The Breach-Friendly IT Environment: 6 habits hackers love identifies many of these common behaviors and provides relevant solutions for the IT Specialist and amateur engineer alike. Check out our Modern Workplace Watchdog eBook: http://po.st/MWWE

1. 1
The Breach-Friendly
IT Environment:
6 Habits that Hackers Love

2. 1
Introduction
Cyber-terrorism, corporate espionage, identity
theft—call it what you want, but at the end of the
day hacking’s still someone accessing your data
without your permission. But despite the increase
in cyber-crime, the cyber criminal’s career path
isn’t all passwords and binary. Hacking ain’t easy.
It takes patience, commitment, resolve, and,
if turn of the century cinema taught us anything,
a plucky young tech savant.

3. 2
Introduction
A majority of all data breaches today are the
result of a hacker staking out, and capitalizing
on, an opportunity. Security lapses, weak
passwords, and lazy online habits are the digital
equivalent of parking in a shady alley with your
windows down. You’re just inviting trouble.
These six habits are the open window for cyber
crime. It’s up to you whether you roll it up.

4. 3
An Out of Date Operating System
We all hate upgrading to a new OS. Finally figure
out the new bells and whistles and—bam—say
hello to the next model. But software developers
don’t just continually pump out new stuff because
it pays the bills; that new update you’re ignoring
likely contains the latest security adaptations
to help protect against new threats.

5. 4
Default Program Settings
One size doesn’t fit all. Incorrectly configured
web servers, plug-ins, and applications can
provide an easy entry point for hackers. When
you close those loopholes, each new application
can be adjusted to meet your needs. Sure,
you can stick with what’s there and click through
the dialogue windows like there’s no tomorrow,
but you may as well leave your keys sitting
on the hood of your car.

6. Password-Only Verification
“123456” is not a password, it’s an invitation
(despite 4.1% of users thinking otherwise)1
.
So is your birthday, kids’ names, social security
number, and using the same password for all
of your online accounts. Spice up your password
life and start using two-factor verification.
These programs add a gesture, PIN, or device
authentication to compensate for the weakest
form of security.
1: teamsid.com/worst-passwords-2015/
5

7. 6
Undereducated Employees
Any decent hacker has a good understanding
of psychology. Social engineering and other
forms of deception are specifically designed
to manipulate the human element of cyber security
and trick your well intending employees into giving
up their passwords and authorizing unintended
access. By providing employees with the proper
education and training to identify many common
hacker strategies, you create a neighborhood
watch to help protect your assets. I need your login to run
the update
Sure thing, here ya go! =]

8. 7
On-Site Security
Unless you work for one of a handful of tech
companies, odds are your internal security is some
combination of incredibly expensive, outdated,
and/or overlooked. With dedicated teams
committed to preventing breaches, minimizing
their impact, and constantly developing new
defense measures, cloud storage allows you
to recruit the capabilities of the top names in cyber
security at a fraction of the cost.

9. 8
Antivirus and Malware Protection
Third party applications can come with their
own risks, including malware, trojans, and other
tools that can either immediately grant hackers
access to your data or create new access points
for future breaches. Windows Defender, Credential
Guard, Secure Boot and Conditional Access monitor
your systems and actively prevent break-ins like
a high-end car alarm.
If you don’t want to be the next victim of cyber
crime, take the precautions to create a more
secure network and keep making the hacker’s
job as difficult as possible.
To learn more about how to eliminate
opportunities for future breaches, get
The Modern Workplace Watchdog
eBook at http://aka.ms/win10watchdog.

10. This document is for informational purposes only. MICROSOFT MAKES
NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. This document
is provided “as-is.” Information and views expressed in this document, including
URL and other Internet website references, may change without notice.
This document does not provide you with any legal rights to any intellectual property
in any Microsoft product. You may copy and use this document for your internal,
reference purposes. © 2016 Microsoft Corporation. All rights reserved.
microsoft.com