What Is a Zero Day Vulnerability and What Can You Do to Stay Safe

Digital information overlaid with an open padlock

A zero-day vulnerability is an exploit that a hacker has found which they can act upon before the software developers have any time to react.

Most security issues are found long before anybody has had a chance to exploit them. The issues are generally found by other developers working on that part of the system or by white hat hackers who look for vulnerabilities with a view to securing them.

Given enough time a software developer can work out the severity, fix the code and create a patch which is released as an update.

A user can then update their system and no harm is done.

A zero-day vulnerability is one that is already out there. It is being exploited by hackers in a destructive manner and the software developer has to act as quickly as possible to plug the gaps.

What Can You Do to Protect Yourself From Zero Day Exploits

In a modern world where so much private data is held about you from so many different companies, you are largely at the liberty of the companies who own the computer systems.

This doesn't mean that you should do nothing to protect yourself because there are many things you can do.

What Can You Do?

For instance, when choosing your bank, look at their past performance. If they have been hacked once then there is little point in making a knee-jerk reaction because most large companies have now been hit at least once. The mark of a good company is one that learns from its mistakes. If a company continually appears to be targeted or they have lost data multiple times then maybe it is worth staying clear of them.

When you create an account with a company make sure that your user credentials are different from credentials on other sites. It is important to make sure that you use a different password for each account.

Keep the software on your computer up to date and take special care to ensure all available security updates are installed.

In addition to keeping the software on your computer up to date, keep the firmware for your hardware up to date as well. This includes routers, phones, computers and other connected devices including webcams.

Change the default passwords to devices such as routers, webcams, and other connected devices. 

Read the News

Read the technology news and look out for announcements and security advisories from companies. Good companies will announce any vulnerabilities that they know about and will provide details as to the severity and the best method to protect yourself.

In the case of a zero-day exploit, the advice may be a workaround or may even include not using a piece of software or hardware until a fix can be found and applied. The advice will vary depending on the severity and likelihood of the exploit being used.

Don't Get Scammed

Be wary when reading emails and chat messages via Facebook and other social media sites. We are all used to common everyday spam such as the offer of millions of dollars in exchange for a small release fee. These are clearly scams and should be deleted. 

What you should be aware of is when one of your friends or a company you trust has been attacked. You may start receiving emails or messages from people you know with links saying something like "Hey, check this out".

Always err on the side of caution. If your friend doesn't normally send you such links then delete the email or contact the person using another method and ask them whether they deliberately sent you the message.

When you are online, make sure your browser is up to date and never follow links from emails saying they are from your bank. Always go straight to the bank's website using the method you would normally use (i.e. enter their URL).

A bank will never ask you for your password via email, text or Facebook message. If in doubt contact the bank by phone to see if they have sent you a message.

If you are using a public computer make sure that you have cleared the internet history when you leave the computer and make sure you have logged out of all of your accounts. Use the incognito modes when in a public place so that any trace of you using the computer is kept to a minimum.

Be wary of adverts and links within web pages even if the adverts look genuine. Sometimes adverts use a technique called cross-site scripting to gain access to your details. 


To summarize the best ways to keep safe are to update your software and hardware regularly, only use trusted companies with good track records, use a different password for each site, never give your password or any other security details in reply to an email or other message which claims to be from your bank or other financial service.