Although we’re becoming savvier to the tricks hackers have pulled in the past, they are still working to up their game and catch us where and when we least expect it. Fortunately, there are some solid guidelines you can follow in order to keep your organization’s data from hollering "Hack Me!" at the top of its lungs. It’s important to avoid these eight common cybersecurity mistakes and vulnerabilities to keep your network as secure as possible:
1. Password Protect – But be Mindful
It can be hard to remember passwords, especially if you are dealing with dozens of them, but once a password is stolen, hackers can use those credentials to wreak havoc on your network and sensitive data. This is why it’s important not to store passwords in browsers, avoid re-using the same password repetitively, and neglecting to change default passwords.
If your network is ever hacked and you have easily accessible passwords stored in browsers, especially when accessing sites like banks or cloud accounts, this can leave your personal data vulnerable. It’s also not a great idea to use the same password for multiple accounts. No matter how secure you think your password is, if a hacker gets access to your computer and you have one password that opens many doors, it’s now easier for them to access your sensitive data.
Even forgetting to change the default password on your admin or test system leaves you vulnerable and at risk for major security issues that can allow hackers to compromise anything they get their hands on.
2. Refrain from Storing Files in the DMZ
A DMZ (demilitarized zone) is a section of your network that is exposed to an untrusted network – usually the internet. The purpose of a DMZ is to act as an extra layer of security between external hosts and internal hosts. Hosts that may reside in the DMZ include FTP and SFTP/SSH servers.
Keeping the SFTP server, for example, in the DMZ, can pose several problems. The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the internet.
3. Don’t Connect to Unsecured Wi-Fi
When secured, a wireless access point (WAP) or wireless network connection isn’t inherently dangerous. It becomes a tempting message of "Hack Me!" when it’s unsecured. Unsecured WiFi means that data is allowed to move across its airwaves without any form of encryption or security protection. They are accessible by anyone – this creates a very high possibility of someone hacking into your private space. When you connect to an open WiFi network like one at a coffee shop or airport, your unencrypted network traffic is now visible to everyone in range. It allows people to see the unencrypted, and even encrypted web pages you’re visiting and what you’re typing into forms.
Most hackers rely on public hotspots to access private data, but they may even go to the lengths of creating fake malicious hotspots, specifically set up with the intention of luring in unsuspecting users. These "evil twin" hotspots mimic legitimate ones, including the individual service set identifier (SSID) and possibly media access control (MAC) address. They’re not only responsible for the loss of sensitive data but can increase the risk of being exposed to malware and phishing sites. The best way to protect yourself – use a virtual private network (VPN).
4. Watch Out for Firewall Fails
Firewalls are a key part of keeping data secure. However, they are not without their faults. Firewalls were created as a way to protect a system from any harmful threats from an outside network, acting as a barrier. However, firewalls must be managed properly. Many software programs come with vulnerabilities a hacker can exploit, even if it has all the latest vulnerability patches. Firewalls can still cause problems if they are misconfigured or not maintained properly. Firewalls can’t fend off attacks that are launched within the system it was intended to protect, and if permission is granted to others through the internet, a firewall may not be able to prevent the resulting damage. Also, most firewalls aren’t configured with up-to-date virus definitions, so a firewall alone cannot protect you from virus threats. This is why it’s important to always keep a current version of antivirus software installed on your network.
Instances where a firewall allows more ports than necessary to be open or allows unauthorized hosts to connect to the server can result in an attacker gaining control over the server. Firewalls exist to limit what is allowed to connect to certain ports and reduce the surface area exposed, but firewalls alone cannot protect your network from all of the threats out there. However, they do serve as an integral part of a larger cybersecurity strategy to safeguard your organization.
5. Use Multi-Factor Authentication
Although passwords still reign as the most common way to authenticate your identity, they are increasingly providing less protection – and as mentioned above, are easily vulnerable. Organizations can no longer depend on passwords alone to protect their systems and data.
Multi-factor authentication (MFA) is used to ensure that digital users are who they say they are. It requires users provide at least two pieces of evidence to prove their identity. Each piece of evidence must come from a different personalized category: something they know, and something they have or something they are.
The idea behind MFA is the thought that if one of the factors becomes compromised by a hacker or unauthorized user, then the chance of another factor also being compromised is low. Requiring multiple authentication factors provides a higher level of assurance about the user’s identity – and can help to lower your "hackable" risk.
6. Be Careful with Clickable Links
Some phishing spam is easy to detect; however, it’s getting harder to know which emails are safe to click on and which you should ignore.
Hackers often target emails and email attachments. Be cautious on what you click, even if the email appears to be from your bank, customer, friend or family member. As a go-to rule, if a link is unsolicited, you don’t want to click on it. Hackers send out malicious links in emails daily and are especially skilled at making these links appear legitimate.
Before clicking a link in an email, be sure to ask yourself the following questions first:
- Where did the link come from
- Why am I clicking on the link?
- Is the URL on display legitimate?
Bonus tip: Have your System Administrator send out fake spam emails with links or attachments that appear to be legitimate. If you click or open, the destination page will notify the System Administrator and show you a message that the email was a fake, unsolicited email that you shouldn’t have clicked on or opened. This can be a great way to gain some practice with these types of situations and sharpen judgement.
7. Don’t Ignore Security Software Updates
Although choosing the "Remind Me Later" option can be tempting in situations like this, don’t put off updating your software. Software updates do a lot of beneficial things for your network, this might include repairing security holes that have been discovered and fixing or removing bugs. Updates can also add new features to your devices and remove outdated ones.
Hackers love security flaws, also known as software vulnerabilities. Hackers can take advantage of this weakness by writing code to specifically target the vulnerability. The code then becomes packaged into malware. These exploits can infect your network with no action on your part other than viewing a rogue web page or opening a compromised message. This malware can effectively steal data saved on your network or allow the attacker to gain control over your computer and encrypt your files. Software updates cover these security holes to keep hackers out and help protect your data.
8. Invest in a Managed File Transfer Solution
Any of the hacks above can help build your toolbox against hackers, however when it comes to transferring your data in a secure fashion, nothing beats managed file transfer.
An established and secure managed file transfer (MFT) solution can help you stop vulnerabilities in their tracks. GoAnywhere MFT is a robust solution that automates and secures file transfers using a centralized enterprise-level approach. Not only can it save you time and money, but it can improve security, simplify server-to-server and person-to-person file transfers, and can help your organization meet compliance requirements.
It can also address the requirement of not putting files in the DMZ due to Gateway's reverse proxy. With Gateway, file sharing services can be kept safely inside your private network, without exposing sensitive data to your DMZ. Connections can also be made to external systems on behalf of users in the private network without having to open any inbound ports.
It’s a great tool that comes with many features and modules that can be used to automate processes, ensure secure connections, track file transfer activity, and much more. It can also be installed in the cloud, on-premises, or within a hybrid environment.
Transferring files without an MFT solution is a dangerous match to play with – it’s best to avoid any fire at all and utilize the most secure solution out there, GoAnywhere MFT.
GoAnywhere Can Help Stop Vulnerabilities in Their Tracks
Want to learn more about how GoAnywhere MFT’s secure file transfer solution can be a great asset to your organization and help you secure your data in transit and at rest? Take a feature tour and see the software in action.