5 Cybersecurity Mistakes and How to Avoid Them

According to cybersecurity company Proofpoint, 68% of working adults in Canada admit to taking risky actions, such as reusing or sharing passwords, clicking on links from unknown senders, or handing over their credentials to an untrustworthy source. Understanding how to avoid such cybersecurity mistakes is essential to minimizing risk.

All organizations, regardless of their size or industry, are potential targets for cyberattacks. These events can lead to significant financial, operational and reputational damage that can be difficult or impossible to recover from. Fortunately, strong cyber hygiene practices can reduce the likelihood of data breaches and other cyber incidents, and many of these practices are relatively low-cost and easy to implement.

Below are five common cybersecurity mistakes organizations make, along with actionable solutions for each.

1. Relying on weak or reused passwords—Users often choose simple passwords they can easily remember and may reuse them across multiple devices or accounts. However, weak or repeated passwords make it easier for cybercriminals to gain unauthorized access to devices, networks and accounts, increasing the likelihood of breaches. Employers should require strong, unique passwords and mandate that login credentials be changed regularly. Passwords should avoid common or predictable patterns (e.g., “password,” “123456”) and include a mix of upper and lowercase letters, numbers and special characters. Using a verified password manager can help employees store and generate secure credentials.
2. Not updating software—Delaying or neglecting software updates leaves systems vulnerable to known security flaws that cyberattackers can exploit to gain unauthorized access. Updates and patches help close these gaps. Employers should require automatic updates on all devices and applications and regularly check for and install updates, especially for security software that protects against viruses. Staying informed about critical releases from software vendors ensures timely implementation and helps keep systems protected.
3. Neglecting employee training—Human error remains a leading cause of security breaches, often driven by employees being unaware of common cyberthreats like phishing. Without proper training, staff may mishandle data or unknowingly compromise systems. Employers should provide cybersecurity training at onboarding and regular intervals, using interactive sessions with real-life scenarios. Encouraging open discussion and questions helps build a culture of awareness and reduces risk.
4. Not using multifactor authentication (MFA)—Relying on a single password for account and device security increases the risk of unauthorized access, especially if the password is weak or reused across systems. MFA adds an extra layer of protection by requiring users to verify their identity through a second method, such as a time-based code sent via text or email. Employers should enable MFA on all business accounts and devices that support it, particularly those handling sensitive data. Staff should use authentication apps or hardware tokens and regularly review MFA settings to maintain strong security.
5. Using unsecured public Wi-Fi—Public Wi-Fi networks can expose users to cyberthreats, including data interception and man-in-the-middle attacks. Employees should avoid accessing sensitive information on unsecured networks and only connect to trusted sources. To reduce risk, they should disable automatic connections and file-sharing settings, use a virtual private network (VPN), and ensure firewalls are enabled to block malware and other threats.

Cyberattacks are a significant threat to organizations of all sizes. However, by recognizing and addressing poor cyber hygiene habits and implementing robust cybersecurity measures, organizations can improve their cybersecurity posture and reduce the risk of costly cyberattacks.

Did you know that 60% of small and medium businesses don’t survive after a cyber attack? Protect your business with Cyber Insurance, call us at 780.424.2727 or click here to get a quote.