Many companies still make common cybersecurity mistakes. Whether it’s human negligence, outdated software, or the lack of an action plan, these weaknesses increase the risk of intrusion or data leakage. This article reviews the main vulnerabilities observed and offers practical recommendations to address them, including in a professional context.
How many companies ignore security updates? Why? Sometimes due to lack of time, sometimes due to a poor understanding of the risks. Yet each update fixes vulnerabilities that can be exploited by cybercriminals.
How to solve this issue? Automate updates and educate your teams! A good patch management policy should be clear, comprehensive, and include asset inventory. Always test patches before deployment and back up your systems. It’s a requirement, not an option.
Simple or reused passwords expose your systems to major risks. A password like “123456” can be cracked in 37 seconds (source: SafetyDetectives), and 80% of data breaches stem from this. (source: Jumcloud) Cybercriminals exploit this negligence to access your critical data. A single compromised password can jeopardize your entire information system.
Swiss companies without an incident response plan remain particularly vulnerable to cyberattacks. More and more Swiss businesses are facing cyber threats. In the past three years, 4% of SMEs have suffered a serious cyberattack. (Source: kmu.admin.ch) And 40% of them have no continuity or crisis management plan. (Source: focus.swiss) Without a clear strategy, response times increase, systems remain down longer, and the company’s reputation can suffer greatly. Moreover, compliance with legal obligations — notably the new 2025 reporting requirement to the OFCS — may be compromised.
An effective plan is based on four key steps: preparation, detection, containment, and recovery. It is essential to define roles, test procedures regularly through tabletop exercises and real scenarios, and keep the plan updated. Continuous employee training and monitoring security indicators strengthen resilience against incidents. The goal: limit the impact, protect data, and ensure quick business recovery.
Smartphones and tablets used in the workplace are ideal entry points for cybercriminals. Identity theft via SMS, public Wi-Fi networks, or malicious apps can expose your data. A lost device without a password means full access to professional communications. Smishing (SMS phishing) is becoming increasingly common.
To secure these devices, adopt an MDM solution such as Microsoft Intune. It enforces encryption, applies security policies (access code), and remotely wipes data if the device is lost. Enable file encryption for sensitive documents using BitLocker or FileVault. Raise awareness among your teams about the risks of public connections and suspicious attachments.
Irregular backups expose your data to major risks. Ransomware even targets outdated backups. A 3-2-1 strategy (3 copies, 2 media types, 1 offline) is essential.
Implement a 3-2-1 strategy with frequent backups adapted to your business type (e-commerce vs. consultancy). Regularly test them through simulated restores. Prioritize encryption and immutable storage. The goal: recover your data intact, even after a major incident.
Remote connections open a backdoor for cybercriminals. In 2023, companies saw a surge in cyberattacks following the rise of remote work. Poorly secured Wi-Fi networks, weak passwords, and personal devices unmanaged by the company multiply vulnerabilities. A simple coffee shop with public Wi-Fi could cost your business dearly.
There is a solution. Use a corporate VPN to encrypt data between device and server. Enable MFA (multi-factor authentication), which blocks 99% of intrusions. Microsoft Security provides tools to configure these protections. To learn more about secure network access, Microsoft solutions offer a complete approach. Combine them with strong passwords and regular updates to secure your remote access.
Shadow IT refers to the phenomenon where employees use tools without IT approval. Why? Sometimes authorized software is slow or limited. Your staff wants to stay productive, but they unintentionally create security gaps. Dropbox, Google Drive, mobile apps… all pose risks to your data.
Control this issue with a clear policy on tool usage. Monitor with tools like Datto RMM or Nagios. Educate your teams about the risks. Offer useful alternatives to the unauthorized tools they rely on. It’s a balancing act between security and productivity.
Has phishing evolved or remained a static threat? Attacks have changed, moving from generic emails to more targeted techniques like spear-phishing and BEC. Cybercriminals exploit social engineering and generative AI for highly effective campaigns. Remote work increases exposure, with employees more vulnerable outside the office. Companies must adapt their defenses.
