fingerprint to lock devices
• If a device which contains work information is stolen, report it to the IT security team immediately

9. Everyone is at risk of a cyber attack

It is only a matter of when, not if, any person is going to be a victim of some form of cybercrime. No one is too small or too insignificant to an attacker. Hackers aren’t picky, they just want to benefit in some way. It is in your best interests to follow safe cyber security rules, and make it harder for cyber attackers to access your devices, accounts, or personal information.

10. Cybersecurity is everyone’s responsibility

Yes, you read that right. Each and every member of an organisation has a responsibility for protecting the company’s networks, data, and systems. Take responsibility for keeping your computer, phone, and accounts safe, and avoid a costly cyber security mistake.

Stay safe: 

• Attend the professional security training that your company organises, and apply what you learn
• Follow the cyber security rules listed above