A big part of IT’s job is to help users avoid mistakes that weaken security. But IT pros can also make plenty of mistakes of their own.
Here are the biggest blunders your staff should avoid, according to Roger G. Johnson of Argonne National Laboratory:
- Installing security products, but not configuring them properly. According to a recent Verizon survey, more hackers are currently attacking configuration problems, rather than software vulnerabilities.
- Automatically trusting security software. All software can contain vulnerabilities, and security applications are no exception. But too often, businesses don’t include firewalls, antivirus programs and the like they run security tests.
- Writing security policies that treat people like children. That will only lead to disgruntled users who will try harder to get around security controls.
- Failing to run background checks on employees and contractors who have access to the company network. As the Verizon survey also revealed, more data breaches now involve inside hackers.
- Relying on technology as a security cure-all, without also training users to correct bad behavior. Recent studies have found that antivirus applications, for example, are struggling to keep up with emerging malware threats.
- Being too strict regarding passwords. When users are forced to remember highly complex passwords, they’re just more likely to write them down.
- Failing to properly prioritize. Let’s face it, not everything can be completely protected. But smart IT departments know what data needs the most attention.