The Top 5 Worst IT Security Mistakes and How to Avoid Them

Worst IT Security Mistakes
Worst IT Security Mistakes

Recently, the term cybersecurity has become increasingly popular, at least based on Google Trends. Based on the Trends, the search for cyber security has increased in the last five years. Something similar can also be said to have happened anywhere.

The increasing popularity of cybersecurity goes hand in hand with the increasing importance of cybersecurity. This is because there is increasing use of computers such as desktops, laptops, smartphones, servers, and IoT (internet of things) devices and computer networks such as the internet in everyday human life.

Likewise, the increasing number of attacks on computers and their networks, a.k.a the cyber attacks. The cyberattack in question can certainly disrupt the lives of many who are increasingly using computers and connected networks.

Unfortunately, despite the increasing importance of cyber security in recent times, human error regarding cyber security is still common. According to Tessian’s study; which also uses data and insight belonging to Professor Jeff Hancock from Stanford University; not long ago, 88% of data breaches alias data leaks — one of the cyber security incidents — were caused by human error.

So, here are five of the various worst IT security mistakes that are commonly found around us:

The Top 5 Worst IT Security Mistakes

1. Using a Weak Password

Even though many parties have suggested ways to create stronger passwords to make them more difficult to comprehend, many people still use weak passwords, which are quite easy to guess.

This can be seen, for example, from the list of the worst passwords in 2020 issued by NordPass. The first rank is “123456,” which is used by 2,543,285 users, while the second rank is “123456789,” which is used by 961,435 users.

Rounding out the top five are “picture1”, “password,” and “12345678,”; with 371,612, 360,467, and 322,187 users, respectively. Even though the study was conducted on a database that, as a whole, contained only 275,699,516 passwords.

The NordPass listed the 200 worst passwords in 2020. The sixth rank is used by 230,507 users, and the last rank is used by 15,786 users.

So, instead of only using numbers or letters, it’s always best to create a password that consists of a combination between numbers, letters, and special characters. That way, the combination would be hard to guess. If you find it difficult to remember it, keep it down a note.

2. Trust Wi-Fi in Public Places So Easily

Wi-Fi has become an essential requirement for some people. Before the COVID-19 outbreak, quite a lot of people were looking for and using “free” Wi-Fi in public places to work while using laptops. However, using any Wi-Fi is risky because security is not guaranteed.

For example, according to the Proofpoint 2020 User Risk Report, which conducted a study of more than 3,500 working adults from around the world, 45% of US workers who responded believed that certain public places always offer secure public Wi-Fi.

Meanwhile, for global workers, as many as 26% of respondents believe they can connect safely using public Wi-Fi in certain places such as coffee shops.

So, if you tend to get a lot and really like to hang around some cafes to work, we highly advise you to use a VPN. At least, the Chrome VPN is just enough if you work mainly on the search engine. Also, the chrome VPN is easy to install and easy to understand. So, with only a little effort, you can always protect yourself.

3. Using the Same Password for Multiple Accounts

This is one of the worst and the most common problems that often happen. Still related to passwords, several studies also found that many users use the same password for several accounts.

Take, for example, a study conducted by Google in collaboration with the Harris Poll in 2019 involving 3,419 adults. The study found that 66% of respondents use the same password for their online banking, e-mail, and social media accounts.

The Harris Poll adds that Americans, on average, have 27 online accounts that require a password. So, don’t be surprised if many people use the same password for several accounts. However, using the same password means that an attacker who obtains the password for one user account is effectively “breaking into” multiple user accounts.

What’s worse is when one of your accounts gets hacked, the hacker may find it easy to slip into your other accounts using the same password. That way, you’ll lose all of them at once, which would be stressful.

So, start making passwords for different accounts. If you can’t remember them all, write them on a note and save them on your phone.

4. Wrong Sending and Wrong Configuration

Wrong sending and wrong configuration are also common mistakes that humans often make. Wrong sending what is meant here is like sending the wrong e-mail to people who are not supposed to. This, for example, occurs because the autofill feature is active when typing in the e-mail address, so the e-mail is not written as it should be.

Meanwhile, doing wrong configurations, such as not limiting who can view a document when placing the document in the cloud. It could lead to terrible data leaks that often happened recently.

According to Verizon’s 2020 Data Breach Investigations Report, misdelivery and misconfiguration made it into the top five as the cause of the 2,907 observed data breaches. According to the study, wrong sending is in the fourth position, and wrong configuration is in the fifth position. The percentage itself is not much different, each close to 10%.

5. Not Changing the Password Even If a Leak Occurs

One common mistake that can be considered very interesting is not changing the password even though there has been a leak. According to a study conducted by Carnegie Mellon University and the Privacy Institute (CyLab) from 2017 to 2018, only 33% of participants changed their password after it was announced that a leak had occurred in the online service used.

The study took data from the home computers of 249 participants. Of the 249 participants, 63 had an account on a leaked online service.

However, of the 63 participants concerned, only 21 changed their passwords. In fact, the 63 participants were actively using the said online service when the leak was announced and was also active for up to three months afterward.