5 IT Security Mistakes That Companies Still Make

9/27/12 2:00 PM Eva Jacob IT Security

IT SecurityWith all of the news about cyber attacks, remote threats, and sophisticated hackers, it’s no wonder that many organizations have stepped up their efforts to protect their data, clients, and business information. But despite it all, some organizations still may have leaks, holes, or insecure areas of their business that they have not yet protected or have forgotten to protect. Here are five IT security mistakes that are affecting some organizations: 
  • Using default or common passwords: With all of the passwords needed to access computers, email, servers, documents, intranets, and other areas, it can be hard for both individuals and departments to remember every password they need. But keeping the default password instead of requiring regular changes can mean that employees can guess at others’ passwords, and can make it easy for hackers to infiltrate desired areas.
  • Failing to remove access for former employees: It happens – employees leave, sometimes of their own volition and sometimes not. But those employees do know their passwords, and do know how to access documents, systems, and programs that can contain sensitive and critical data. By not removing access immediately for those employees, any organization is left wide open and vulnerable for disgruntled ex-employees.
  • Leaving vulnerabilities unpatched: No software is perfect, but companies do their best. When security issues occur, vigilant companies release patches as soon as possible to ensure their clients are not left vulnerable for long. But the problems when the client – any organization – does not apply those patches, either because of the time required or due to complacency. But remember that because as soon as clients know about vulnerabilities, so do hackers.
  • Forgetting about physical security: IT security is very important – but so is physical security. Anyone who wants to can find a way into an office, steal physical machines such as laptops, mobile devices, and then walk away quickly and undetected. And if those machines contain sensitive data, anyone can use it for any purpose.
  • Assuming that policies will be followed: Even when software and physical machines are secure and that the necessary procedures have been documented and agreed to by all employees, this doesn’t necessarily mean that they will be followed. Therefore, it is imperative that everyone is held accountable to the security measures that have been put in place to ensure IT security and safety of information.

Organizations remain busy in all areas – keeping clients happy, keeping employees productive, and selling services. But an important part of any organization is making sure that data – all data – is kept safe and secure. By reviewing the common mistakes above, any organization can determine if additional security is needed to keep their business as impenetrable as possible to threats.

Click me