1. Weak and Vulnerable Passwords
Lax password practices are continually cited by security experts as one of the leading factors making life easier for cyber-criminals. This is especially true as passwords, PINs (Personal Identification Numbers), and other number and letter-based codes are often the first line of defense for both private and business computer systems or mobile devices.
Weak passwords have been an issue since the first user opted for “password”, “123456789”, or “qwerty” as their supposedly fool-proof gateway to access. Other unwise choices include birthdays, the names of pets or family members, or the exactly stated name of anything you regularly display (Go ‘Bama!), refer to, indulge in (“burgers”), or which can be readily associated with you.
It’s been estimated that a good hacker can break two-thirds of all passwords in existence today, in just a few minutes.
This is why you’re advised to use complex passwords combining numbers, letters, and keyboard symbols. Even if your password refers to something closely associated with you, randomizing it with numbers and symbols then makes it more difficult to crack. So “burgers” might become “8u7G€r5”.
Note that using the same password for multiple accounts is a definite no-no. Even if it’s not weak, all it takes is for an enterprising hacker to crack one of your account credentials, for them to essentially have “one key that opens your house, starts your car, and unlocks your bank vault,” as some analysts put it.
Passwords may also become vulnerable, from the way you store them. While strong, complex passwords may be difficult to remember, writing them on a memo pad in plain sight on your desk, or sticking a Post-It note on your monitor is essentially the same as having no password, at all.
Today, there are numerous desktop and mobile apps for randomly generating, managing, and storing complex passwords. These are a much safer alternative to Post-It notes – and they’ll enable you to easily change your passwords at frequent intervals, as security experts also advise.
Enabling multi-factor authentication wherever it’s available (where websites or services require a password and some other authentication, like a one-time security code sent to your phone) is also a sensible step.
2. Lax or Gullible Email Practices
Despite repeated warnings about reacting without thinking to unsolicited emails or text messages (and clicking on links they contain, or opening their attachments), people continue to fall victim to phishing, social engineering, and smishing (SMS text phishing) scams of all kinds.
Bogus job offers, threats and warnings from banks, tax authorities, or law enforcement, complex cons, and too-good-to-be-true investment opportunities: All of these and more regularly fly across our messaging systems, gaining in sophistication and specific targeting as new information sources become available to fraudsters and thieves.
Common sense and due diligence are the keys to your protection, here.
If it looks or sounds too good to be true, it probably is.
If it looks or sounds suspicious, verify its source by contacting the supposed sender by phone, in person, or by some other means.
If the message is unsolicited, don’t click on any links it contains, or open any attachments.
Don’t react with your emotions, as these messages are crafted to appeal to your sense of fear, urgency, enthusiasm, or greed.
Stop, and think.
3. Poor System or Network Administration
For corporate or institutional users, having a competent and security-conscious network or system administrator goes a long way toward discouraging the work of cyber-criminals. Effective administration can be responsible for setting and enforcing security policies and practices that keep users, applications, and processes protected and running smoothly.
Unfortunately, the reverse is also true. Administrators who fail to properly secure network devices (for example, by using the factory default settings and passwords), fail to enforce strict authentication or validation procedures, don’t allow for protection mechanisms such as data encryption, and fail to monitor user privileges and activities may leave multiple doors open for hackers and cyber-criminals to gain access to credentials or network assets.
4. Weak or Out of Date Security Tools
As we’ve seen recently with issues such as the Spectre and Meltdown vulnerabilities (affecting nearly all computer processing equipment from the last ten years), and the new strains of “file-less” malware currently doing the rounds, hardware, software, and operating systems need to be continually updated and patched, to keep pace with the evolution of cyber-threats. Unfortunately, too many people still neglect to do this – even though features such as “Automatic Update” are available.
There’s also a reliance on out of date technologies. Though anti-virus suites were once considered protection enough, they’re no longer a complete solution for system security. For all-round protection, this software needs to be supplemented through operating system and application software updates, and often with the addition of specialist security software tools such as dedicated ransomware blockers or anti-spyware.
5. Poor Judgment and A Lack of Awareness
It’s often been maintained that the weakest link in the security chain is the human hand that’s using the system. And it’s certainly true that the cyber-criminal’s work becomes that much easier when people ignore basic safety rules, fail to recognize warning signs, and willingly expose themselves as targets.
In this era of the social media platform, too many of us reveal intimate or specific details on our personal and working lives – the kind of information which, combined with data from user profiles, company websites, and numerous other sources, can give cyber-criminals access to complete digital identities, transaction records, or financial profiles.
Weak password practices, poorly secured systems and devices, and a willingness to jump at every opportunity also regularly expose unwitting users to danger via public WiFi hotspots, unapproved cloud services, or mobile apps sourced from third-party download sites.
Security awareness training and access to information concerning cyber-threats, techniques to watch out for, and the latest tools and best practices for staying safe are the best solutions for this problem area.