Problem solve Get help with specific problems with your technologies, process and projects.

Worst security mistakes made by...

The best way to prevent common mistakes is to know what they are. Here is a list of common security mistakes.

End-user training is often the one area of a good security policy that is given the least amount of attention. When end users are not properly trained on how to use and maintain security, breaches will result.

Here is a list of some of the security mistakes that end users make, especially when they are not properly trained:

  • Opening attachments on e-mails from unknown and unexpected sources
  • Not installing necessary and recommended security patches, such as for Office and Internet Explorer
  • Installing games, screen savers, or other Internet downloaded programs without verifying that they are safe and do not contain viruses or Trojan horses
  • Not making backups of their local data or not verifying and testing such backups when made
  • Using a modem from their LAN client while still connected to the LAN without an Internet firewall and without organizational permission
  • Using a password-saving utility to retain logon credentials for local, LAN and Internet sites

But, before you begin pointing the blame finger at your end users, IT professionals are not without their own faults, oversights and outright mistakes. Here are some of the top security mistakes made by IT people who should know better:

  • Placing a system online (LAN or Internet) before hardening and testing it
  • Not installing necessary and recommended security patches and OS upgrades
  • Using insecure remote management tools, such as telnet, on servers, routers, firewalls, etc.
  • Giving out passwords or changing passwords over the phone
  • Performing an administrative-level operation based on a request from someone without properly verifying their identity or authority
  • Not making backups of the LAN data or not verifying and testing such backups when made
  • Running unnecessary and insecure protocols and services
  • Deploying firewalls, proxies, etc. with default settings
  • Not installing and maintaining antivirus software

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.