Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu
Home Blog Analysing the 6 Most Common Cyber Vulnerabilities

Analysing the 6 Most Common Cyber Vulnerabilities

Businesses, both small and large, are under constant threat from a variety of cyber vulnerabilities that aim to exploit your company’s data or cause harm. And new risks are increasing daily. 

The first step to minimise your cyber security risk is to identify the biggest threats, to allow you to put preventative measures in place. 

Below are the six most common vulnerabilities that your company should be aware of, with some tips for prevention.

Six common cyber vulnerabilities

1. Malware

This is one of the most common threats, and there is new malware being created everyday. The goal of most malware is to access sensitive data and copy it, or send it to a server where the attacker can use it to steal the information. There are various types of malware, including ransomware, trojans, and worms. 

Protection: Basic antivirus can protect from some malwares, however, a multi-layered security solution is recommended to provide optimal protection.

2. Unpatched security vulnerabilities

Have you ever found yourself dismissing the ‘update available’ reminder for your computer system or programme? This could impact your business in the long term, as a large proportion of threats rely on old security vulnerabilities to work. 

Protection: Create a procedure that maintains a regular update schedule for your organizations software to be updated, as well as identifying any future updates that will need to be implemented.

3. Phishing attacks

Also known as social engineering, phishing is when the attacker attempts to trick an employee in an organization to give sensitive data or account credentials. This often comes in the form of an email mimicking the identity of one of the company’s vendors or an authoritative user. The email may include a link or attachment, that will download malware onto the users computer and take over their system. 

Protection: Ensuring you have email virus detection tools installed on your computer will allow it to check email attachments for malware before you open them. Applying multi-factor authentication to all user accounts on your network will make it harder for attackers to hijack.

4. Poor data backup and recovery

With the threat of ransomware increasing, organizations have a pressing need to back up and recover data, but this isn’t always a top priority. Many organizations neglect the backup and recovery process because of time and resource.

Protection: Businesses should have a multi-layered backup and recovery strategy, including database storage, disk backups and cloud-based storage.

5. Lack of credential management

One of the common breaches is due to lack of good credential management. Using the same password across multiple sites, especially a weak password means hackers can gain access to more sites more easily. 

Protection: To solve this, your business should implement stringent password controls, such as longer and more complex passwords, and frequent password changes. It is also worth implementing multi factor authentication, where possible, especially for accessing sensitive data.

6. Internet of Things (IoT) devices

Your organization’s IoT are made up of many ‘smart devices’, such as wifi capable printers, faxers, manufacturing robots and even coffee makers. Surprisingly to some, this equipment can be hijacked by attackers to form networks of compromised devices to carry out further attacks. This means that businesses have unprotected vulnerabilities they aren’t even aware of. 

Protection: To minimise the risk, your organization should have a security audit performed to identify all of the assets on the network, along with their operating system. 

With more data being stored online and on large business networks, it is vital that organizations keep up to speed on new cyber threats and how to prevent these. Our Cyber Essentials Toolkit will guide you through the five key controls to meet the requirements of the Cyber Essentials scheme.

More Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free Cyber Essentials Resources

We’ve helped more than 4000 businesses with their compliance

Testimonials

Each document is not an island, they all interconnect which is something I've struggled with when using other template packs. Well written and generally happy with the structure of the docs. Really appreciate the excel tools.

PikesPlace
USA

View all Testimonials

Cookie Control

CertiKit uses cookies to improve your user experience. Some are essential for our website to work, but for others you have a choice over which ones you’re happy for us to use.

Please set the controls below to enable or disable the types of cookies shown.

Nice to have cookies
What are these?

Advertising Cookies
What are these?

Cookie Policy