CYBERSECURITY

Threat number One: Poor password protection  Vulnerability: poor passwordPasswords are the first step in protecting a business, as they offer a legitimate way for an authorized user to gain access to a system. Using an oversimplified password poses a severe risk to an organization. Risk: Brute force attack A brute force attack involves running through a list of common passwords in an effort to see whether a password can be guessed to gain access to a system.Attack: RansomwareOnce an external party has gained access to a system, it is possible for them to make internal changes that could have very harmful side effects for a business. One potential danger might be locking the account owner from the system until such a ransom is paid. Mitigation: Choose strong passwords, and never use the same passwords for different applications.

Vulnerability: Outdated SoftwareWhen software is first released it is prone to bugs or flaws in it that were not identified previously. Once these bugs are discovered, a patch to close or fix them will typically be released in the form of an update. This is why it is so important to always keep your software updated. Risk: Virus  Outdated software builds up an increasing risk of viruses as more and more bugs are found with the application.Attack: Exploiting software bug Outdated software can leave an opening in your firewall that a malicious actor can exploit. Depending on the flaw any number of attacks may be released. Mitigation: Enable automatic updates on your software if available or check for updates and install them on a regular basis.

Vulnerability: Poor cyber hygiene Cyber hygiene is the practice of maintaining the health and security of a system and includes such habits as regularly updating software and scanning for malware and other unwanted elements. Poor cyber hygiene opens the door for malware, which is one of the oldest forms of carrying out a cyberattack. It involves getting a legitimate user within a system to trigger some code from within the system that is designed to alter the system in some unintended way. Malware often requires a user within a system to click on a link. This is often achieved by sending an email with a link or an attachment and directions to click on it to claim a reward.Risk: Trojans A trojan is an umbrella term for several attacks that can be executed by unsuspectingly clicking on a link containing malware.Attack: Malware Malware can be designed to perform any number of ill effects on a system once executed. It is a blanket term that can encompass theft of information, disruption of services, or application of ransomware. Injecting it into a system by unsuspectingly clicking on a link can be very harmful. Mitigation: Generally, practicing good cyber hygiene can mitigate against malware. Be careful when clicking on external links, and always check email addresses to ensure that they originate from a trusted source. Watch the language used in emails, which is often an indicator of a dubious source and can be identified through poor grammar and spelling. The image below provides an example of a potentially malicious email: