Five mistakes in IT Security may result to a breach
How vulnerable are companies in cyber-attacks? As many security experts and hackers say, almost all systems can be defeated very easily.
The attackers most of the times need only a few hours or less, to break a company’s system. But things do not need not to be that way. Many companies are constantly making certain mistakes. If these issues are resolved the risk of a breach is lower.
Here are the 5 most common mistakes made by companies:
1) They think that software patches and updates are enough Most companies claim that they have fully patched their systems, but most of the times they only update the operating system. But what about the other applications, what happens with patches to Adobe Acrobat Reader, Adobe Flash or Java. Usually such applications are “forgotten” and are the most frequent target of hackers.
2) They do not know what applications are “running” IT departments often have no idea of the applications running on their computers. New computers arrive in the company with dozens of preinstalled programs that a user does not really need. Then users typically add more applications. So it’s very usual for a normal PC to have hundreds of programs and utilities installed, even if it just started its function. But this is not the best to do, as many of these programs have vulnerabilities and security holes, which a hacker can exploit to gain unauthorized access to the company’s system.
3) They ignore malfunctions Most of the times hackers breach a network without being noticed, “entering” from one computer to another, using malicious practices. Most IT employees are unaware of these glitches, since they have not registered what actions to be considered normal and what unacceptable. According to a survey by Verizon, if network operators put some security rules in place, then they would notice any “suspicious” activity in the network. If this happens, then many breaches can be avoided.
4) They do not have password security policy Many IT departments claim to use “strong” passwords in applications, but most of the times they aren’t. Usually there are strong passwords where there is no need to be and weak ones in critical corporate applications. In addition, most of the passwords are not changed as often as they should.
5) They do not inform users about critical threats While many employees are informed about the risks of an e-mail and its attached file, many users are not aware of the dangers lurking on the Internet by surfing to malicious websites. There are threats in ads that appear suddenly on the screen, in applications that a friend sends through facebook and many more.
These mistakes are nothing new; they have been around for about two decades. Most IT departments are interested in new applications and technologies, ignoring IT security, which is really important for the appropriate function of a system.