Cyberattacks no longer target only large companies: SMEs, town halls and schools are now on the front line. Yet, many incidents stem from errors that are very simple to correct. Here are 7 bad practices to ban immediately.
1. Weak or shared passwords
Using “123456” or sharing an administrator account among several people remains unfortunately common.
Solution: strong password policies, password managers, multi-factor authentication on critical services.
2. Unupdated workstations and servers
Unupdated machines are a dream entry point for attackers.
Solution: plan regular maintenance windows, automate updates, standardize configurations to simplify monitoring.
3. Missing... or unusable backups
Many organizations think they are protected, even though their backup hasn't been tested in years.
Solution: implement a 3-2-1 backup strategy (3 copies, 2 different media, 1 off-site), regularly test restoration, document the procedure.
4. Overly broad access rights
Everyone has access to everything, for "convenience".
Solution: apply the principle of "least privilege", segment rights by department, class or function, regularly audit accounts.
5. Heterogeneous and uncontrolled fleet
A mix of old machines, personal PCs, and different versions of systems makes security almost impossible.
Solution: define a standard baseline (models, OS, versions), plan the retirement of obsolete machines, and integrate these criteria when purchasing new hardware.
6. Lack of user awareness
The majority of attacks go through humans (phishing, malicious attachments).
Solution: organize awareness workshops, send simple reminders, disseminate visual "best practices" (posters, emails).
7. No incident response plan
When an incident occurs, everyone improvises.
Solution: formalize a simple plan: who to notify, what to disconnect, how to communicate, how to prioritize recovery.
