Tech Tips, 1021 WYBJ, Vol. 44 No. 5. 54
| Author | Blake A. Klinkner |
| Position | Vol. 44 5 Pg. 54 |
Avoid These "Bad Practices" to Help Minimize Organizational Risk for Data Breaches, Unauthorized Access and Cyberattacks
Blake A. Klinkner Washburn University School of Law Topeka, Kansas
The United States Cybersecurity & Infrastructure Security Agency recently released its initial advisory on “Bad Practices,” which it defines as organizational technology practices that are “exceptionally risky” to an organization’s cybersecurity.1 The release of this advisory was based in part upon continuing concerns within the cybersecurity community that the shift to remote work caused by COVID-19, which technology experts predict may remain in place post-pandemic, has provided the opportunity for hackers to access organizational systems through employees who are working from home. One adverse consequence of remote work has been that organizational IT professionals may be limited in their ability to update and monitor employee technology use when employees are working away from the office.
Discussed below are the “Bad Practices” which the Cybersecurity & Infrastructure Security Agency has identified as top threats facing businesses and other organizations in the current cybersecurity climate. Private and public sector attorneys should take note of these areas of concern, and make sure that their own offices are not engaged in these same Bad Practices. Attorneys should also advise their clients concerning these Bad Practices to assist them in bolstering their cyber-defenses in the face of online threats.
Utilizing Weak Passwords
One of the best ways an organization may prevent cyber attacks is by requiring members to utilize strong passwords. However, recent analytics show that organizations continue to struggle with requiring and enforcing the use of strong passwords among their personnel, and that weak passwords frequently provide an avenue for cyberattacks, data theft, and other unauthorized access. In particular, the Cybersecurity & Infrastructure Security Agency warns organizations that it is essential that personnel reset and change the default passwords which are assigned to new software packages, hardware, and subscription services. The Agency observes that many organizations permit their personnel to continue using default passwords, which is a dangerous practice that is “especially egregious in technologies...
To continue reading
Request your trial