Security is now the third pillar of computing – along with energy efficient performance and internet connectivity. If you can avoid these 10 most common mistakes you’re putting your business in a strong position to succeed.
Mistakes are inevitable in enterprise security but the most common are the most avoidable with some planning and forethought. So here I present the 10 most common enterprise security mistakes. How many have your company made?
1. Weak passwords
Yes, it’s the obvious one but perhaps among the most common and easily avoidable. Too often employees are allowed to use simplistic passwords: “123456” being one of the most popular, as is the word “password” itself. And yes, re-using the same password across multiple services and devices counts as weak. Draw up a password policy and enforce it. And ask yourself – have you put systems in place to protect secure passwords? Do you have a password vault?
2. Poor patch management
Ensure your IT department, or IT manager is making the most of automatic security updates. Don’t let your employees become the last line of defence for patches and updates.
3. An irregular back-up policy
There’s no excuse for not ensuring company data is not backed up frequently and predictably to help recover from sometimes inevitable crashes/breaches
4. Lack of disaster planning
What would your company do if a laptop with critical customer information went missing? What would you do if your website suffered a denial of service attack? If you can’t answer those questions then you have no disaster planning.
5. Over-reliance on technology
Good enough is not good enough when it comes to security and believing that technology will solve all your security problems is a mistake. If your information security architecture is just about deciding between SSL or VPN then you’ve not gone far enough.
6. Not encrypting data
Encryption is now achievable without compromise to performance thanks to Intel’s latest generation of Core processors. There’s no longer no excuse for not using encryption.
7. Not being alert for security breaches
Many security problems are hidden and only revealed through regular auditing of procedures and protocols. For example, Sony’s recent problems with its PlayStation network went unnoticed for some days.
8. Not keeping an audit of physical assets
Would you know if a laptop or mobile had gone missing? How long would it take before you realised it was missing?
9. Lack of training for staff
Security is a moving target, which means your staff must be kept informed and engaged. A few years ago no-one would have imagined that social networks would be a security threat to companies – but they could be.
10. Sending sensitive company data via email that hasn’t been encrypted
It’s simple – stop sending passwords, PINs, and account data via unencrypted email. It’s an invitation for a breach.