Security News Roundup: NSA Unearths Multiple Serious Windows Bugs
The new year is just over a fortnight old. That’s plenty of time for an excess of cybersecurity issues to hit the news wire, including a major issue with Windows 10 and Server 2016 that was so severe it was found by the National Security Agency (NSA).
Multiple vulnerabilities found in Microsoft Remote Desktop Protocol (RDP)
Buried a bit behind the news of the NSA’s findings to Microsoft on issues with Windows 10 and Server 2016 were a handful of vulnerabilities that, in short, are a big deal.
Many organizations use Microsoft RDP to gain remote access into network computers, allowing individuals to work securely from any location. However, vulnerabilities in the RDP system have made things so easy for attackers that a bad egg could gain access to networks using RDP without even having to provide a login.
Imagine, someone rooting around in your remote computer or network without so much as stealing your login credentials to gain access.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said the Microsoft Security Response Center.
These vulnerabilities have the potential to have a long “shelf” life due mostly to the slow nature of patch installs on servers.
IoT is Cybersecurity’s Worst Kept Secret
The explosion of Internet of Things (IoT) devices over the past decade has created mountains of data that has the potential to drive profitability.
According to HelpNet, market-leading IoT cybersecurity solutions are driving visibility and are helping create a new type of device “registry” which has information like operating system specifics, application versions, and vulnerability remediation from the life of a device. This information can also be used to repair or replace devices before an outage causes downtime or lost revenue.
Taking data from workflows and utilization recorded by IoT devices allow enterprises to stay ahead of potential issues to maintain operational systems.
How HR Teams Can Help Mitigate Cybersecurity Challenges
Data breaches have taken cybersecurity from an IT-focused issue to a full-business issues that crosses the lines of departments. No longer is it just an IT problem to face these issues.
In fact, good cybersecurity measures begin with HR.
Your human resources department get the first crack at getting to know a new employee once they’re adding to your staff. Yes, you interviewed them and may have approved the hire, but your HR staff may have scheduled interviews, corresponded via email or phone, and will be a key cog in the onboarding process. That department will know well before you will if your new hire is a noob or has the chops to follow your cybersecurity procedures.
HR professionals can help to identify employees with bad security habits and help to mitigate potential issues with additional training.