What concrete solutions can strengthen your defenses? SMEs can deploy multi-factor authentication (MFA) to secure connections. Tools like Barracuda or Cofense use AI to detect phishing attempts. Raise team awareness through regular simulations. The DMARC protocol authenticates email senders, and simulated phishing tests assess employee vigilance. A proactive approach reduces the risk of compromise.
Why does poor privilege assignment put your data at risk? Excessive access to HR services can expose sensitive information. Companies must control access systems to prevent data leaks.
Hackers often exploit privileged credentials to infiltrate systems. Tools like Microsoft Entra ID help minimize the risk. Strict access rights management significantly reduces critical vulnerabilities. Administrator training remains a cornerstone of any effective cybersecurity strategy.
Unencrypted data is a goldmine for cybercriminals. Over 80% of security breaches involve poorly managed passwords. Customer information, accounting files, or patents must be encrypted. Without it, a simple stolen laptop could expose all your data. Your company’s reputation and partnerships will suffer.
To secure your data, several methods are available. BitLocker (Windows) or FileVault (macOS) encrypt hard drives. For SMEs, symmetric encryption (AES-256) is fast, while asymmetric (RSA) secures exchanges. Encrypt your local and in-transit files with tools like VeraCrypt. Train your teams on these best practices.
Without active monitoring, anomalies such as a spike in DNS requests or suspicious ICMP traffic can go completely unnoticed. Yet, 1 in 3 Swiss SMEs experienced an attack between 2020 and 2023, and 73% of them reported significant financial losses. (Source: digitalswitzerland.com) Poor network visibility can lead to delayed detection, with potentially high costs. On the other hand, real-time monitoring reduces response time by 40%, speeding up attack identification and mitigation. (Source: MoldStud)
Tools like Auvik or NinjaOne continuously monitor your infrastructure. They send alerts for unknown connections or traffic spikes. Microsoft Security Copilot analyzes logs and detects threats before they spread. Set alert thresholds for off-hours access or repeated login attempts. Continuous monitoring helps quickly identify anomalies and limit consequences.
Poor configuration in the cloud exposes your systems to major risks. According to Gartner, 80% of data breaches (source: Cloud Security Alliance) are caused by such errors: public S3 buckets, overly permissive access, or unsecured ports. These flaws, often due to lack of oversight, turn the cloud into a playground for cybercriminals.
To secure your cloud services, apply the principle of shared responsibility. The provider manages the infrastructure, but you protect the data, access, and applications. Enable encryption, monitor IAM permissions, and conduct regular audits.
Common cybersecurity mistakes like weak passwords, ignored updates, or lack of training put your data and business at risk. Act now: strengthen your systems, raise staff awareness, and adopt proactive strategies. Simple but rigorous vigilance can prevent severe cyberattacks and secure your digital future.
What are the 3 pillars of cybersecurity?
The three pillars are: cyber protection (preventing attacks), cyber defense (detecting and responding), and cyber resilience (quickly recovering after an incident). Together, they form a comprehensive strategy.
What are the top 5 cybersecurity threats?
Malware, ransomware, hackers, social engineering, and human error top the list. These threats target both technology and human behavior, making vigilance and training essential.
What type of cyberattack is most common?
Phishing remains the number one attack. These are deceptive emails mimicking trusted sources to steal data or install malware. It’s simple but highly effective.
What are the 5 Ps of cybersecurity?
People, Priorities, Prepare, Persist, Parallel pathways. These principles guide crisis management: engage the right people, prioritize actions, plan backups, stay determined, and be well prepared.
What cyber threats should we watch for in 2025?
Attacks are becoming more sophisticated: AI used by cybercriminals, targeted ransomware, hacking-as-a-service (CaaS), supply chain attacks, and vulnerabilities in connected devices.
ITTA is the leader in IT training and project management solutions and services in French-speaking Switzerland.
Our latest posts
Subscribe to the Newsletter
Consult our confirmed trainings and sessions
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
