Monday, 3 August 2015

10 security mistakes nearly everyone’s guilty of

When it comes to data security, attackers continue to exploit the biggest weakness of all – people. ESET Ireland looks at 10 security mistakes humans continue to make on a daily basis:


1. Poor patching

The sad reality is that most data breaches owe not only to a human mistake, like clicking on a malicious link, but also to a computer system that is running on outdated software. Microsoft is making Patch Tuesday a thing of the past with Windows while most mobile operating systems, including Android and iOS, now have an auto-update feature for mobile applications so users don’t have to do anything.


2. Too trustworthy

People are still too trusting in the digital world. We may have got better at ignoring unsolicited calls and text messages as well as salesmen at our front door, but we are still opening emails and links from people we don’t know. Some of these sometimes redirect to compromised websites.


3. Reusing passwords

The biggest faux-pas computer users continue to make is weak and/or reused passwords, which can be cracked by attackers with brute force attacks. Amazingly, “123456” was still the most popular password in 2014


4. Oversharing on social media

Younger generations are sharing almost every intricate detail of their lives online, leading to the possibility that this information is intercepted, stolen or simply sold onto nefarious actors that will likely use the information for social engineering attacks like phishing emails and links.


5. No security solutions
Anti-virus has changed and evolved in recent years, and its goal is to proactively detect and remove viruses, Trojans, worms and other types of malware in order to keep you safe. Yet some people still don’t have a security solution, even though is one of the first line of defence together with ‘good practices’ and keeping systems up-to-date.


6. ‘It won’t happen to me’

Individuals and businesses continue to take the approach of ‘it won’t happen to me’, ignore essential security practises and thus express surprise when they lose data, money or information as a result of a hack.


7. Leaving devices unattended

A simple mistake many of us continue to make is leaving desktop computers or laptops unattended and unlocked. The same also applies to personal devices like smartphones and tablets. The biggest risk of course is the theft of the device, but unlocked devices could also leave users exposed to data theft or ‘shoulder surfing’ spying.


8. Browsing on unsecured connections
Sometimes we connect to insecure and open Wi-Fi hotspots, like at coffee shops for example. This Wi-Fi is open, not password protected, and visits to unencrypted websites can potentially allow for an attacker to steal information, like passwords for online banking. If you’re going to be dealing with sensitive materials online, it’s always best to always use your secure home WiFi connection.


9. Ignoring SSL certificate warnings
Ever visited a website only to be greeted by a security warning that it was an unsafe connection? You probably have at some point, and might well have continued onto that unsafe website. Google recently redesigned its security warnings after finding that Chrome users ignore 70% of warnings.


10. Downloading apps from third-parties

It’s less common now, but some smartphone and tablet owners do still download applications from third-party websites and application stores, and this represents a massive risk. Some of these stores contain applications that are malicious or which appear legitimate, but which have in fact been repackaged with malicious code.