You may have installed highly sophisticated and expensive cybersecurity defenses, but have you forgotten any of the basic security measures, such as enforcing strong passwords, conducting regular malware scans, and installing software patches promptly? Many companies invest heavily in IT security, yet still have sloppy IT security practices. A recent report by M86 suggests that system administrators are forgetting some very basic security measures.
Eradicate sloppy IT security practices
Tightening up network security controls should start with the eradication of sloppy IT security practices. Hackers like a nice easy entry point into a corporate network and unpatched software gives them that.
The M86 report revealed that one of the most commonly used exploits targets an ActiveX vulnerability that existed in early versions of Internet Explorer. Microsoft released a patch to correct the vulnerability in 2006. That’s six years ago. Hackers are still using that vulnerability to gain access to computers and networks. Some companies have not upgraded to the latest version of the browser. Others have not done so since 2006.
This is just one of a myriad of security flaws that have been discovered in computer software. Barely a day goes by without a new security vulnerability being discovered in common software used by businesses around the world. As soon as a vulnerability is discovered, exploits are developed to take advantage. Any company that does not install patches as soon as they are released will be leaving themselves extremely vulnerable to attack. Many exploits have been used for several months, and some for several years because software updates have not been installed.
PDF spam has been linked to a vulnerability discovered by Symantec in March 2010, Sophos discovered 14-month vulnerability was still being extensively used by hackers, and numerous other security companies have discovered similar exploits used on outdated software.
Don’t forget to implement basic security measures
There is no excuse for not upgrading regularly used software, but remember to also update older software that is still occasionally used. You may miss a patch, but a hacker is unlikely to.
There are other basic security measures that are still not being implemented. Take email spam for example. Many companies have yet to install an email spam filter to prevent spam and phishing emails from being delivered to employees’ inboxes.
Web filtering solutions are still not being used to prevent end users from visiting malicious websites or viewing pornography and gambling sites at work. Password controls are still not being used to prevent weak passwords from being set by end users.
Expensive anti-virus, anti-malware, and anti-spyware solutions may be implemented, yet definitions are not updated daily and network scans are not being scheduled.
Regardless of how large your security budget is and how good your cybersecurity protections are, if you forget some of the basics your network will remain extremely vulnerable to attack!
Have you gone back to basics and corrected sloppy IT security practices? You may be surprised to find out how many have been allowed to persist!