Eric Goldstein, the Executive Assistant Director of CISA, writes in his blog posting,
“Cybersecurity professionals, including our expert team at CISA, often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices: risky, dangerous technology practices that are too often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management decisions but result in untenable risks to our national security, economy, critical infrastructure, and public safety.”
As Eric Goldstein states, too many organizations do not consider their own worst habits and bad practices. It is too easy to be consumed with looking at the best things we want to do instead of reducing the bad practices that we actually do.
Best practices are important, that will never change. We should continue to strive for better cybersecurity in our small businesses as we move forward. Best practices are always a great goal to aim for and try to achieve.
I would argue that eliminating your bad practices is a best practice. You should strive towards eliminating the bad habits that we use while trying to cybersecure our small businesses. Just like your best practices, your bad ones should be identified, examined, and remediated annually. Think of this as a penetration test to eliminate the weaknesses in your business process networks, just as if you were testing your own computer networks for its weaknesses.
For more on cybersecurity and cyber security best practices check out Small Business, Big Threat!