When most people think of a cyber attack, they may imagine a hacker furiously typing away at their keyboard trying to penetrate firewalls and other security barriers to gain entry. However, there are some common user habits most people engage in that make it easier for hackers to gain access to personal information and craft attacks. And facing a cyber attack can cause a lot of financial damage. According to Cisco’s 2018 Security Capabilities Benchmark Study, 55% of attacks resulted in damages of $500,000 or more. Threat actors are always looking for opportunities to exploit. It’s important for users to be aware of common cyber threats so that they can limit their exposure. Here are four common ways a cyber threat can creep up on you.

Source: Cisco

1. Inactive Accounts

With so many options available for apps and social networking sites, it’s easy to sign up for all of them and then move on to the next thing that catches your attention. However, people often forget to remove their accounts on these websites when they leave them. Simply uninstalling an app doesn’t mean that the data on your account is erased. And if that website or app gets hacked your information will most likely be affected, even if you haven’t touched that account in a while. It’s important to ensure that you take the time to properly remove your accounts from the services you are no longer using. Websites will usually outline the steps you can take to remove your accounts in their Help section. If you are unable to find a way to delete your account, you should contact their customer support directly. You should also disconnect third-party services that may be connected to accounts like Facebook or Gmail.  

2. Unauthorized USB Sticks/Cables

Using unauthorized USB sticks and charging cables might save you money but you could end up installing malware onto your computer or give hackers remote access when you plug them in. These products are built to look legitimate so there is no telltale sign that would indicate if it is malicious or not. They also usually end up working as intended which means people will continuously use them and not suspect anything. To prevent this problem, you should only purchase these products from authorized retailers, only borrow them from people you trust and avoid picking up any USBs or cables you might find lying around in public places.

3. Out-of-office messages

Automatic out-of-office replies can potentially end up revealing a lot of information to anyone who emails you while you’re away. A typical out-of-office reply will usually look like the following:

“I will be out of the office to attend a conference in Montreal from November 1-7. For all inquiries about project X, please contact John Doe at johndoe@email.com. For any urgent requests, I can be contacted at XXX-XXX-XXXX.”

A message like this can give threat actors a lot of information they can use. Firstly, you’re telling them where you are. They can use this information to craft a social engineering message pretending to be someone from the conference. Secondly, you’re giving the hacker information on the types of projects you’re working on and another person they can target. To avoid oversharing in your out-of-office message, limit what you say. Don’t provide your location or contact information in your message. It’s a good idea to set different automatic replies for those within your organization and those outside your organization.

4. Smart devices

Technology is getting smarter and many people are integrating IoT devices into their offices and/or homes. While these devices can make life easier, they also run the risk of being hacked. Hackers can use IoT devices to engage in several malicious activities, such as targeting users with mobile malware, spying or hacking billboard screens to spread their own messages. They can also render these devices useless, such as hacking a smart lock and preventing it from working. When choosing to integrate IoT devices, do your research. Check which brands have had issues with their devices in the past and ensure that you’re buying them from authorized retailers. Ensure that all endpoint devices in your corporate network are protected with endpoint security and that they are all protected with strong passwords.