Risky behaviours, CISA warns can leave networks exposed to cyberattacks. If employed, these need to be immediately addressed.
When it comes to cybersecurity all dangerous types of behaviours such as using unsupported software, allowing the use of default usernames and passwords, and using single-factor authentication for remote or administrative access to systems, should be avoided by all organisations. But those that are supporting critical infrastructure any dangerous types of behaviours should be avoided at all costs.
The US agency called the US Cybersecurity and Infrastructure Security Agency or CISA for short warn that ‘risky’ and ‘dangerous’ behaviours can put critical infrastructure at extra risk. So, they are in the process of developing a catalogue of “exceptionally risky” behaviours to advise of the additional risks of falling victim to cyberattacks.
The latest risky behaviour to be added to the list is the use of single-factor authentication. That’s where users only need to enter a username and password. CISA warn that the use of single-factor authentication “is dangerous and significantly elevates risk to national security” for remote or administrative access to systems supporting the operation of critical infrastructure.

We suggest all business to use multi-factor authentication instead. That is to say, that using multi-factor authentication can help disrupt over 99% of cyberattacks. In order to help prevent cyber criminals from tampering with cyber-physical systems, it’s particularly important to have it applied for critical infrastructure.
Also identified as “bad practice” is the use of fixed or default passwords that CISA have called “dangerous.” Cybercriminals love default or simple passwords as they can access accounts quicker by simply guessing the passwords to compromise accounts.
Meanwhile CISA recommend not to use of passwords that are known to have been breached previously, warning they can also provide cyber criminals with a simple way of gaining access to networks.
In addition, CISA list the use of unsupported or end-of-life software in critical infrastructure, as ‘bad practice.’ To clarify, old software as a rule doesn’t receive security patches meaning that cyber criminals could exploit newly discovered security vulnerabilities.
CISA explain that ‘bad practices’ are exceptionally dangerous and need rectifying as “it increases risk to our critical infrastructure on which we rely for national security, economic stability, and life, health, and safety of the public.”
Certainly, the catalogue of risky behaviour is being put together to help organisations involved in running or supporting critical infrastructure. But it can also prove useful for any business. Why? Because it will help protect them from falling victim to cyberattacks. As all businesses need to avoid the use of single-factor authentication, default passwords and unsupported software.
If you’re a business that recognise you’ve been participating in ‘risky behaviour’ ‘bad practices’, and ‘dangerous’ habits, change your ways today. It’s not too late to have these addressed.