Another day, another cyber attack as Deloitte has now been identified as having their data breached. As these attacks become more commonplace it’s important to ensure that your employees are kept aware of consequences but also kept in the loop of knowledge about what they can and cannot do. These attacks are not only preventable but are more often than not created by user negligence – not a fault within software
Case and point, I was refreshing a customer’s computer recently only to discover to malicious applications that were monitoring their internet traffic disguised as a Chrome application. This particular application had consent to be installed, though. The user, while installing an online application, clicked ‘yes’ to installing the additional program effectively giving it permission to run in the background.
Although the above image is not malicious you can see how installers will default to installing every component. Many times the applications you download will have an advanced option where you can select what will be installed. Always be sure to check that you’re only installing what you need.
Windows is tackling this issue by shifting towards their UWP platform which only allows applications to be installed from their specific storefront. This ensures that Microsoft can vet the application before it gains permissions to perform actions on your machine. This is much the same way as Android is with its permissions. Again, just know what you’re consenting to when you instinctively tap yes to open the application.
Additional articles about the subjects are located below. The titles speak for themselves.
- Is It Microsoft’s Job to Issue Updates for Old Systems?
- Gaining Entry to Corporate Slack Channels is Easier Than You Think
- Dropbox: Is Convenience Better Than Security?
- Equifax Database Maintainers Kept Default Admin/Admin Passwords On Servers
- Adobe Employee Posts Private Security Key on Public Blog