Inventory of Authorized and Unauthorized Devices
How do attackers exploit the absence of this control?
Many criminal groups and nation-states deploy systems that continuously scan address spaces of target organizations, waiting for new and unprotected systems to be attached to the network. The attackers also look for laptops not up to date with patches because they are not frequently connected to the network. One common attack takes advantage of new hardware that is installed on the network one evening and not configured and patched with appropriate security updates until the following day.
Keep your password secret
Your password is like your bank account PIN - if you give your PIN to someone else, your bank is unlikely to pay you back if it is used to steal from your account. Likewise, your company expects you to use your password to stop others misusing your computer account. If you share your password, you may be held responsible for what other people do with it.
Article about percentage of users that would share their passwords:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci895483,00.html
Malware Defenses
How do attackers exploit the absence of this control?
Malicious software is an integral and dangerous aspect of Internet threats, targeting end-users and organizations via web browsing, e-mail attachments, mobile devices, the cloud, and other vectors. Malicious code may tamper with the system's contents, capture sensitive data, and spread to other systems. Modern malware aims to avoid signature-based and behavioral detection, and may disable anti-virus tools running on the targeted system. Anti-virus and anti-spyware software, collectively referred to as anti-malware tools, help defend against these threats by attempting to detect malware and block its execution.
Microsoft Ending Support for Windows 7 and Windows Server 2008 R2
On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates. Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while running Windows 7 and Windows Server 2008 R2.
Microsoft Operating Systems BlueKeep Vulnerability
Please note, a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: