Ignoring Software Updates…

Ignoring Software Updates… Means making 5 basic security mistakes…

Cyber-crime has quickly become a major problem for businesses, governments and citizens everywher. While awareness of this multifaceted threat is increasing, we’re still making the same blunders when it comes to cybersecurity.

Here are a few security mistakes to be aware of: 

Email: This ruse is nothing new. Social engineering tactics are as old as the day is long, yet people keep falling for them. Today, phishing via email has become incredibly common-place.Although criminals are improving the ‘quality’ of these emails, with some targeted emails, known as spear phishing, looking incredibly authentic most do not (telltale signs include poor spelling, random email address and far-fetched claims that you’ve won millions).

Keep yourself safe by carefully checking the recipient, the request, and use some common sense, search via Google rather than using the enclosed website address. Also, be cautious of attachments, as they may be malware-infected. It’s important to check file extensions and to only open files deemed safe and from legitimate sources.
Social media has become the go-to-market for cybercriminals eager to compromise people. It’s no surprise, as many users still fail to adequately look after their networks (for example, a 2016 survey showed that 58% of people do not know how to update their privacy settings).

As with emails, always check the authenticity of the sender (do they look credible?), the message and the link (which will likely be shortened). Beware trending hashtags too, as many attackers are now using these to catch out unsuspecting Twitter and Facebook users trying to catch up with the latest breaking news.
Attitude: It won’t happen to me

Forget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won’t be targeted and citizens think much the same (i.e. it won’t happen to me).

This complacency is misguided, as everyone is a target and a potential victim. Accordingly, this attitude can often result in poor security habits, with individuals and organizations treating, for example, password and Wi-Fi security not as seriously as they should.

This is despite the fact that good cyber-security can be achieved relatively easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.
Generic, guessable passwords can be easily cracked, and they can open a can of worms if you use the same password across several accounts. Brute-forcing passwords is increasing fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web.

Weak passwords, such as 123456; password; 12345678; and qwerty remain commonplace, with many people failing to see how this ‘low-hanging fruit’ is an entry point for cybercriminals. According to Forrester, 80% of all attacks involve a weak or stolen password.

Fortunately, some web providers now forcing you to generate random passwords, or create complex ones. You may want to consider a password manager, as well as passphrases.

Software updates: A lack of
Whether on desktop, laptop or mobile, there’s always another software update for an app, our operating system or security solution. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are.

If we fail to update, we’re effectively leaving our software and devices vulnerable to attack, as cyber-criminals look to exploit out-of-date flaws. Configuring automatic updates from trusted providers can make sure these are installed regularly.

WeLiveSecurity

You Might Also Read: 

What Every CISO Needs To Know:

WannaCry Outbreak Is Just A Tip Of An Iceberg:

WannaCry Also Hit Windows 7 Systems:

Directors Report: Cyber Security Checklist For Management (£):

 

« Eight Steps To The GDPR Countdown
Snowden: NSA Should Have Prevented WannaCry Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CDW

CDW

CDW delivers a comprehensive range of IT Solutions and Managed IT services to its customers, allowing them to focus on running their organisation, not managing their IT.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

Netskope

Netskope

The Netskope Security Cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device.

Grimm

Grimm

We are an engineering and consulting firm that researches, develops, and advises on the art of the possible in cybersecurity.

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory (AML)

Applied Magnetics Laboratory is a manufacturer of military security and data destruction equipment for sensitive, classified, and secret information.

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Seavus Accelerator

Seavus Accelerator

Seavus Accelerator's goal is to create an enabling and stimulating environment for start-ups growth and provide continuous high quality acceleration and investment support.

ProcessUnity

ProcessUnity

ProcessUnity is a leading provider of Third-Party Risk Management software, helping companies remediate risks posed by third-party service providers.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.