Worst security mistakes made by...

End-user training is often the one area of a good security policy that is given the least amount of attention. When end users are not properly trained on how to use and maintain security, breaches will result.

Here is a list of some of the security mistakes that end users make, especially when they are not properly trained:

  • Opening attachments on e-mails from unknown and unexpected sources
  • Not installing necessary and recommended security patches, such as for Office and Internet Explorer
  • Installing games, screen savers, or other Internet downloaded programs without verifying that they are safe and do not contain viruses or Trojan horses
  • Not making backups of their local data or not verifying and testing such backups when made
  • Using a modem from their LAN client while still connected to the LAN without an Internet firewall and without organizational permission
  • Using a password-saving utility to retain logon credentials for local, LAN and Internet sites

But, before you begin pointing the blame finger at your end users, IT professionals are not without their own faults, oversights and outright mistakes. Here are some of the top security mistakes made by IT people who should know better:

  • Placing a system online (LAN or Internet) before hardening and testing it
  • Not installing necessary and recommended security patches and OS upgrades

    Requires Free Membership to View

  • Using insecure remote management tools, such as telnet, on servers, routers, firewalls, etc.
  • Giving out passwords or changing passwords over the phone
  • Performing an administrative-level operation based on a request from someone without properly verifying their identity or authority
  • Not making backups of the LAN data or not verifying and testing such backups when made
  • Running unnecessary and insecure protocols and services
  • Deploying firewalls, proxies, etc. with default settings
  • Not installing and maintaining antivirus software

This was first published in March 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.