Sometimes, it's the little things that make a big difference.
This is especially true for cybersecurity. Here are 10 common mistakes made in office settings that leave people vulnerable to cyber attacks, presented by Security Engineer, Will Tipton:
Written by Will Tipton, Security Engineer
Today I'm going to talk to you about the 10 things people do in an office environment that leave them vulnerable to hackers.
Number 10: Failing to update computers. Updates are the most critical components to keeping your computer safe, so make sure that you keep your computers up-to-date to get rid of any vulnerabilities that a hacker could take advantage of.
Number 9: Connecting personal devices to a corporate or wifi network. A lot of companies have what's called a BYOD or bring your own device policy. Now, this is pretty convenient, however a lot of companies fail to implement this correctly. You never want to connect your personal device to a corporate network, for both the employer and the employee.
Now on the flip side of that, your personal device, well, let's be real here: we're a little causal with our browsing activities and what we do with our personal devices. That opens up a lot of vulnerabilities that could be introduced into that corporate network, which could cause a lot of hassle for everybody involved.
Number 8: Checking personal email and social media while at work. Now a lot of people may frown on me for saying this, but checking personal email and social media at work is a bad idea. A lot of people get a lot of spam and bad things sent to them through social media or through their own personal email, so checking these while at work exposes your computer to a lot more threats than is absolutely necessary.
Number 7: Saving passwords in a browser. Now, this can seem very convenient to be able to quickly log into any website you typically access. However, on the flip side of this, this is also very convenient for hackers who have unauthorized access to your computer. All they have to do is simply browse to those same websites that you go to and they have instant access to any websites that you have saved your password into. This is especially horrible if you're doing this for logging into your bank or your personal email, or anything that could have sensitive information on it.
So when a website asks you to save your password in your browser? Just say no.
Number 6: Plugging in random USB's to work computers. A common tactic that hackers like to do is drop malicious USBs in public places, hoping that you pick them up and plug them into your computer. Now, I get it. We're all curious individuals, and as the saying goes, "Curiosity killed the cat." Well, in this case, it very much applies here.
All you have to do is simply plug in any sort of malicious USB into the computer, and your computer is as good as owned. It only takes a matter of seconds for your computer to be completely compromised by doing this.
Number 5: Using weak passwords. Now, in a lot of penetration tests that I've done, I've seen weak passwords being used in every single engagement that I've done. Some examples of weak passwords would include:
"Huskers18" since we live in Nebraska and everybody likes the Huskers here.
Using seasons as well as the year, such as "Fall2018" or "Winter2018"
Or event the simple one of "password1"
Using passwords like this makes it super easy for hackers to guess your password and gain access to your computer and any systems that you have access to.
Number 4: Using the same password for everything. Now, keep in mind if you are also using weak passwords, that makes things that much worse.
So if a hacker is able to gain your password in some fashion, either guessing it or stealing it through some means, using the same password for everything allows that hacker to access anything that you have access to. Whether that's your personal email, your bank accounts, anything that you would normally do. So, keep in mind it's always best practice to use a different password for everything. You can even use password managers to help keep track of all the different passwords.
Number 3: Sharing passwords with coworkers. Now this is another bad practice we see quite a bit.
How well do you actually know your coworkers? Your coworker could turn around and do something malicious with your password, or worse, they could share that password with other coworkers and by that point, your password is completely out of your hands. So please, do not share passwords with coworkers.
Number 2: Leaving computers unlocked and unattended. Now this is probably one of the most notorious things that we see happen quite a bit. Leaving your computer unlocked and unattended for any length of time greatly exposes your computer to hackers or malicious activities of coworkers, or anyone that happens to pass by your computer.
Now, keep in mind: it only takes a couple of seconds for your computer to become completely compromised.
Number 1: Writing passwords down. This is by far the worst offense that you can do.
Now, I get it. Passwords are complex and can be really hard to remember, but writing them down is not a good idea. Anybody can simply see your password that you have written down, whether that's on a sticky note, underneath your computer, or in your desk somewhere. Writing passwords down is the easiest way for somebody to gain unauthorized entry into your computer.