US-CERT (The United States Computer Emergency Readiness Team) has released a report listing the top 30 exploited software vulnerabilities. This shows that one of the biggest problems is still that software is not being patched and updated in a timely manner, if at all. And the HP Cyber Risk Report explores this issue further, and offers four strategies that could reduce the impact or eliminate entirely 85% of cyber vulnerabilities.
- Update your operating system – Keeping your Windows, Linux, or Mac operating systems updated is one of the most important steps your IT department or computer contractor can do to keep your systems safe from all but zero-day attacks.
- Patch your software – The rest of your software suite needs to be kept up-to-date as well. Making sure to apply offered software patches is another big plus for your cybersecurity operations. Using the latest version of whatever is your web browser of choice, whether Internet Explorer, Firefox, Chrome, or Safari, is also an important step in protecting your employees while online.
- Run approved software only – Software whitelisiting is another important security consideration. If you set up your systems so they can only run approved software, then any unapproved software, including malware, will be unable to run.
- Limiting administrative privileges – Restricting administrative privileges to personnel and PROCESSES that require it, and limiting privileges to those required based on user roles may keep malware from running or spreading across your network.
These policies are fairly easy to set up and implement and really incur no cost to the operation. Check with your computer personnel to see if they have been fully implemented in your business.