Cyber attacks often begin with a vulnerability. In the realm of cybersecurity, a vulnerability is a weakness — either physical or digital — that allows a nefarious individual to access a system or network for malicious purposes. Vulnerabilities themselves don’t cause cyber attacks. Rather, they provide a means for exploitation. What are some of the most common vulnerabilities exactly?

#1) Weak Passwords

Weak passwords are one of the leading types of cybersecurity vulnerabilities. A study by Verizon found that 81% of data breaches are caused by compromised passwords. If you have a short, generic or otherwise weak password for an account, a hacker may crack it, thereby granting him or her access to your account.

#2) Phishing

Phishing is another widespread vulnerability that affects countless businesses’ information technology (IT) infrastructures. A form of social engineering, it’s used to trick businesses into providing sensitive information, such as their account logins. Phishing attacks often involve email. You may receive an email that asks you to visit a log in page and enter your credentials. Upon doing so, though, the hacker will capture your credentials.

#3) Lack of Encryption

Failure to use encryption is a cybersecurity vulnerability. Encryption is designed to prevent data from being read by unauthorized individuals. It doesn’t actually prevent other individuals from accessing data. Instead, encryption uses an algorithm to mix up the data so that it can only be read by the authorized individual or individuals.

#4) Unpatched Software

Always patch your software as soon as a new version is available. Unpatched software can present a vulnerability. Developers release new versions of software to fix problems that could otherwise cause a cyber attack. To receive a new version of a given software, though, you must download it.

#5) No Access Control

Access control refers to the use of regulatory systems to control who can access devices or resources on a network. Large businesses may have dozens or hundreds of employees. If all employees are all allowed to access all resources on the business’s network, it could pose a risk for a cyber attack.

#6) No Firewall

Not using a firewall is a vulnerability that can lead to a cyber attack. A firewall is a barrier, for better of a word, that filters malicious traffic from reaching a network. It will scan traffic as it attempts to enter your business’s network. If the traffic is malicious, the firewall will block it.