How to reduce your Cyber Security bad habits in 2022

A New Year brings a chance to start things afresh, adopt new practices and drop anything that could be having a negative impact on your company. For many businesses, this could prove to be the perfect opportunity to stop their cyber security bad habits, and look forward to a cyber safe future. Here are our top tips for removing your company’s cyber security bad habits in 2022:

Stop Using Weak Passwords

It’s a known problem that when most users register for services on the internet, too many of them will reuse their passwords – with many also being used for corporate accounts. When attackers harvest passwords from weak websites which are external to your network, they can gain access to your employees’ passwords and use these to breach your network.

One of the most popular passwords policies is beginning a password with a number and ending with an upper-case letter or “shifted” character. This encourages many users, who refuse to learn new passwords every 90 days, to only change the last character. Attackers know to look for these patterns and can easily gain access to your network with them, making this practice unusable.

Businesses should implement Multi-factor authentication (MFA) throughout their organisation. MFA would help shore up their defences, in the event of cyber criminals successfully harvesting password data. Additionally, education about security hygiene and encouraging the use of unique passwords will help.

Stay up-to-date

In our Neu Cyber Threats weekly bulletin, we hear more and more about vulnerabilities that are discovered by cyber criminals. Eventually, they are patched – both on an operating system and application level – but there could still be some holes open for criminals to exploit. Once a patch becomes available, they can be reverse engineered by cyber criminals to develop exploits that work well on any unpatched devices. Threat actors work with speed, while users can be slow to update and upgrade.

The same could be said of the Internet of Things (IoT). An increase in the amount of devices connected to your enterprise network, without considering the security factor, is a major risk. If you follow the proper protocols, then there is no need to fear. Many of these devices have old firmware that is easy to exploit. As a result, they could become the weakest link in your armour and open a direct route to your assets.

Some IoT devices include operational backdoors, like hardcoded admin credentials intended for maintenance, which can easily be repurposed by threat actors. It begs the question: if you don’t know what devices are connected to your network, how can you defend from them if they turn malicious?

The effect of patching often and early is not going away. While patching is just one of many protection layers, it is not a fail-safe method that can completely protect your devices. Endpoint solutions can be used as a last line of defence against undiscovered vulnerabilities and new attack vectors. It is also advisable to use software that can automatically apply security updates and patches – which will ensure that all endpoints are up-to-date.

Reconsider your Organisational Privileges

When attackers penetrate your network, they will look immediately for admin accounts, as they are seen as easy opportunities for them to move laterally and find their targets. Too many companies fail to follow the rule of “least privilege”. In other words, users should only have the privileges and rights to do the roles they need for their day-to-day job.

By removing unnecessary privileges wherever possible, the potential attack surface will reduce dramatically. In the event of a breach or compromise on an account with a limited amount of privileges, the damage would be far less to an organisation.

In Summary

Headlines and news stories often focus on zero-day vulnerabilities. These can be utilised via advanced attacks on an enterprise network, but they clearly aren’t the only threat to businesses. At present, it is far too easy to compromise many business networks when basic cyber security practices aren’t even in place. Who needs sophisticated attacks, when an enterprise hasn’t secured its devices from routine threats that have been known for years?

If you require a review of your company’s current cyber security policies, and see where you could improve, contact the experts at Neuways on: 01283 753 333 or email