1. Misconfigured Access Rights
1.1. Can be a threat when default rights are not changed.
1.2. If you are an admin, make sure only you have administrator rights.
1.3. When a user's role changes or when they leave the organisation, make sure to update access rights.
2. Social Engineering
2.1. Pharming
2.1.1. Pharming is a type of cyberattack that redirects a user from a genuine website to a fake one. The fake website will often look like the genuine one. When a person logs in, it sends their username and password to someone who will use it to access their real accounts.
2.1.2. There are several ways that a pharming cyberattack can redirect traffic from a genuine website to a fake one. One example is if the Domain Name Servers (DNS) of the website, which match the website address with the IP address of the webserver, are hacked and the IP address is changed to become the address of the pharming site.
2.2. Phishing
2.2.1. Similar to blagging, a phishing email will ask a person to send personal details, but pretends to be from a business. They can often look convincing, but may contain spelling errors or URLs that do not match the business's website.
2.2.2. When a person clicks on these links and logs in, it sends their username and password to someone who will use it to access their real accounts. This information might be used to steal a person’s money or identity, or the email may contain malware.
2.3. Shouldering
2.3.1. This is the simplest form of taking personal details. Shouldering is looking at someone’s information over their shoulder, for example looking at someone enter their PIN in a shop or at a cashpoint.
2.4. Blagging
2.4.1. Blagging is when someone makes up a story to gain a person’s interest and uses this to encourage them to give away information about themselves, or even send money.
2.4.2. For example, a person may receive an email that appears to be from a friend telling them that they’re in trouble and asking them to send money.
3. Outdated Software
3.1. Many programs will automatically update to make sure they have the latest patches installed. This helps to ensure the program runs correctly and protects the computer from new threats.
3.2. Most anti-virus software will frequently update itself so that it is able to recognise the latest computer viruses and malware.
4. Malicious Software
4.1. Malicious code is software written to harm or cause issues with a computer.
4.2. Virus
4.2.1. Damage or delete data by copying itself and spreading to other computers
4.2.2. Viruses hide in .exe and .pkg files so they can be shared online or through removeable media
4.3. Trojans
4.4. Ransomware
4.5. Spyware
4.6. adware
5. Removeable Media
5.1. USB memory sticks CD-ROMs DVDs external hard drives
5.2. If removable media contain malware, it will attempt to move onto a system when connected to a computer, and then onto any other connected devices.
5.3. Can give unauthorised users access to computer
5.3.1. Can lead to hackers wanting ransom