Ignoring Software Updates…

Ignoring Software Updates… Means making 5 basic security mistakes…

Cyber-crime has quickly become a major problem for businesses, governments and citizens everywher. While awareness of this multifaceted threat is increasing, we’re still making the same blunders when it comes to cybersecurity.

Here are a few security mistakes to be aware of: 

Email: This ruse is nothing new. Social engineering tactics are as old as the day is long, yet people keep falling for them. Today, phishing via email has become incredibly common-place.Although criminals are improving the ‘quality’ of these emails, with some targeted emails, known as spear phishing, looking incredibly authentic most do not (telltale signs include poor spelling, random email address and far-fetched claims that you’ve won millions).

Keep yourself safe by carefully checking the recipient, the request, and use some common sense, search via Google rather than using the enclosed website address. Also, be cautious of attachments, as they may be malware-infected. It’s important to check file extensions and to only open files deemed safe and from legitimate sources.
Social media has become the go-to-market for cybercriminals eager to compromise people. It’s no surprise, as many users still fail to adequately look after their networks (for example, a 2016 survey showed that 58% of people do not know how to update their privacy settings).

As with emails, always check the authenticity of the sender (do they look credible?), the message and the link (which will likely be shortened). Beware trending hashtags too, as many attackers are now using these to catch out unsuspecting Twitter and Facebook users trying to catch up with the latest breaking news.
Attitude: It won’t happen to me

Forget technology for a second, culture is arguably the biggest issue with security right now, and this has been the case for 20 years. CEOs think they won’t be targeted and citizens think much the same (i.e. it won’t happen to me).

This complacency is misguided, as everyone is a target and a potential victim. Accordingly, this attitude can often result in poor security habits, with individuals and organizations treating, for example, password and Wi-Fi security not as seriously as they should.

This is despite the fact that good cyber-security can be achieved relatively easily, through good password hygiene, regular software updates, anti-virus and even password managers, VPNs and secure encrypted messaging apps.
Generic, guessable passwords can be easily cracked, and they can open a can of worms if you use the same password across several accounts. Brute-forcing passwords is increasing fast and easy for criminals today equipped with either huge computing power, or access to buy such expertise on the dark web.

Weak passwords, such as 123456; password; 12345678; and qwerty remain commonplace, with many people failing to see how this ‘low-hanging fruit’ is an entry point for cybercriminals. According to Forrester, 80% of all attacks involve a weak or stolen password.

Fortunately, some web providers now forcing you to generate random passwords, or create complex ones. You may want to consider a password manager, as well as passphrases.

Software updates: A lack of
Whether on desktop, laptop or mobile, there’s always another software update for an app, our operating system or security solution. Interestingly, the constant pop-ups irritate us, with many people failing to understand just how important they are.

If we fail to update, we’re effectively leaving our software and devices vulnerable to attack, as cyber-criminals look to exploit out-of-date flaws. Configuring automatic updates from trusted providers can make sure these are installed regularly.

WeLiveSecurity

You Might Also Read: 

What Every CISO Needs To Know:

WannaCry Outbreak Is Just A Tip Of An Iceberg:

WannaCry Also Hit Windows 7 Systems:

Directors Report: Cyber Security Checklist For Management (£):

 

« Eight Steps To The GDPR Countdown
Snowden: NSA Should Have Prevented WannaCry Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Versa Networks

Versa Networks

Versa is a software-defined networking vendor providing an end-to-end solution that both simplifies and secures the WAN/branch office network.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

Vizius Group

Vizius Group

The Vizius Group are a think tank of cybersecurity consultants who understand the mechanics and business value of risk reduction.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Mogwai Labs

Mogwai Labs

Mogwai Labs deliver cutting-edge penetration tests, security assessments and trainings, to safeguard your applications, networks and cloud environments from cyber threats.

Triskele Labs

Triskele Labs

Triskele Labs deliver services including Penetration Testing, Compliance and Risk Management through to 24*7*365 Security Operations and outsourced Cybersecurity Managers.