| Have you ever thought about the best | | | | recovery and business continuity plans. |
| ways to be negatively affected by a | | | | After all, you can think clearly and |
| disaster, get hacked, or otherwise part | | | | make critical decisions under pressure, |
| with data stored on your computers? Here | | | | right? |
| are some of the best ways to lose system | | | | 14) Don't monitor your systems. They'll |
| security, in no particular order: | | | | be fine running by themselves, and if |
| 1) When an employee quits or is let go, | | | | anything major happens with the |
| leave his network log-ins and e-mail | | | | integrity or availability of your |
| accounts enabled. You never know when he | | | | information, you'll be notified |
| might want to check in on things. | | | | automatically, won't you? |
| 2) Rely solely on technology. Firewalls, | | | | 15) Don't back up your data, but if you |
| encryption and antivirus software are | | | | must, don't test your backups. Also, |
| all you need to protect your | | | | leave your backup media on-site -- |
| information. | | | | preferably sitting on top of an |
| 3) Completely outsource your information | | | | uninterruptible power supply. |
| security initiatives. There's no need | | | | 16) Don't create any security policies |
| for anyone inside your organization to | | | | that document how you're safeguarding |
| worry about such matters. | | | | your information to protect your |
| 4) Leave your operating systems and | | | | organization and clients from |
| software applications with the default | | | | information disasters and legal |
| settings. System hardening is for the | | | | liabilities. |
| birds. | | | | 17) Apply the principle of greatest |
| 5) Don't train your users on your | | | | privilege. Give all users the greatest |
| security policies and what to look out | | | | amount of access to your information |
| for, such as unsolicited e-mail | | | | systems. Everyone should have access to |
| attachments and common hacker | | | | everything -- it's only fair, right? |
| activities. Your users can't be burdened | | | | 18) Don't subscribe to security |
| with more training. | | | | bulletins and mailing lists, and don't |
| 6) If you do happen to have a security | | | | ever read information security trade |
| policy, never refer to it, enforce it, | | | | magazines. |
| update it or do what it says. | | | | 19) Don't, under any circumstances, get |
| 7) By all means, don't take an inventory | | | | upper management involved in information |
| of your information systems or document | | | | security initiatives. They're |
| your network. | | | | business-focused and shouldn't be |
| 8) Don't pay attention to or even bother | | | | bothered or even care about technology |
| to understand what you're trying to | | | | or the liabilities associated with their |
| protect. | | | | information, right? |
| 9) Don't patch your software or update | | | | 20) Use passwords that consist of your |
| your virus signatures, and never, ever | | | | pet's name, your name, your mom's maiden |
| run vulnerability assessments to detect | | | | name, or your birthday. That way, you |
| newly discovered software flaws and | | | | won't forget them. Better yet, just use |
| system misconfigurations. It's just too | | | | "password" for your passwords. Also, |
| time-consuming. | | | | don't forget to write them down and post |
| 10) Respond to hacker attacks, viruses | | | | them on your monitor or keyboard. |
| and other intrusions as they happen -- | | | | And, last but not least: |
| don't be proactive in dealing with them. | | | | 21) Leave your servers and network |
| 11) Ignore all known best practices and | | | | equipment in a room to which everyone, |
| international information security | | | | including outsiders off the street, has |
| standards from the International | | | | access. |
| Standards Organization, Internet | | | | By following these practices you can be |
| Engineering Task Force, SANS Institute | | | | sure that your computers will be an easy |
| and your local information security | | | | target for viruses, disgruntled |
| consultant, to name a few. | | | | employees, hackers, and others. You can |
| 12) Leave your databases, especially | | | | show up to work each day with the pride |
| those containing credit card or other | | | | of knowing that there's an excellent |
| confidential information, unencrypted. | | | | chance that your business data will be |
| And be sure to store them on publicly | | | | missing when you arrive. It's just a |
| accessible servers. | | | | matter of time, and it's all easily |
| 13) Run your business without disaster | | | | achieved. |