According to the Cisco 2009 Annual Security Report, small errors on the part of computer users or their IT departments may not wreak havoc on their own, but in combination, they dramatically increase security challenges.
Here’s their recipe for the “nightmare formula” that organizations need to avoid or mitigate:
Easy-to-guess passwords and password reuse
Obvious strings of numbers , mothers’ maiden names, or simply using the word “password” as a password make it easier for criminals to break into accounts and to reset passwords. Even more problematic is the reuse of the same or similar passwords, or the same answers to password recovery questions, from site to site. Read more on password best practices.
Conficker, the big botnet of 2009, gained traction because computer users failed to download a patch that was readily available from Microsoft. Although most of today’s attacks are launched via social media networks, criminals still look for ways to exploit these old-style vulnerabilities.
Getting too personal
By disclosing information, such as birth dates and hometowns, social media users make it far too easy for criminals to break into private accounts and gain control by resetting passwords. Corporate users are not immune to this trend, frequently using Twitter to discuss business projects. Read our interview with Brian Honan for an insight into social networking privacy.
Overdose of trust: Social media users are placing too much trust in the safety and privacy of their networks, responding to messages, supposedly from their connections, with malware-laden links.
Outdated virus protection: Computer users fail to update their anti-virus software or let subscriptions lapse, leaving their systems more vulnerable to attacks that might normally be easy to block. Worse, they may be running fake anti-virus software. In addition, individual users may fail to enable easily available security features built into their operating systems or web browsers, such as firewalls.
Not using available security products: Users often assume anti-virus is all they need to be “safe.” Thus, they don’t take advantage of simple, tried-and- true security measures, such as personal firewalls and browser security features, which can provide an extra layer of protection.
“It won’t happen to me” syndrome: This is perhaps the most potent ingredient in the “nightmare formula”. Users intentionally violate policies and knowingly engage in risky behavior online because they believe they won’t be the victim of a cyber attack or compromise their employer’s cybersecurity.