E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


TOP 10 MOST COMMON INFO SECURITY MISTAKES MADE BY INDIVIDUALS

Source: Human Firewall

Posted on September 19, 2002

      The following list represents a compilation of mistakes identified by security experts as those most commonly made by employees -- often unknowingly -- that put their organization's information assets at risk.

1. Passwords on Post-it Notes

      The ubiquitous Post-it Note appears to be a major crippler of security measures. Leaving a note with your valid password written on it posted near your computer monitor is the most frequent violation of information security policy, (some experts say one out of five employees are guilty). It's too easy for someone to copy it down and gain legitimate access with your systems with your password. It's the equivalent of identity theft. Toss those notes into the shredder and change your password now.

2. Leaving your computer on, unattended

      Too may people simply leave their computers on and walk away to do other things. Didn't your parents teach you to turn out the lights? The point isn't to save energy, it's to save your company from a potentially costly and embarrassing computer breach. Even passwords are worthless when someone can simply access your network systems while you are absent.

3. Opening e-mail attachments from strangers

      The Love Bug virus cost businesses billions of dollars worldwide. There is no substitute for looking a bit before you leap and open any email. There's a reason why these types of cyber attacks are so successful: trust and curiosity in human nature can easily be abused. Don't let it be you unknowingly spreading the latest social computer virus.

4. Poor password etiquette

      Everyone should take a quick course in password etiquette. Don't let your default password remain as your primary password. Don't enter the same password you've always had when the system asks you to change your password. Be original; think of your own combination of letters and numbers. This goes for the IT professionals as well. Failing to enter a password into Microsoft's server admin system, leaves a default password that can easily compromise your whole corporate network.

5. Laptops on the loose

      While theft of a laptop computer that's loaded with company secrets can happen in the airport, it's just as likely to happen from your office overnight. Lock your laptop in a desk drawer, out of sight, to minimize the risk or the temptation for it to walk off.

6. Blabber mouths

      Talking about your passwords, or about confidential information over lunch, in the break room, after work in a public drinking spot, or at the gym only increases the risk of someone gaining access to information they are not authorized to know.

7. Plug and Play without protection

      In the rush to get things going too many folks plug modems straight into servers, or servers straight into the Internet, bypassing routers with firewalls or other corporate security measures. Like calling the phone and cable company before you start digging holes in your backyard, check with your corporate security officer before you plug and play.

8. Not reporting security violations

      You may be vaguely aware of corporate security policies, but it's important to know what's kosher and what's not. And, you have to be willing to report a breach of security if you observe it in another individual. It's no time to worry about being a tattletale. Your company's success (and your job too) depends on prompt action to avert or respond to a security incident.

9. Always behind the times (the patch procrastinator)

      One of the biggest vulnerabilities of any system is the failure to install updates and patches for deployed software. Updates often close any loopholes that may exist. Ignoring them or putting them off for another day could cost you and your company dearly.

10. Keeping an eye out inside the organization

      While most managers believe an information security breach will come from an outside intruder, they are wrong. The biggest risk comes from within. Disgruntled employees, laid-off employees, a less than ethical contractor, or a partner working both sides of the fence. Every employee has to be responsible for themselves and the behavior they observe in others. "Only you can prevent security incidents," says Smokey the anti-hacker.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.