Top 10 security land mines

Top 10 security land mines

April 1st, 2008

Matt Hines has posted The top 10 security land mines to InfoWorld. These are mistakes that undermine the security precautions that companies put in place.

“Slip of the finger” mistakes - e.g. using email address autofill, mistakes in encryption
Giving away passwords - phishing and spyware are still prevalent because people are not careful about where they hand out their data.
Third-parties - you have a security policy, but are your partners following your policy? Employees may assume it is ok to send sensitive information to business partners. Unencrypted data can easily end up in the wrong hands.
Web-based applications - webmail, file-sharing services that bypass security filters. Allowing data to be taken home increases these risks.
Not planning for a breach - being prepared will make things easier, not harder. You can lessen the breach impact with good response strategies.
Lack of leadership - if a single leader or small team is not appointed to respond to the breach, the breach response becomes diluted. Large teams can also hinder the process.
Mishandling investigations - in the case of a data breach, the “need to know” approach should be established in order that investigations are not compromised, particularly if it’s an inside job.
Trusting technology - technology is not the end to security preparedness. Look at things from a risk management perspective and do more than compliance requires.
Not planning spending - know what is important to your company, know your risks, and let that define your spending. Security issues have varying levels of threat to you, so your spending should correspond to high risk areas.
Storing information - only save what information you need to do business – delete anything you don’t need. For data retained, protect it.