The week in security: Poor security habits perpetuate poor security defences

It may have only involved a few dozen executives, but if the findings of a new survey are anything to go by, Australian companies are leaving themselves horribly exposed: fully half still haven’t implemented basic security protections that were clearly outlined in the ASD’s Top 4 mitigation strategies at the beginning of this decade.

That means companies are more exposed than they should be to the depredations of vulnerabilities such as a dangerous Struts flaw in Cisco gear.

Poor security protections also increase companies’ susceptibility to the poor Internet of Things (IoT) practices of their employees – who, statistics suggest, are sustaining alarmingly poor security practices on their IoT-laden home networks.

It may also, indirectly, increase exposure to business email compromise (BEC) attacks that are continuing to surge along with the profits from the attacks.

There were warnings that iPhones were being targeted with fake MDM and ‘age restriction’ attacks

The latest version of Chrome, version 69, brings a revamped password manager, changes to the handling of HTTPS, and other improvements to everyday security.

Yet as well as improving browser protection, many users will want the added layer of protection provided by a reliable VPN like ProtonVPN, which CSO reviewed as part of its Best VPNs roundup and found to be a solid choice.