Avoid These and Increase Your Computer Security Immensely!
Phishing
Phishing remains one of the hacker’s simplest and most powerful way into computer systems. When users click on attachments or links to malicious sites, they are letting the hacker into their computer system. This entry can be limited to a single computer or, more than likely, into the entire network. According to the recently published Verizon Data Breach Investigation Report, 23 percent of phishing recipients open malicious messages. While this is a horrible statistic, the report says 11 percent open attachments. According to the report, it only takes 82 seconds from when a phishing campaign is launched to when people start swallowing the bait.
Cyber Security Expert: Check Your Facebook Privacy Settings!
Falling for Socially Engineered Phone Calls
Sometimes all it takes for hackers to gain entry into a system is to ask. Hackers call up with just enough information to get the user to believe they are talking to someone who should have access to their system. Users regularly give up user names and passwords over the phone. This usually happens by way of a “Tech Support” call. It could also be a person pretending to be an internal employee or company business partner. The outsider can merely ask for credentials to access the system or they can send along an attachment and encourage the user to open it – while they are on the phone with the user. The user doesn’t actually open a document, however, but rather something as dangerous as a remote control or access Trojan.
Not keeping up with software patches
The Verizon report also indicated a startling percentage of breaches come by way of attacks that take advantage of well-known vulnerabilities. An astonishing 97 percent of exploits leveraged in breaches used ten common and already well-known vulnerabilities. Most of these vulnerabilities are many years old. It is all too common that user’s systems are hacked because their systems are not kept up-to-date and patched for known hacking exploits.
Weak Password or “Easy-to-Hack” Passwords
Passwords such as “password” or “123456” are unsecure. These passwords can be discovered in seconds. As Sony learned in its significant data breach, passwords should be strong. Password should be at least eight characters and should include letters, numbers, and symbols. Using weak passwords just lets hackers in faster. Using weak passwords with Administrative access is just like giving them the keys to the kingdom.
Using Unprotected WiFi
Researchers at Cylance, a security company based in Irvine CA, recently revealed just how common the vulnerabilities associated with unprotected WiFi are. Cylance found over 250 networks at hotels and convention centers that were unsecure. Each of these facilities was affected by a vulnerability in routers commonly used by facility managers who offer WiFi to guests. In addition, public and free hotspots, create easy hunting for hackers who wish to perform starting “man-in-the-middle” attacks to gather sensitive information. Organizations and users need to protect themselves by utilizing VPN technology when utilizing public WiFi connections.
Providing TMI on Social Media
Too Much Information on social media is dangerous. This includes, a notice about when a family is going on vacation, during which their house is robbed. It can also be as simple as advertising the name of a person’s dog, which may also be a user’s password or the answer to one of their security questions. It only takes a hacker a small amount of time to research someone who is careless on social media. In addition, those hackers who are skilled at “spear phishing” who utilize social media to gain information about a user. This information is then used to entice a user to act on the hacker’s behalf. It can help the hacker distribute and install malware. Sometimes it is merely a hacker tricking a user to click fake 'like' buttons which leads to malware installation.
Reduced Security – Not Locking Down User Accounts
Users are now in the mode of “Bring Your Own Device” (aka BYOD). The BYOD phenomenon allows users to be self-service and self-directed. When the Information Technology (IT) group of an organization allows this to happen, the users can install what they want. This is very dangerous. Users can, for instance, copy data to unsecure cloud storage, creating enormous risk for the organization. IT must reach a balance whereby users have the freedom to get their jobs done while still imposing data governance and audit controls.
