As cybersecurity awareness month moves forward, it’s clear we still need a lot of awareness. Thanks to Kanye West getting caught using “00000” as his phone passcode, we might just be getting somewhere.
In all seriousness, looking to our own research out this week, we have a long way to go in getting the basics down. Despite security professionals having a heightened awareness to the vulnerabilities in today’s digital landscape, things like good password habits are still not fully sticking.
California is looking to change those habits by putting the onus on device manufacturers with a new law. They passed a law called the Information Privacy: Connected Devices bill, which essentially requires every device sold to come with “reasonable” security features, including that “The preprogrammed password is unique to each device manufactured or the device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.” This is just another example of how enterprises are being held more accountable when it comes to security.
Was it the end of an era this week? That’s questionable. But the closing of Google+ after an API bug exposed more than 500k user details certainly brings to light the issue of putting our data out there, assuming it will be safe. This exposed data sat out in the open for more than six months because Google was avoiding the regulatory repercussions they might face.
In other hacking news, if you use WhatsApp, hackers can completely take over your account and listen in on your conversations just using your phone number. Let’s think about this: if you have shared a password, your social security number or driver’s license via WhatsApp, hackers could have accessed those conversations.
Ultimately, in cybersecurity, ignorance isn’t bliss. Awareness is key, and what we don’t know actually can harm us. So, update that software, make those passwords stronger and don’t leave your data just lying around.
Now it’s your turn. What did you read this week in security headlines?