In this week’s podcast, we discuss new statistics on password sharing, a recent spike in ransomware, and a newly discovered vulnerability affecting a children’s tablet
Hello and welcome to the IT Governance podcast. Here are this week’s stories.
First, password security. Again. According to a recent survey conducted by LastPass, 95% of people share up to six passwords with their colleagues, friends and family, and 59% reuse passwords for multiple logins. We frequently counsel against using weak passwords – and I could bang on about it at great length – but it is equally important to remember that you shouldn’t share or reuse your login information either. After all, even the strongest password, if it becomes widely known, offers no barrier to access. If you share your information or reuse the same credentials to sign into numerous accounts, a single data breach will jeopardise the security of all of them. In an enterprise context, one lazy user could cause a massive corporate data breach. You don’t want that. Use a password manager to generate strong passwords for each account, don’t tell anyone your passwords, and employ two-factor authentication where you can. And if you’re a manager, train your staff to be aware of the risks, and ensure you have proper access management policies to ensure the only people who can access your networks and systems are the ones who should.
Following the data breach that hit toy manufacturer VTech last November, in which millions of children’s details were exposed, parents have been understandably wary about their kids’ electronic toys. Now, a security expert has found that a popular toy made by LeapFrog is susceptible to attacks that exploit – quelle surprise – Adobe Flash vulnerabilities. Mark Carthy explained in a blog post entitled Beware: How Hackers Can Monitor Your Children that the LeapPad ULTRA – a tablet aimed at children – was running an old version of Flash (18.104.22.168, since you ask) that contained a vulnerability that could allow attackers to execute arbitrary code on the device. As he warns: “any malware exploiting these vulnerabilities would be able to gain full access to the device – allowing an attacker [to] activate the built-in microphone, monitor your child’s activity and even take pictures of them using both the front and rear facing cameras on the device.” And he only discovered this having connected the LeapPad to his computer, when he was prompted to update Flash – something many parents wouldn’t think to do. Bring back wooden children’s toys, eh?
And that’s it for this week. Until next time, remember that you can keep up to date with the latest information security news on our blog. And whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.