Which Often-Overlooked Cybersecurity Best Practice Would a Security Analyst Recommend?

    E
    Authored By

    Extortion.io

    Which Often-Overlooked Cybersecurity Best Practice Would a Security Analyst Recommend?

    In an age where digital threats loom larger than ever, staying ahead in cybersecurity is crucial. Personal Cybersecurity Experts and CISOs alike emphasize the importance of seemingly minor practices that can have a major impact. The first insight reveals the significance of using unique usernames, while the final tip highlights the necessity of cultivating cybersecurity curiosity. With seven expert insights in total, this article uncovers the best practices that are often overlooked yet essential for robust digital security.

    • Use Unique Usernames
    • Adopt a Password Manager
    • Monitor Vendor Security
    • Implement Regular Employee Training
    • Encrypt Sensitive Data
    • Update Software Regularly
    • Cultivate Cybersecurity Curiosity

    Use Unique Usernames

    Unique usernames. These go a long way for privacy and security instead of having the same username everywhere. If a cybercriminal has your credentials for one site, they won't work anywhere else if you have unique usernames everywhere. Unique usernames, paired with strong passwords, add an extra layer of protection, making it much harder for attackers to compromise your accounts.

    James Wilson
    James WilsonPersonal Cybersecurity Expert, My Data Removal

    Adopt a Password Manager

    Something I see people constantly failing to address is the use of a good password-management solution. That is, using software that is designed to create, store, and protect your passwords.

    In the absence of a password manager, people will typically reuse passwords, and they will not be particularly strong, as they need to be memorable. This creates a massive security risk, as simple passwords are easier to guess, and shared passwords will invariably mean that multiple accounts are hacked if the password gets compromised.

    A password manager will enable people to have long, complex, and unique passwords, and it will generate those passwords for you, and you don't have to remember them!

    Mike Ouwerkerk
    Mike OuwerkerkFun, Engaging Cyber Security Awareness Trainer & Cultural Transformation Consultant, Web Safe Staff

    Monitor Vendor Security

    One often-overlooked cybersecurity best practice I'd recommend to my peers is establishing strong, ongoing vendor-management and monitoring protocols.

    Too often, I see companies assuming their vendors are meeting the same security standards they themselves uphold. But the reality is, when a vendor has access to your systems or sensitive data, their security weaknesses become yours. If you're not continually verifying their compliance and security posture, you're essentially extending your attack surface without oversight—a risk that too many organizations only realize after an incident occurs.

    Here's why it matters: Trust, as I often say, is hard-earned and easily lost. When you put your confidence in a vendor, it's essential to maintain that trust through regular oversight. An effective vendor-management approach isn't just a checkbox; it's a continuous process that includes regular security assessments, independent audits, and ongoing monitoring. Without this, you're essentially flying blind.

    At TrustNet, we've seen this risk firsthand. That's why we built tools like iTrust, designed specifically to help companies manage vendor risks in real-time. By staying vigilant over your vendors' security postures, you protect your organization and ultimately reinforce trust across your entire digital ecosystem.

    Trevor Horwitz
    Trevor HorwitzCISO, TrustNet

    Implement Regular Employee Training

    The Power of Employee Training Beyond Firewalls in Cybersecurity

    One often-overlooked cybersecurity best practice that I highly recommend is regular employee training on phishing attacks and other social-engineering threats. As the founder of a legal process outsourcing company, I've seen firsthand how human error can be the weakest link in cybersecurity.

    Early on, we had an incident where an employee inadvertently clicked on a phishing email, which almost compromised sensitive client data. While we had strong encryption and firewalls in place, it was clear that without proper training, even the best systems couldn't fully protect us.

    Since then, we've implemented quarterly training sessions focused on recognizing phishing attempts and safe data-handling practices. We also simulate phishing attacks to test the team's vigilance. This simple, yet crucial, practice has significantly reduced our risk and reinforced a culture of cybersecurity awareness across the company.

    The key takeaway is that investing time in educating your team on potential threats can be more effective than just relying on technology alone.

    Aseem Jha
    Aseem JhaFounder, Legal Consulting Pro

    Encrypt Sensitive Data

    One often-overlooked cybersecurity best practice I'd recommend is implementing proper data encryption, both at rest and in transit. Many businesses neglect this crucial step, which can lead to significant vulnerabilities. By encrypting all sensitive data, you create an additional layer of protection against potential breaches. This simple, yet effective, measure can greatly enhance your overall security posture and safeguard your critical information from unauthorized access.

    Hodahel Moinzadeh
    Hodahel MoinzadehFounder & Senior Systems Administrator, SecureCPU Managed IT Services

    Update Software Regularly

    Staying on top of regular software updates for systems and applications is often overlooked. Organizations frequently update primary software, but smaller components and plugins are often neglected.

    That's especially true of your website. Failing to update critical plugins on your website, especially those related to security, creates a vulnerability that hackers can exploit. Outdated plugins can have unpatched security flaws, providing attackers with a potential entry point, or "backdoor," to access sensitive information, control site functions, or spread malware.

    Regular updates help close these gaps by applying the latest security patches, which are essential for protecting your website and the data it manages.

    Craig Bird
    Craig BirdManaging Director, CloudTech24

    Cultivate Cybersecurity Curiosity

    Curiosity

    Cybersecurity is ultimately about having the curiosity to work out how things break and why. As soon as we're less curious than the bad actors on the other side of the battle, it's all over.

    The cybersecurity landscape looks wildly different now from how it did ten or even five years ago. Those who continue to thrive in this industry have a genuine interest in understanding each new development and trend, and a genuine curiosity about how things around them work. I never expect a cybersecurity expert to know everything (in fact, I'd consider it a red flag if they claimed to), but I do expect them to be engaged in the digital world around them.

    Sean Middleton
    Sean MiddletonCybersecurity Company Founder & CEO, Sentinel Guild