What is Vulnerability in Information Security
In today's world, technology goes hand in hand with our lives, resulting in a vast amount of sensitive information being stored on devices at work and in our homes. The amount we rely on computers and the internet to store and transport information means that protecting said information is just as essential as protecting, say, our homes, offices, and cars. Our computers and other devices are vulnerable because we rely on them so much and think about them too little.
The confidential nature of much of the material we store means that it can be worth a lot on the black market, what is also known as the 'Dark Web' in digital terms. Once hackers harvest data through unauthorised access, it can be sold on anonymously using illegal websites that are notoriously difficult to trace. Credit card information, banking details, and accompanying name and address details, for example, are all bought and sold online just like any other goods.
We will address some common information security vulnerabilities below:
Passwords are possibly one of the first things that come to mind when we think of maintaining information security. Whether that's social media profiles or online bank accounts, passwords are ubiquitous. The number of things that passwords are used for nowadays means that the majority of people tend to have more than one to remember. This can lead to people reusing the same password for all/some accounts, despite this being a security risk.
Not only are people reusing passwords, but a recent survey uncovered that the top two password choices are currently 'password' and '123456'. This means that people aren't choosing strong passwords, but ones that are very easily cracked by hacking software. In fact, these passwords would only take seconds to uncover. This is because, using password cracking software, cyber criminals can make billions of password attempts each second. To deter hackers from attempting to crack your password, it should always be at least eight characters in length, and include a mixture of high and low case letters, numbers, and special characters. Passwords should not be sequential, as these are also easy to guess after the first one or two characters are cracked.
Emails are seen as the biggest security problems by 59% of UK businesses because they serve as a letter box for hackers to post their malicious software to. Although usually a mistake on the part of the employee, opening and downloading malicious email attachments can infect the entire network of the organisation, putting everyone – and the business – at risk. The growing number of portable devices used to access emails means that people are no longer restricted to a traditional corporate network when it comes to checking their inbox. This brings a great level of flexibility but also means that users can be left vulnerable to gaps in security, e.g. open WiFi networks or, worse, WiFi 'Evil Twins'. It is important to check with a member of staff before signing-up to use free WiFi, especially if you plan to send confidential information across the connection.
According to the 2016 State of Cybersecurity in SMEs, employees are the number-one cause of data breaches, stressing how the threat to information security can be closer than you think. A workforce with a lack of understanding and education become the threat you are trying to avoid without even realising it. This is because gaps in knowledge and low confidence levels can cause employees to make mistakes, fail to spot/report suspicious activity, and inadvertently make reckless decisions when it comes to information security.
For example, data breaches are often caused by employees unknowingly creating an entry-point into systems and networks, leaving confidential information exposed to hackers. This can occur due to weak passwords, malicious emails, social media usage, or ignoring software updates. All problems that could be tackled with awareness training fairly simply and cost-effectively.
How You Can Avoid These Vulnerabilities
It's important to create and nurture a workforce that takes information security seriously. This can only be achieved if the effort starts from the top of an organisation and works its way down. Creating a culture where compliance is a firm foundation of the organisation means that it becomes second nature, and as a result an efficient and secure business can grow.
By fostering a culture where employees are regularly trained, updated, and included within the conversation around information security, employee attitude can be changed effectively to ensure that training goes way beyond what is expected by law.