Worst security mistakes made by...

End-user training is often the one area of a good security policy that is given the least amount of attention. When end users are not properly trained on how to use and maintain security, breaches will result.

Here is a list of some of the security mistakes that end users make, especially when they are not properly trained:

• Opening attachments on e-mails from unknown and unexpected sources
• Not installing necessary and recommended security patches, such as for Office and Internet Explorer
• Installing games, screen savers, or other Internet downloaded programs without verifying that they are safe and do not contain viruses or Trojan horses
• Not making backups of their local data or not verifying and testing such backups when made
• Using a modem from their LAN client while still connected to the LAN without an Internet firewall and without organizational permission
• Using a password-saving utility to retain logon credentials for local, LAN and Internet sites

But, before you begin pointing the blame finger at your end users, IT professionals are not without their own faults, oversights and outright mistakes. Here are some of the top security mistakes made by IT people who should know better:

• Placing a system online (LAN or Internet) before hardening and testing it
• Not installing necessary and recommended security patches and OS upgrades
• Using insecure remote management tools, such as telnet, on servers, routers, firewalls, etc.
• Giving out passwords or changing passwords over the phone
• Performing an administrative-level operation based on a request from someone without properly verifying their identity or authority
• Not making backups of the LAN data or not verifying and testing such backups when made
• Running unnecessary and insecure protocols and services
• Deploying firewalls, proxies, etc. with default settings
• Not installing and maintaining antivirus software
  
  

  Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Tech Tips,   Security Management,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Tech Tips Video: The foundation of an email security strategy The 5 A's of functional SAN security Effective storage security policies Smart options for safeguarding stored data Outfox SOX: How to make regulations work for you Roberta Bragg's 10 Windows hardening tips in 10 minutes Using free network intrusion detection and prevention tools to stop hacks Hacker techniques and exploits: Prevent system fingerprinting, probing How to stop hacker theft: Employee awareness, risk assessment policies Information Security Decisions Fall 2004: Speaker presentations Security Management Smart shopper's guide to correlation tools What's your infosec IQ? Countdown begins for Mydoom DDoS attacks Hackers scanning for ports opened by Mydoom National cybersecurity alert system launched Dangerous, familiar application vulnerabilities top list Potent Mydoom worm flooding inboxes SSL VPNs stealing IPSec's thunder Security insurance may be a smart policy for some China official makes information security a priority RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.