09.15.2016

common-security-mistakesThe Most Common Security Mistakes

Your employees may check the door a few times before leaving the house in the morning or twist stovetop knobs past “Off” to prevent gas leaks, but it’s unlikely they take the same approach to the computer systems they use. People tend to feel that having a virus protection or firewall installed plus a decent password are all they need.

They’re wrong. Those don’t necessarily address the common IT problems and computer risks we face each and every day. Here is a look at seven common security mistakes that someone on your team is probably doing right now.

3 Top Password Problems and Email Mistakes

Handy passwords

We’ve all heard the tales of “password” or “12345” being common, so most companies now put password requirements in place. The problem is that we tend not to think of things in our normal life that contain numerals and special characters, so they can be hard to remember. How do many avoid forgetting? They write it down…one a sticky note that’s on their desk or the computer itself. These handy passwords not only open you up to on-site issues but also allow any visitor to find a password and try to use it elsewhere, later.

Opening any and all attachments

Your employees are going to open attachments that come to them, and your IT team will hate it. We’re often not careful about what we open and hackers use this to their advantage by mimicking familiar addresses. Sometimes, people are very willing to let the bugs in.

Sharing changes out loud

Passwords that last a certain amount of time tend all get updated around the same time. That often leads to conversations about new passwords. We’ve heard of people sharing it at the watercooler, on the elevator, in the bar and plenty more places. Train your staff that it’s never appropriate to discuss their password openly without proper security, especially outside of the office.

4 Knowledge Mistakes

I know better

One of the most common security concerns comes simply from thinking that you’re already as protected as you can be and there’s no need to keep reading or looking for updates. If possible, your employees can think the same thing and turn off firewalls or other protection, leaving you very vulnerable.

“Always-on” security

Theft is a major concern for mobile devices and laptops. Problems become exponentially worse when users either don’t have a password or they do not turn off their device when they’re finished, opting instead to leave everything logged in and turned on.

The double-whammy of sorts is the increasing use of browsers’ ability to remember passwords. If these are stored and the leaves the power on and is signed in to the browser, then a thief can access your network right away and get all of the credentials they need to access it again in the future.

Policy enforcement

Security policies only work when they’re fully enforced and when they’re designed in a way that makes them enforceable. IT needs to step up and make sure the policies you’ve got are capable, or else there really isn’t any benefit from the selection.

Forgetting the human factor

Every additional layer of security or security requirement makes a system more complex and makes it more likely a person will forget or fail to use it. The more burdensome the policies, the more likely some employees will try to circumvent them. Never forget that you’re working with people and that you need to design security that not only works when people aren’t paying attention but also doesn’t ask too much so that they decide to work against you.

You have a responsibility of creating a pleasant enough user experience that your staff and your customers will use the security paradigm you adopt.

Let Optimal IdM Help

Optimal IdM helps companies just like yours work to solve these and many other common security mistakes by making it hard to circumvent protections and by automating as much as possible. We work to reduce risks every day and have mastered many protections in ways that users will actually comply.

For the email and password problems above, that’s as simple as ensuring that your system uses two-factor authentication, so written or said passwords don’t provide a complete access. The OptimalCoud, our full service multi-factor cloud-based authentication software, is the perfect system for those types of situations. It’s fully customizable to your organization’s needs. The OptimalCloud also provides time-based one-time password (TOTP) which help to provide a higher level of security, making it extremely resistant to security attacks and breaches.

Our design and automated tools address the risk factors around lapsed enforcement and designing for the human element, while agile user management systems can force time-based sign-outs and other protection schemes.

Your system is only as secure as the weakest link, and Optimal IdM works hard to forge a constantly strong chain

Tags

  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.