| Have you ever thought about the best ways
| |
| | 13) Run your business without disaster
|
| to be negatively affected by a disaster,
| |
| | recovery and business continuity plans.
|
| get hacked, or otherwise part with data
| |
| | After all, you can think clearly and make
|
| stored on your computers? Here are some
| |
| | critical decisions under pressure, right?
|
| of the best ways to lose system security,
| |
| | 14) Don't monitor your systems. They'll
|
| in no particular order:
| |
| | be fine running by themselves, and if
|
| 1) When an employee quits or is let go,
| |
| | anything major happens with the integrity
|
| leave his network log-ins and e-mail
| |
| | or availability of your information,
|
| accounts enabled. You never know when he
| |
| | you'll be notified automatically, won't
|
| might want to check in on things.
| |
| | you?
|
| 2) Rely solely on technology. Firewalls,
| |
| | 15) Don't back up your data, but if you
|
| encryption and antivirus software are all
| |
| | must, don't test your backups. Also,
|
| you need to protect your information.
| |
| | leave your backup media on-site --
|
| 3) Completely outsource your information
| |
| | preferably sitting on top of an
|
| security initiatives. There's no need for
| |
| | uninterruptible power supply.
|
| anyone inside your organization to worry
| |
| | 16) Don't create any security policies
|
| about such matters.
| |
| | that document how you're safeguarding
|
| 4) Leave your operating systems and
| |
| | your information to protect your
|
| software applications with the default
| |
| | organization and clients from information
|
| settings. System hardening is for the
| |
| | disasters and legal liabilities.
|
| birds.
| |
| | 17) Apply the principle of greatest
|
| 5) Don't train your users on your
| |
| | privilege. Give all users the greatest
|
| security policies and what to look out
| |
| | amount of access to your information
|
| for, such as unsolicited e-mail
| |
| | systems. Everyone should have access to
|
| attachments and common hacker activities.
| |
| | everything -- it's only fair, right?
|
| Your users can't be burdened with more
| |
| | 18) Don't subscribe to security bulletins
|
| training.
| |
| | and mailing lists, and don't ever read
|
| 6) If you do happen to have a security
| |
| | information security trade magazines.
|
| policy, never refer to it, enforce it,
| |
| | 19) Don't, under any circumstances, get
|
| update it or do what it says.
| |
| | upper management involved in information
|
| 7) By all means, don't take an inventory
| |
| | security initiatives. They're
|
| of your information systems or document
| |
| | business-focused and shouldn't be
|
| your network.
| |
| | bothered or even care about technology or
|
| 8) Don't pay attention to or even bother
| |
| | the liabilities associated with their
|
| to understand what you're trying to
| |
| | information, right?
|
| protect.
| |
| | 20) Use passwords that consist of your
|
| 9) Don't patch your software or update
| |
| | pet's name, your name, your mom's maiden
|
| your virus signatures, and never, ever
| |
| | name, or your birthday. That way, you
|
| run vulnerability assessments to detect
| |
| | won't forget them. Better yet, just use
|
| newly discovered software flaws and
| |
| | "password" for your passwords. Also,
|
| system misconfigurations. It's just too
| |
| | don't forget to write them down and post
|
| time-consuming.
| |
| | them on your monitor or keyboard.
|
| 10) Respond to hacker attacks, viruses
| |
| | And, last but not least:
|
| and other intrusions as they happen --
| |
| | 21) Leave your servers and network
|
| don't be proactive in dealing with them.
| |
| | equipment in a room to which everyone,
|
| 11) Ignore all known best practices and
| |
| | including outsiders off the street, has
|
| international information security
| |
| | access.
|
| standards from the International
| |
| | By following these practices you can be
|
| Standards Organization, Internet
| |
| | sure that your computers will be an easy
|
| Engineering Task Force, SANS Institute
| |
| | target for viruses, disgruntled
|
| and your local information security
| |
| | employees, hackers, and others. You can
|
| consultant, to name a few.
| |
| | show up to work each day with the pride
|
| 12) Leave your databases, especially
| |
| | of knowing that there's an excellent
|
| those containing credit card or other
| |
| | chance that your business data will be
|
| confidential information, unencrypted.
| |
| | missing when you arrive. It's just a
|
| And be sure to store them on publicly
| |
| | matter of time, and it's all easily
|
| accessible servers.
| |
| | achieved.
|
