We often spend so much time discussing detailed, high profile security threats that sometimes we forget to cover the basics. There are obvious areas where security can be tightened with just a small amount of effort, but we often overlook them. As IT and security professionals, it is important that we are covering these basics, as well as sharing many of these common vulnerabilities with friends and coworkers who are not in the same industry.
Below are 5 common vulnerabilities to tell your friends about:
1. Device loss or theft
You’ve updated your security systems and you take extra steps of precaution online to prevent your computer from being hacked, but then one day you accidentally leave your computer behind at the coffee shop and all your data could now be in the wrong hands. We often forget that sometimes people are careless with their devices, or people will physically steal our devices. Many devices and equipment hosting large amounts of personal information are stolen from different industries regularly. In fact, 78% of data breaches in the healthcare sector are due to lost or stolen devices. While cyber attacks are on the rise, the “endpoint” remains a vulnerable point for both personal and organization-wide data breaches. Take the extra steps to lock your devices, download tracking services and record ID numbers to ensure you can recover a lost or stolen device.
2. Public WiFi
The good news is you remembered to grab your computer when you left the coffee shop after all; the bad news is you were working on unsecure public WiFi the entire time you were there. Data sent through public Wi-Fi can easily be intercepted, and many mobile device and laptop users are risking the security of their personal information, digital identity, and money when using this public resource. If a device or computer is not protected by an effective security and anti-malware product the risks become even greater. Be cautious when accessing sites on public WiFI, never access bank or personal information, and consider using your phone when you need to input any sensitive information.
Malware is one of the more common ways to infiltrate or damage your computer, and now your phone too. Malware comes in the forms of malicious software that infects your devices, such as viruses, worms, Trojan horses, spyware, and adware. You’re probably already using a firewall on your laptop or desktop computers, but it’s definitely time to start thinking about protecting your mobile devices as well. Review apps before downloading, be cautious when allowing apps to have permission to your phone, and use anti-malware software on your mobile devices.
Phishing is used most often by cyber criminals because it’s easy to execute and can produce results with very little effort. Phishing attacks come in many forms, including links embedded in emails, malicious email attachments or advertisements, mimicking reputable senders and more. The bad news is your employees may be the weakest link in the chain. According to a report by Software Advice, only 36% of employees believe that they could confidently recognize and withstand a phishing attack. It’s important to train and educate employees on what phishing attacks look like and how to handle them.
5. Unpatched software
PCWorld calls unpatched software updates the number one cyber security risk. Most of today’s malware works by exploiting holes in unpatched software. Specifically, most malicious attacks involve exploiting unpatched Internet-related software, including add-ins, browser helper objects, and so on. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash. It’s important to keep your software regularly updated and patched to ensure you’re preventing attacks.
Are you actively taking control and preventing these common security threats from affecting your devices and systems? If you already are, keep up the good work! Share these threats with friends or coworkers who are not a part of the IT and security industry to help educate them on what threats that can prevent on their own.