You are here: Home » In this week's e-newsletter » The 5 most-overlooked security threats

The 5 most-overlooked security threats

October 20, 2010 By Sam Narisi 2 Comments

IT managers have to keep an eye out for a lot of security holes, so unfortunately a portion of them tend to remain open at many companies.

Here some of the threats that most often go overlooked:

  1. Unauthorized smartphones – IT departments go to great lengths to make sure all the computers and other devices connected to the corporate network are secure — but many allow users to connect to WiFi on their personal gadgets. That can cause problems if those smartphones are infected with malware, or intruders could gain access to the phones via Bluetooth and use them as a back door to get on to the network.
  2. Printers and other devices – All network-attached peripherals can allow hackers access to the corporate network. Those devices all run software, and software can be vulnerable. Advice: Treat all peripherals like you would any other workstation or server.
  3. Insider threats from business partners – Even if companies thoroughly vet all employees, including IT staffers, they may still encounter threats from people like consultants, vendor representatives and outsourced IT staffers. Take the same care when choosing and monitoring those people as you do with your own employees.
  4. Passwords written on sticky notes – A password policy does little good if users write their passwords down and leave them by their computers. Train users on how to choose and protect their passwords.
  5. Paper – With all the attention IT security gets, it’s still important to make sure paper documents are kept secure, too. Key steps to take include shredding documents when they’re no longer needed and locking file cabinets with sensitive info.
Filed Under: In this week's e-newsletter, IT Security, Latest News & Views Tagged With: , , ,

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy

Related Posts

  • Bob

    Once again, way off target, folks!

    1. Smartphones – Valid. Additional concern is embedded camera that could be used to inappropriately document security controls and / or sensitive information.

    2. Should read: “USB storage devices”. The biggest problem is with MP3 players, not printers.

    3. Insider threats… period. Because of social engineering, the employee base needs to be well trained. Additionally, a “determined insider” is the biggest threat to any security program.

    4. Nobody writes passwords on sticky notes these days. If so, the company should have an annual security awareness training program, and should dismiss offenders. Instead, security personnel should be focusing on malware with embedded key loggers.

    5. With renewed attention due to GLBA, PCI, and HIPAA, proper paper handling and disposal procedures are now well-baked in to any security program.

    If you folks continue to shrink wrap other peoples’ analysis and work, you should at least choose something of value next time.

  • http://www.donallenagency.com Amber Amber B-Bamber

    Unfortunately I have seen passwords on sticky notes in my office, luckily it was only for a service vendor & not for an insurance company which would have given access to customer policy information, but this does still go on. We have password protected documents for every employee to house & save all their passwords & PINs, but every once in awhile somebody gets lazy & decides to just write it down & hide it on their desk somewhere instead of updating their document. IT personnel need to be aware of this human condition – laziness – & to keep an eye out for it, it DOES still happen. Until the govt starts force-feeding everyone stimulants, I contend that it will continue to occur.