Below is a list of the top five security risks from ICN’s Security Bureau.
- Out of Date Systems. Did you know, any Microsoft system older than Windows 7 no longer receives Microsoft updates? Attackers have a list of exploits that automatically run against out of date systems. It really is point and click to get into a vulnerable system these days.
- Logging into a Computer as an Administrator. Even with the improvements made in Microsoft Windows it is still too easy to bypass User Account Control. As a safety measure you should only use an administrator account when absolutely necessary (installing new software or making changes to the system that require administrative privileges).
- Installing Unknown Software. Treat installing software on your computer like giving the source of the software every piece of information that goes through your computer (your online banking, shopping, and email). If the wrong piece of software is installed you are giving access to all this information and more to the world at large.
- Oversharing on the Internet. One of the first steps in determining how to attack computer systems is to conduct recon on your target. This is made much easier with the increase in utilization of social media like Facebook. Make sure that anything you post isn't compromising your password, password hints, or organizational information. Once an attacker gains this information they can draw inferences about what type of information may be in your password or use that same information against you when they are trying to social engineer or spear phish you.
- Lack of Technical Controls. Not having anti-virus, system firewalls, and network firewalls in place, turned on, and configured to block things that you don't need is a big no-no.
- Anti-Virus is a reactive solution that doesn't really protect your system. It is more of a trip wire letting you know that something bad is already on your system. Even after your anti-virus "cleans" your machine it can only remove the things it knows about. Treat a virus notification as an indication that a fresh install is needed on the system.
- Firewalls are more of a pro-active approach. They block bad traffic before it gets on to your machine. You need both a system and a network firewall. The system firewall protects your computer from threats that make it on to your network.
- The network firewall protects your systems from the Internet and typically allows less traffic (you may have to open ports in your system's firewall to allow traffic to devices within your network that you wouldn't want accessible from the internet like a wireless printer or media server).