Top Ghoulish Cybersecurity Practices Haunting IT Pros

spooky-cybersecurity-blog--banner graphic 

As spooky season draws near, the Cyber Threat Intelligence (CTI) team for the Multi-State Information Sharing and Analysis Center (MS-ISAC) thought it would be good to put together a frightening list of "ghoulish" cybersecurity practices that will turn any IT professional into a chattering skeleton. If you want your current dream cybersecurity job to become a nightmare, you might consider following these grotesque practices.

(Disclaimer: The following are NOT serious cybersecurity recommendations.)

  1. Set the same password for everything. Your admins won't forget it. If they quit their jobs with anything less than good intentions, it'll be easy to pass the password on to someone new. Cybersecurity as an industry is notorious for high turnover, after all, so it's ideal to make the onboarding process easier for everyone.
  2. Remove malware from your computer the medieval way by opening it, gently wiping away the bugs with a warm damp cloth, then applying rubbing alcohol to the infected component. Be sure to always change the dressing on your computer every two days, and reapply the antibiotic cream to keep the malware from returning.
  3. Exposure is the best medicine...isn't it? Your operating system naturally knows how to respond to a ransomware infection. If it doesn't, it just needs to learn how to do that. Fortunately, frequent ransomware infections can help to build your network's immunity and thereby strengthen your computer.
  4. Save money and resources by not taking backups of your systems. They are rarely used and only collect cobwebs while taking up storage space.
  5. The best way to prevent a worm infection on your network is to let a robin nest in your server room. If you find a worm, save it in a container, and you'll have free bait for your next fishing trip!
  6. Much like the expiration dates on milk, any software that requires you to pay must be a scam. Everyone knows that the best software comes free from websites or bundled with other unrelated programs.
  7. You don't REALLY need a password manager. Seize the means of password production and become your own boss. You don't need yet another "manager" in your life telling you made-up things like "This password is vulnerable" or "We found this on a leak site." Everyone knows robots can't actually look at websites. 
  8. Firewalls aren't real. Come on, a wall made of fire? Protecting some computer made of sand? That you can't see? Sounds like science fiction drivel.
  9. Logs belong in the woods, not in some database.
  10. Always keep your server room unlocked so guests can marvel at the display of fans and blinking lights. It's a free holiday display, and with all the spiders and dust crawling around, it's perfect for a haunted house!
  11. To maximize redundancy and counteract internal controls that might get in your way, ensure all of your critical applications and data face the internet. The internet is full of only truth and happiness, so why are you so afraid of it?
  12. Cut the red tape and give users full admin rights. Why would you ever hire an IT team to "approve" systems if you're all about efficiency?
  13. Patching operating systems is for nerds. Everyone knows that cool people use Windows 98. Can't beat that dial-up tone!
  14. Don't implement multi-factor authentication. Do you have trust issues or something?

If all of the above sound like a nightmare on "You Street," rest assured that your organization's cybersecurity doesn't need to be this scary. Using the CIS Critical Security Controls (CIS Controls) and other security best practices of the Center for Internet Security (CIS), you can set your IT pros' minds at ease – and keep the ghouls away.