4 Commonly Overlooked Cybersecurity Threats
While many people are understandably worried about email phishing, ransomware, and traditional virus-types, there are some commonly overlooked cybersecurity threats which demand equal amounts of attention.
In fact, some of these cybersecurity threats may get talked about from time to time, but they fall to the wayside when there’s news about big security breaches and ransomware attacks. So, that’s why we’re here to remind you of these 4 commonly overlooked cybersecurity threats because failure to pay attention to them can lead to more disastrous situations. We also strongly recommend opting for cybersecurity training. Stay alert, stay informed, and stay safe!
Security Updates Not Applied
Security updates are possibly one of the most overlooked defences against cybersecurity threats. Many users configure their software or operating system to not automatically update, because it’s inconvenient to be in the middle of work or watching a movie, and the system notifies you that it needs to reboot after automatically installing an update.
There’s nothing wrong with manual updates, the problem is that many people simply forget to update at all. Case in point, one of the largest major worldwide ransomware attacks, known as WannaCry, was able to infect over 200,000 global companies. Ironically, Microsoft had released a critical update patch two months prior to the global WannaCry attack. The reason the attack was so successful was that so many systems remained unpatched.
BYOD Work Culture
Many companies allow for a BYOD (bring your own device) work culture, allowing employees to use their own laptops and smartphones for work tasks. This can foster a positive environment and allows employees to feel more comfortable with their own gadgets, but it brings some serious cybersecurity risks.
Computer viruses are highly similar to STDs – sorry, but it’s true. An infected device, like a USB thumb drive, or even a smartphone with an infected SD card, gets plugged into a computer, and the virus spreads to the computer. So now you see the similarity to how STDs spread, and you’re probably wondering what kind of protection can prevent this.
Antivirus software is typically preconfigured to automatically scan any new devices attached to a computer for threats. To protect a USB drive from becoming infected by the computer, many USB sticks have a “Read Only Mode” switch, which prevents the computer from writing any data to the USB stick while it’s plugged in.
As for personal laptops and smartphones in BYOD office culture, it needs to have strong BYOD policy guidelines in place. All kinds of really terrible things can happen when an employee has sensitive work files on their personal laptop, then goes home and allows their children to download games or apps which are potentially infected with malware.
Just imagine the cost of helping customers recover from identity theft, including class-action lawsuits, because a data spreadsheet containing customer’s personal information was stolen from an employee’s personal device.
Employees Using Social Media and Facebook Apps
Your company may have a policy against employees using personal social media during business hours, but some companies are more relaxed about this type of thing, especially Silicon Valley companies and the like.
Having said that, if your company does allow employees to use social media during work hours, there are a few things to remember. Facebook itself is full of third-party apps and games, many of which are completely harmless (to a degree – remember, pretty much everything is tracking your data nowadays).
However, there are plenty of third-party Facebook apps that have malicious purposes.
Many of these take the form of fun quizzes, things like “What Game of Thrones character are you?” and similar little quiz games. Of course, most of these apps are harvesting your personal data for profit, selling all personal data to the highest bidder.
Furthermore, some of these third-party apps can actually contain malicious scripts which seek to infect your device. A third-party Facebook game should not be able to infect your computer or mobile device by itself, per se, but it can contain site redirects, pop-ups, or other sneaky ways of directing a user into downloading something malicious. If an employee accidentally opens one of these malicious websites, you now have an infected workstation.
Many office machines are featuring Bluetooth and WiFi connectivity these days. Unfortunately, it’s easy to forget that these “Smart” devices can contain some really not smart cybersecurity flaws. This can include things like printers and scanners connected to the WiFi network, and more.
For starters, many of these machines have very low levels of encryption and are practically broadcasting your router’s SSID and WiFi password. In fact, pretty much any Smart device, even wearables like smartwatches, are broadcasting data to connect with the home device.
This wouldn’t be such a concern if security wasn’t so lax with these devices, but unfortunately, it is. In fact, researchers have proven that IoT devices are becoming easier to hack, not harder, as developers are releasing these devices with easy-to-remember preconfigured admin passwords, for user convenience.
For businesses that utilize IoT printers, scanners, and other similar devices, these devices could be a gateway into the rest of the company network. Many big data breaches are the result of cybercriminals infiltrating the company network through unsecured printers or similar machines. In fact, an estimated 60% of businesses lost data through printer security breaches.