Cracks in the System
Cybersecurity threats don’t always kick the door down—sometimes, they slip in through the cracks. This month, we’re spotlighting three subtle but serious security risks that could be undermining your defences right now.
The Dangers of Misconfigured MFA
MFA is essential, but if poorly set up—like push-only prompts—it can be bypassed. Misconfigurations leave you exposed to attacks like MFA fatigue.
Why It’s a Risk:
Misconfigured settings may allow fallback to SMS, which is more vulnerable.
Legacy systems might bypass MFA altogether.
What You Can Do:
Use number matching or device-bound authentication.
Block legacy authentication protocols.
Regularly test and audit MFA enforcement across users and devices.
Why It’s a Risk:
A rushed update might interrupt business-critical applications.
Firmware or driver updates can trigger system crashes or hardware issues.
Settings can reset, disabling important security controls.
What You Can Do:
Stagger updates across devices and monitor impact.
Test major patches in a sandbox before full rollout.
Use update policies to retain control over deployment timing.
Why It’s a Risk:
Sharing passwords or sensitive data without approval.
Using unsanctioned tools or cloud apps.
Clicking phishing links or ignoring security policies.
What You Can Do:
Monitor user behaviour for anomalies.
Provide clear policies and regular training.
Limit access to sensitive systems on a need-to-know basis.
Data Audit: The Essential 15-Point Checklist
We’ve partnered with Cortida to bring you a 15-point Data Audit Checklist — a practical guide to help AECO and Manufacturing businesses understand who owns their data, where it’s stored, and how secure and compliant their setup really is. Download it to spot gaps and strengthen your data strategy.
A National Push for Cyber Resilience
Last month, UK government ministers issued a joint letter to the CEOs and Chairs of major organisations, urging action against rising cyber threats. The letter emphasised that cyber security must be a board-level priority and outlined three immediate actions for businesses:
-
Use the Cyber Governance Code of Practice to guide decision-making and incident response planning.
-
Register for the NCSC’s Early Warning service to detect threats before they escalate.
-
Mandate Cyber Essentials across your supply chain as a minimum standard.
This reinforces Cyber Essentials not only as a technical benchmark, but as a key requirement for doing business responsibly in today’s digital economy. Read more about it here!
Recent Vulnerabilities to Be Aware Of:
- Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 - Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362
- Over 75,000 WatchGuard security devices vulnerable to critical RCE - Over 75,000 WatchGuard security devices vulnerable to critical RCE
- Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability - Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
- ASUS warns of critical auth bypass flaw in DSL series routers - ASUS warns of critical auth bypass flaw in DSL series routers
- Critical Fortinet FortiWeb WAF Bug Exploited in the Wild - Critical Fortinet FortiWeb WAF Bug Exploited in Wild
- ClickFix Attacks Against macOS Users Evolving - ClickFix Attacks Against macOS Users Evolving - SecurityWeek
- Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection - Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection
Bluebeam Max: The Superpower Taking Revu Into the AI Era
The construction industry is entering a new era, and Bluebeam is once again leading the way. In 2026, Bluebeam Max will launch as a new premium subscription that combines the power of Revu with advanced AI technology. This blog highlights just some of features you will expect to see within Bluebeam Max.
How Bluebeam + GoCanvas Are Revolutionising Field Data Capture
In construction, the gap between the construction site and the office has always been a challenge. But by combining Bluebeam’s powerful PDF markup tools with GoCanvas’s mobile forms, companies can finally achieve seamless documentation that flows effortlessly from site to office.
Which Bluebeam Studio Is Right for You? Cloud vs On-premise
Collaboration is the backbone of modern construction projects. Whether you’re reviewing drawings, marking up RFIs, or coordinating across multiple stakeholders, having the right platform makes all the difference. This blog reviews Bluebeam Studio (cloud-based) and Bluebeam Studio On-premise. While both enable teams to work together on PDFs in real time, the choice between them depends on your project requirements, IT policies, and security needs.
+44345 370 1500 · info@symetri.co.uk