5 security bad habits (and easy ways to break them)

Procrastination. Fidgeting. Biting your nails. These are all bad habits, but none so bad that they could bring a company to its knees. When it comes to security, however, some bad habits could be devastating, leaving your company vulnerable to hacks, data loss or theft or some similar type of security breach. The good news is that there are some simple steps IT can take to educate users on security best practices and make them part of the solution instead of the problem.

Jonathan Crowe, senior content manager at endpoint security solutions company Barkly offers five simple ways to improve your security posture and help employees become a bit more security-savvy.

Each year, password management company SplashData highlights the insecure password habits of Internet users and publishes a list of the worst of the worst password offenders. Suffice it to say, using “123456” or “password” as your password is still quite common, and that’s a standing invitation for attackers. That said, it’s unrealistic to think your users can create and remember strong, unique passwords for every single account.

Solution: Use a password manager. Not only will it generate random, secure passwords, it will encrypt and remember them so users don’t have to, Crowe says.

Today’s attackers have gotten frighteningly good at crafting messages that look legitimate to users, and use social engineering tricks to unleash a virus or gain access to proprietary systems. They can even appear to come from sources your users know and trust.

Solution: Educate your users on how to double-check URLs by hovering over links/hyperlinks to see where clicking would send them, says Crowe. If the site doesn’t match the link or looks suspicious in any way, don’t click. Likewise, users should avoid opening any attachments they weren’t expecting.

[ Related story: 8 tips for recruiting cybersecurity talent ]

Once a software vulnerability is discovered and a patch is released, it’s a race to evaluate and deploy it before the vulnerability can be exploited. Stats indicate attackers don’t waste time — nearly half of the common vulnerabilities and exposures exploited in 2014 were taken advantage of within two weeks of being announced, Crowe says. Patch early and often.

Solution: Consider adopting a patch management solution that helps you automate tasks and updates. That can help you avoid falling into the “remind me later” routine and keep you secure and up to speed, instead, he says.

Everyone’s been tempted by the siren song of free Wi-Fi. Whether your remote users are at a Starbucks or at an airport, there are times when they just need to connect. That’s when it’s important to remember that “free” and “public” don’t always go hand-in-hand with “secure,” Crowe says, and signing on even for a brief window of connectivity can carry a disproportionate amount of risk.

Solution: Consider mandating use of a VPN, instead. Traffic will be encrypted and users’ browsing sessions will be much more secure. Even if your company doesn’t provide one, educate users about the benefits and suggest some free — or free trial — options to consider, Crowe says.

[ Related story: How to crowdsource your way to better security ]

There are technical teams and security solutions in place to help safeguard interactions online, certainly, but the truth is, each user is responsible for how their choices impact personal security and the security of the company. And the majority of data breaches and cyberattacks begin with one end-user clicking on something they shouldn’t, leaving a laptop in a taxi, or connecting a corporate laptop to a public Wi-Fi network.

Solution: Education, training and reinforcement. Make sure your users know security best practices and are using them daily, says Crowe. By learning more about security risks and how to reduce them, your end-users can become a formidable defense instead of the weak link.