When it comes to cybersecurity expertise, I’ll often quote industry professionals and security firms in order to help you stay on top of new trends, review best practices, and ensure that your strategy is sound. But it is also crucial to take a look from the other side of the court, to get a full perspective on today’s most pressing cybersecurity issues.

It can be easy to write off cybersecurity professionals’ warnings as alarmist, or irrelevant to your business. But it really drives the message home when you hear about these dangers from those who have actually carried out the crimes, when it becomes clear just how easily you can lose everything with one wrong click of a link. Today, we get an inside look into hackers’ own thoughts on cybercrime, and examine the areas in which they see the most vulnerability.

Social Engineering Is Often Overlooked

Kevin Mitnick is a criminal-turned-security-expert, kind of like a cybersecurity version of Frank Abagnale. He still hacks for a living, but these days it’s in the name of legal penetration testing. His number one piece of advice to clients is to never forget that “people are the weakest security link.”

Mitnick believes that social engineering is an issue strongly lacking in awareness, and something that businesses (and individuals) need to focus on going forward. Computer security is unwavering, but people can be weakened, manipulated, compromised. They rely on emotion and trust, and can quite easily be tricked by phishing attempts that appear to come from legitimate sources.

Maybe you think that this won’t happen to you. But what about your coworkers, your employees? All it takes is one person to click the wrong link, and your entire network can be compromised. Employee education, training, and testing should be a top priority, and can help you avoid some of the most pernicious attacks.

Stagnant Security Protocols Don’t Cut It

Mitnick also emphasizes that companies cannot take a “set-it-and-forget-it” approach with cybersecurity – the field is changing too rapidly, and there are too many attack vectors for you to assume that your current measures will always be successful. He has demonstrated how thumb drives, PDFs, public Wi-Fi, and other common elements we take for granted in our daily computing lives can be used to penetrate unsuspecting users’ systems.

The final piece of advice Mitnick has to offer is his insistence on penetration testing – hiring third party, experienced “white hat” hackers try and break into your business. By analyzing current security, your company can determine its weak points and get advice on how to improve so that real hackers cannot exploit these vulnerabilities. It is recommended that these penetration tests be performed a couple of times per year in order to ensure that your security remains strong against the latest threats.

Criminals Love When You Fall Behind on Updates

New viruses are created every single day, new vulnerabilities are regularly discovered, and cybercriminals are constantly refining their techniques in order to gain entry to victims’ systems. New exploits are put into practice by those who discover them, then passed around criminal communities for common use.

Software developers do their best to patch these vulnerabilities as soon as they are discovered, but unfortunately, users are not as quick to put these updates into place. And that’s good news for cybercriminals: according to a contributor on Null-Byte’s “Advice From a Real Hacker” series,

“We hackers love when people refuse to update because that means that even old tried-and-true exploits will work with their systems. If you update, I have to be more creative in developing my own new hack.”

And that goes for more than just operating systems – products such as Adobe Flash and Reader are common targets for hackers, and need to be regularly serviced.

It is also highly recommended that you keep your antivirus up to date. This software is regularly updated for a reason: viruses mutate to get around these defenses, and so antivirus must constantly evolve to cope with the newest and most dangerous threats.

Your Password Isn’t as Strong as You Think

When it comes to choosing a password, the key element is not cleverness – in most cases, hackers won’t know you well enough to try manually entering passwords they think will work. Instead, they use brute force, attempting millions or even billions of different combinations. As a result, your approach to password choice should reflect this primary threat, and use the following tactics to make it infeasible for professional hackers to gain entry:

  • Make your password as long as possible
  • Never use dictionary words
  • Use all allowable character types (upper and lowercase letters, numbers, special characters)
  • Change your password often
  • Use different passwords on different accounts

A good approach is to create a passphrase: a long string of words that is meaningful enough to remember, but difficult to guess (long, using varied characters). This way, you will not have to write it down to remember, but frustrate even the most persistent of hackers.

Putting Advice Into Action

Cybersecurity is not a theoretical field, nor is it a unique concern to large companies. Hackers are constantly searching for victims and finding new vulnerabilities every day, yet for many organizations, the threat does not feel real enough to take action. Hopefully this article helps demonstrate the fact that these are the daily considerations of cybercriminals, and that such people will attack indiscriminately when they find an opening. If you’ve been waiting to update your business’s cybersecurity strategy, now is the time to act.

[This post was originally published on Switchfast.com]