Have you ever thought about the best ways to be negatively affected by a disaster, get hacked, or otherwise part with data stored on your computers? Here are some of the best ways to lose system security, in no particular order:
When an employee quits or is let go, leave his network log ins and e mail accounts enabled. You never know when he might want to check in on things.- Rely solely on technology. Firewalls, encryption and antivirus software are all you need to protect your information.
- Completely outsource your information security initiatives. There's no need for anyone inside your organization to worry about such matters.
- Leave your operating systems and software applications with the default settings. System hardening is for the birds.
- Don't train your users on your security policies and what to look out for, such as unsolicited e mail attachments and common hacker activities. Your users can't be burdened with more training.
- If you do happen to have a security policy, never refer to it, enforce it, update it or do what it says.
- By all means, don't take an inventory of your information systems or document your network.
- Don't pay attention to or even bother to understand what you're trying to protect.
- Don't patch your software or update your virus signatures, and never, ever, run vulnerability assessments to detect newly discovered software flaws and system misconfigurations. It s just too time consuming.
- Respond to hacker attacks, viruses and other intrusions as they happen don't be proactive in dealing with them.
- Ignore all known best practices and international information security standards from the International Standards Organization, Internet Engineering Task Force, SANS Institute, and your local information security consultant, to name a few.
- Leave your databases, especially those containing credit card or other confidential information, unencrypted. And be sure to store them on publicly accessible servers.
- Run your business without disaster recovery and business continuity plans. After all, you can think clearly and make critical decisions under pressure, right?
- Don't monitor your systems. They'll be fine running by themselves, and if anything major happens with the integrity or availability of your information, you'll be notified automatically, won't you?
- Don't back up your data, but if you must, don't test your backups. Also, leave your backup media on site preferably sitting on top of an uninterruptible power supply.
- Don't create any security policies that document how you re safeguarding your information to protect your organization and clients from information disasters and legal liabilities.
- Apply the principle of greatest privilege. Give all users the greatest amount of access to your information systems. Everyone should have access to everything ... it's only fair, right?
- Don't subscribe to security bulletins and mailing lists, and don't ever read information security trade magazines.
- Don't, under any circumstances, get upper management involved in information security initiatives. They're business focused and shouldn't be bothered or even care about technology or the liabilities associated with their information, right?
- Use passwords that consist of your pet's name, your name, your mom's maiden name, or your birthday. That way, you won t forget them. Better yet, just use "password" for your passwords. Also, don t forget to write them down and post them on your monitor or keyboard.
- Leave your servers and network equipment in a room to which everyone, including outsiders off the street, has access.
Author Resource:-> Nick Pegley is VP Marketing for All Covered: Technology Services Partner for Small Business, providing disaster recovery solutions and technology services in 20 major U.S. metro areas.
Article From Zing Articles - Best Free Articles on all topics
1 comment:
What happens if our security is breached? Do you suggest contacting an IT consulting firm? We had some lax of security in the lower levels of our business and now we need to get the breach fixed.
Post a Comment