Let us talk about security vulnerabilities: What if you leave your Credit Card and its PIN on the table where anyone can access it and use it? And then a question arises, “Why would I or someone do that to themselves?”.
Exactly why would you want to create any such situation where your action could harm your assets. And When it is precise, then it is called addressing (or avoiding) a vulnerability.
Vulnerability can be defined as the weakness or lack of controls around assets.
So, it is crucial to have good controls by keeping the Credit Card safe, memorizing the PIN, and avoiding the vulnerability arising around the money used by your name.
So, let’s see some of the common security vulnerabilities:
1. Lack of strong passwords:
Passwords are everywhere. In today’s world of the internet, we need a particular type of authentication to access each site. For quick and easy recall, web users tend to use or choose simple passwords, and typical examples can be name, date of birth, school/college name, mobile number, same as email id, etc.
People who know you are generally aware of some of your details, and they can even try to use this information to access your data. Additionally, if you tend to use English words as passwords, someone can make a dictionary-based attack and find your password.
Countermeasures:
- Always try to use complex passwords that combine uppercase letters, lowercase letters, numbers and special symbols.
- Changing passwords regularly and avoiding using old passwords.
- Have separate passwords for separate sites.
2. Lack of Malware removal tools:
Several malwares can be installed on your devices while you browse through various websites over the internet. So if you don’t have any good malware removal software, your device may be compromised and may be impacted through viruses over time.
Countermeasures:
- Have a reputed malware removal tool.
- Update malware tools and device software from time to time.
3. Poor access controls:
It is a problem caused by any insider personal. There are specific questions to be answered, like, Do you allow everyone to be administrator of your device or system? Can anyone with the system access any information? If your answer is Yes. Then you might think about the Least privilege principle.
Allow enough permissions which are required to make the work done. No more, no less. Assign different permission whenever required and retract back once the job is done.
4. Unpatched software:
Vendors software release software patches time-to-time to fix security vulnerabilities with the device or system. If the device is not kept up to date, it may be prone to exploit because the required security fix may not be available to stop the exploit.
Countermeasures:
- Install software updates as released by the vendor, especially the ones that carry security fixes.
- Keep all the software on the devices upto date.
5. Device misconfiguration:
We may configure our device for maximum ease and lead to minimum security. For example, you have locked your mobile device with a password or a PIN? If you get a security warning, do you click even without reading and understanding what the notification is about? When installing an application on your mobile device, do you ignore to review device permissions that the app would have?
Such ignorant behavior and poor device configuration can weaken the controls that the vendor has put out of the factory.
Countermeasures:
- Carefully review your device settings.
- Ensure that they are tuned to provide adequate security.
It is not really a big task for you to take care of your device or information security or worry about security vulnerabilities since they are already available to you by the vendor or the sites. But it may happen that your data has been used for malicious work in such a case; you have to be self-aware to avoid such application consumption.
