3 Laptop Security and Privacy Risks Users May Not Know About

By now, most IT departments have educated their users about suspicious email attachments, dubious websites, and phishing emails. Maybe you’ve even cautioned them about the growth of ransomware.

Unfortunately, the list of security and privacy risks laptop users face is long, and seemingly growing longer all the time. Here are three risks that users might not be aware of, and what IT should do to educate them.

Little-Known Risk No. 1: Laptop Webcam Spying

Most laptops (and tablets) today come with built-in, front-facing cameras for video chat. What some users might not realize is that the cameras can be used against them for spying.

FBI Director James Comey recently garnered media attention, aside from his agency’s fight with Apple, for revealing that he taped over his personal laptop’s webcam. Comey wants to prevent shady hackers from using his webcam as a peephole through which to spy on him.

No doubt, the FBI director is a juicy target. And Comey isn’t being paranoid. Malicious hackers can use Remote Access Trojan (RAT) malware to commandeer a laptop, record Skype or other conversations, or use the webcam to spy on users.

“The Internet is flush with webcam videos of people who clicked unwittingly on a malware link and opened their computer to anonymous miscreants intent on mocking, blackmailing or simply spying on them,” according to a 2015 article by U.S. News & World Report.

RATs are ideal for surveillance. Indeed, some bloggers have pointed out that the FBI itself has used similar malware to spy on suspected criminals. Some RATs are difficult for anti-virus and other security software to detect. Plus, they’re often downloaded via a user-requested program, such as a game, or distributed as an email attachment.

Key takeaways: Along with offering the typical warnings about malicious sites and email attachments, IT should advise users about the webcam threat. While a Band-Aid or piece of opaque tape obscures the video, keep in mind it does nothing to prevent eavesdropping on the audio of a video chat. For that, encourage users to only discuss sensitive information in video chat services that offer end-to-end encryption.

Little-Known Risk No. 2: Discontinued Software Programs and Utilities

By now, most people understand that Microsoft has stopped supporting Windows XP with security updates.

But software developers sometimes abandon support for applications and utilities, not just old operating systems. When that happens, shady characters may exploit holes in the software to spread viruses and other malware. So those who continue using the unsupported software are at risk.

Case in point: Apple has discontinued developing and supporting its media player QuickTime for Windows. Not surprisingly, security researchers recently uncovered vulnerabilities in the software, which will never be patched.

Key takeaways: Though no active attacks have been reported (yet), IT should advise its users to delete Apple’s media player ASAP. Whenever IT becomes aware that a widely installed software application or utility is no longer supported, it should recommend safe alternatives and advise users to delete the software immediately.

Little-Known Risk No. 3: Dodgy USB Drives

Nearly half the people who picked up a USB stick found in a parking lot plugged the drive into their computers, according to recent research conducted by Google, the University of Illinois Urbana-Champaign, and the University of Michigan. The problem is, USB sticks and drives are notorious for harboring Trojan horses and other malware.

Key takeaways: While it may seem harmless to plug in a USB drive, users need to be extra cautious, especially if they’re unsure of the drive’s origins.

Also, be aware that a new authentication specification for USB Type-C was recently announced. Among the refinements to the USB spec will be 128-bit cryptographic signatures for authentication, which should help prevent malicious software or hardware from delivering an exploit via USB Type-C. 

Underwritten by HP Inc. and Microsoft