US-CERT (The United States Computer Emergency Readiness Team) has released a report listing the top 30 exploited software vulnerabilities. This shows that one of the biggest problems is still that software is not being patched and updated in a timely manner, if at all. And the HP Cyber Risk Report explores this issue further, and offers four strategies that could reduce the impact or eliminate entirely 85% of cyber vulnerabilities.
- Update your operating system – Keeping your Windows, Linux, or Mac operating systems updated is one of the most important steps your IT department or computer contractor can do to keep your systems safe from all but zero-day attacks.
- Patch your software – The rest of your software suite needs to be kept up-to-date as well. Making sure to apply offered software patches is another big plus for your cybersecurity operations. Using the latest version of whatever is your web browser of choice, whether Internet Explorer, Firefox, Chrome, or Safari, is also an important step in protecting your employees while online.
- Run approved software only – Software whitelisiting is another important security consideration. If you set up your systems so they can only run approved software, then any unapproved software, including malware, will be unable to run.
- Limiting administrative privileges – Restricting administrative privileges to personnel and PROCESSES that require it, and limiting privileges to those required based on user roles may keep malware from running or spreading across your network.
These policies are fairly easy to set up and implement and really incur no cost to the operation. Check with your computer personnel to see if they have been fully implemented in your business.
More info:
ShareJUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com