5 Cybersecurity Vulnerabilities That People Still Forget About

CERT-LatestNews Security News ThreatsCybercrime ThreatsEconomic Uncategorized VulnerabilitiesAll VulnerabilitiesApplications

People are cautious of physical theft, but the security of digital assets is often ignored. The simplest actions can have devastating consequences for your data security. Outdated software, weak credentials, and malware all create opportunities for data exfiltration.

Studies show that many users believe they won’t be targeted by hackers and aren’t aware of the sheer number of risks posed by cloud and mobile data access. With cybercrime on the rise, it’s important that we all take a proactive approach to data security.

Here is just a handful of common attack vectors that hackers have taken advantage of in recent years:

1. Lost/Stolen Devices

Mobile devices and laptops contain emails, text messages, photos, apps, and a wealth of other personal and corporate information. As such, organizations need to protect devices and the data they store and access – particularly because lost and stolen devices are one of the leading causes of data breaches. Organizations must ensure that devices have password protection and multi-factor authentication enabled whenever possible.

2. The Dangers of Wi-Fi

Hackers can create hotspots that convincingly imitate legitimate public Wi-Fi access points. When users connect to these free, seemingly harmless Wi-Fi networks, they are essentially giving hackers their laptops, all of their passwords, and access to everything they do on their devices. Public Wi-Fi should be used with great caution – users should make sure that hotspots are legitimate before connecting to them. A good rule of thumb: when in doubt, don’t risk it.

3. Insider Threats

74 percent of businesses feel vulnerable to insider threats. Whether they are caused intentionally by malicious employees or accidentally by careless employees, data breaches and leaks are extremely dangerous to corporate and even personal data. Thankfully, there are corporate solutions available that can track valuable data’s whereabouts and even remotely wipe critical data from devices that have been lost or stolen.

4. Software Updates

When employees skip or procrastinate on device software updates out of laziness, or because they are too busy, they leave themselves and the entire company vulnerable. Missing these updates can leave personal data and even corporate data exposed and vulnerable to malware, ransomware and more. Ensure that employees install vendor-official software updates promptly and in accordance with your company’s policies. The recent and widespread WannaCry ransomware attacks demonstrated just how important keeping systems updated can be.

5. The Wrong Kind of Mobile Apps

There are malicious mobile applications that are created specifically to steal information from mobile devices. Unfortunately, these types of apps are only becoming more common. Ensure that mobile apps downloaded to devices are valid by checking the reviews and only download apps from official app stores. Doing research of applications that touch financials or similar sensitive data can save you from making data vulnerable to hackers.

Adequate data security requires small, but necessary, changes to data use habits. Enterprises and employees should treat data and devices as valuable physical possessions. A more concerted effort to take the threat of malicious attackers seriously can help make sure important information does not fall into the wrong hands.

About Mike Schuricht
Mike has led the product management and techpubs teams since joining Bitglass in November 2013. He has a background in the development of enterprise security products, with expertise in configuration management, UI design, and networking. Prior to joining Bitglass, Mike was a PM at Palo Alto Networks leading security management and UI strategy. Before that, he held technical marketing and engineering roles at Mentor Graphics. Mike earned an MS in Electrical and Computer Engineering and BS in Computer Engineering from UC Santa Barbara.

http://www.informationsecuritybuzz.com/articles/5-cybersecurity-vulnerabilities-people-still-forget/