Research from Spiceworks, a network of IT professionals, highlighted more than 70% of respondents rated security as their top concern. Here are nine things that should be keeping you up at night…
Sure, software is the greater risk, but many hardware vulnerabilities are software-based. Older equipment is often without built-in security features like:
- Unified Extensible Firmware Interface (UEFI) with Secure Boot
- Self-healing basic input/output system (BIOS)
- Pre-boot authentication (PBA)
- Self-encrypting drives
That’s why you should be auditing and planning to remove:
- Computers with conventional BIOS, because they can’t run Secure Boot, which helps to prevent malware loading during the boot process.
- Computers without pre-boot authentication or a trusted platform module (TPM), which stop the operating system from loading until the user enters authentication information, such as a password.
- Old routers, which can have serious vulnerabilities.
- Drives that don't self-encrypt. Self-encrypting drives (SEDs) need a password (in addition to the OS login password), and the technology automatically encrypts and decrypts data on the drive.
On a side note, old drives leave you vulnerable in another way: you could lose data when they fail, which they will.
Getting your hardware straight will almost always involve spending money, but fixing up software could be as simple as running those free updates you never got around to. Here’s what to look at:
- Unpatched or out-of-date operating systems: Windows XP has been beyond its support period for nearly three years but is still running all over the world despite there being no updates, no technical assistance, and limited efficacy with anti-virus. And old operating systems always have fewer security features than new ones.
- Unpatched or out-of-date productivity software: It’s highly risky to run unpatched versions of Microsoft Office, especially older versions like Office 2002, Office 2003, and Office 2007. They can give a hacker access to the rest of a system, with particularly catastrophic consequences if the user has administrative privileges.
- Legacy custom applications: If running an old version of Office is a risk, imagine the danger of running legacy custom software, particularly if you’re no longer doing business with the vendor (or the vendor is no longer in business). When your legacy software was being coded, the vendor probably wasn’t thinking of the sort of security attacks that are common today.
- Unpatched web browsers: No browser is entirely free of security vulnerabilities. Common vulnerabilities include URL spoofing, cross-site scripting, injection attacks, exploitable viruses, buffer overflow, ActiveX exploits, and many more. Always, always run the most recent version.
- Out-of-date plug-ins: Everybody loves a plug-in, but they have a high potential for disaster, especially if you’re not running the latest versions.