Users must regularly maintain, patch and update software, applications, plug-ins and more, but just how many businesses are overlooking this important security concern? In our latest chart, we reveal the percentage of users running outdated browsers. As you know, cybercriminals continually look for vulnerabilities to exploit in frequently used programs. Proper patch management, however, helps prevent devices from becoming compromised. So how do you have this conversation with potential clients, and which questions should you expect to answer?
As software becomes more advanced, it becomes virtually impossible to eliminate all potential vulnerabilities. Consider all the lines of code on a single operating system, and then note every single program and application installed on top of that. You need to protect all of it, but a lot can go wrong. Attackers only have to find one flaw to manipulate in order to gain access – hence why these attacks are so popular. Typically, cybercriminals are looking to pick the lowest-hanging fruit, and software vulnerabilities are easy targets. Hackers also favor attacks that can do the most damage. To exploit a vulnerability, they seek applications with a high volume and frequency of usage. That way, they can maximize their attack surface. This is why Adobe Flash, Microsoft Office and other similar applications are attractive targets for attacks.
A recent HPE cyber risk report shows that 2015 was a record year for the number of security vulnerabilities reported and patches issued. However, what good are security patches if they’re never installed? Businesses today are faced with an ever-changing security risk landscape, which means that threats are becoming stealthier and more sophisticated. If your applications aren’t updated with the latest security patches, you run the risk of being successfully exploited by attackers – which can lead to unplanned downtime, sensitive data being compromised or even a data breach. Proactive patch management is essential to an effective security and business continuity strategy, because it only takes one device to compromise an entire network.
Most small- and medium-sized businesses (SMBs) don’t have the time and bandwidth to stay completely up-to-date on the latest security flaws and updates. That’s where Smeester & Associates comes in. We can help mitigate these risks with a proactive monitoring and management platform that deploys patches remotely and at a time most convenient for you. You don’t have to worry about the health of your IT system. It’s our job to manage the patching process and make sure that policies are continually revisited and improved. When you work with us, you can rest easy knowing your data is protected and your network, secure. And rather than burden your staff with this responsibility, our 24x7x365 expert support team is trained to take care of this for you.
Also, it’s important to remember that just because a new patch is released doesn’t mean that it should immediately be deployed. Often, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete. We can provide you with additional security, peace of mind and uptime by testing and researching patches before pushing them to your machines.
This full access can be a huge security risk, and Niantic recently addressed this concern with a statement saying they are fixing the bug that allowed the app to gain full access to users’ accounts.
Niantic’s gigantic database of data is full of information provided by its users, which makes it the perfect target for hackers and criminals. If the Niantic servers are hacked, the hijackers could potentially have access to all of your personally identifiable information (PII). The company has offered minimal details on how it plans to store all that data, but promises that it is taking the appropriate measures to protect the large database of PII – the type of information that hackers have been increasingly targeting.
The public nature of Pokémon GO has caused some unforeseen side effects and attracted other cybersecurity concerns. Many fake versions of the app have been uncovered, which contain malware that can lock your smartphone and cause more harm. Also, criminals have reportedly been able to use the geolocation feature to lure players to remote areas and rob them at gunpoint. This shows that although the new game has received an abundance of positive feedback, there are some major dangers that players aren’t aware of.
The vulnerability of mobile data within Pokémon GO means that there’s a greater need for managed IT security. Especially with the ongoing trend of BYOD, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is at an all-time high. If your employees are using unprotected devices when using the game, it could lead to exposing sensitive business data in the event of a hack.
Pokémon GO is a prime example of the various security risks that are presented with unprotected mobile devices and the growing need for managing these endpoints. By leveraging a solution like mobile device management (MDM), you can greatly reduce these risks. MDM gives you the ability to remotely wipe an individual’s data if a device is compromised. An MDM solution will also allow you to implement app management policies and put restrictions on app purchases from non-validated markets.
Now that we’re officially in the middle of the holiday season, there’s a flood of emails flying through cyberspace from family, friends, online retailers and charities. This heavy online traffic makes it easier than ever to sneak in malicious emails, targeting unsuspecting users looking to connect with old friends and find holiday deals. Whether it’s a phishing scam that is trying to snag your credit card number or a malware campaign that installs unauthorized code on your system from an email link, ‘tis the season to protect yourself.
So where, exactly, do these seasonal cyberscams come from? Many of these malicious Grinches send emails from fake URLs, disguising them to appear legitimate. Faux charities are another common scam designed specifically to take advantage of your generosity during the season of giving. Even friends and family may send what looks like an innocent forward your way, only to discover that they inadvertently launched some decidedly un-cheery, unpleasantness to your inbox instead.
However, if you take some basic online protective measures you’ll be in a lot better shape to avoid the latest cyberscams this holiday season:
There’s no better time than the holidays to wrap up a nice bit of malicious code masquerading as an online promotion for a major sale or a holiday e-card. That’s why the U.S. Computer Emergency Response Team (US-CERT) has released asecurity alert that focuses specifically on how to avoid holiday-related cyberscams. Additionally, the Anti-Phishing Working Group (APWG) offers a comprehensive list of suggestions on avoiding phishing scams that are good any time of year.
The holidays should be a time for celebration. Use smart online practices to help spread seasonal cheer, and stay safe this holiday season.