The Most Common Security Mistakes
Your employees may check the door a few times before leaving the house in the morning or twist stovetop knobs past “Off” to prevent gas leaks, but it’s unlikely they take the same approach to the computer systems they use. People tend to feel that having a virus protection or firewall installed plus a decent password are all they need. They’re wrong. Those don’t necessarily address the common IT problems and computer risks we face each and every day. Here is a look at seven common security mistakes that someone on your team is probably doing right now.
3 Top Password Problems and Email Mistakes
We’ve all heard the tales of “password” or “12345” being common, so most companies now put password requirements in place. The problem is that we tend not to think of things in our normal life that contain numerals and special characters, so they can be hard to remember. How do many avoid forgetting? They write it down…one a sticky note that’s on their desk or the computer itself. These handy passwords not only open you up to on-site issues but also allow any visitor to find a password and try to use it elsewhere, later.
Opening any and all attachments
Your employees are going to open attachments that come to them, and your IT team will hate it. We’re often not careful about what we open and hackers use this to their advantage by mimicking familiar addresses. Sometimes, people are very willing to let the bugs in.
Sharing changes out loud
Passwords that last a certain amount of time tend all get updated around the same time. That often leads to conversations about new passwords. We’ve heard of people sharing it at the watercooler, on the elevator, in the bar and plenty more places. Train your staff that it’s never appropriate to discuss their password openly without proper security, especially outside of the office.
4 Knowledge Mistakes
I know better
One of the most common security concerns comes simply from thinking that you’re already as protected as you can be and there’s no need to keep reading or looking for updates. If possible, your employees can think the same thing and turn off firewalls or other protection, leaving you very vulnerable.
Theft is a major concern for mobile devices and laptops. Problems become exponentially worse when users either don’t have a password or they do not turn off their device when they’re finished, opting instead to leave everything logged in and turned on. The double-whammy of sorts is the increasing use of browsers’ ability to remember passwords. If these are stored and the leaves the power on and is signed in to the browser, then a thief can access your network right away and get all of the credentials they need to access it again in the future.
Security policies only work when they’re fully enforced and when they’re designed in a way that makes them enforceable. IT needs to step up and make sure the policies you’ve got are capable, or else there really isn’t any benefit from the selection.
Forgetting the human factor
Every additional layer of security or security requirement makes a system more complex and makes it more likely a person will forget or fail to use it. The more burdensome the policies, the more likely some employees will try to circumvent them. Never forget that you’re working with people and that you need to design security that not only works when people aren’t paying attention but also doesn’t ask too much so that they decide to work against you. You have a responsibility of creating a pleasant enough user experience that your staff and your customers will use the security paradigm you adopt.
Let Optimal IdM Help
Optimal IdM helps companies just like yours work to solve these and many other common security mistakes by making it hard to circumvent protections and by automating as much as possible. We work to reduce risks every day and have mastered many protections in ways that users will actually comply. For the email and password problems above, that’s as simple as ensuring that your system uses two-factor authentication, so written or said passwords don’t provide a complete access. The OptimalCoud, our full service multi-factor cloud-based authentication software, is the perfect system for those types of situations. It’s fully customizable to your organization’s needs. The OptimalCloud also provides time-based one-time password (TOTP) which help to provide a higher level of security, making it extremely resistant to security attacks and breaches. Our design and automated tools address the risk factors around lapsed enforcement and designing for the human element, while agile user management systems can force time-based sign-outs and other protection schemes. Your system is only as secure as the weakest link, and Optimal IdM works hard to forge a constantly strong chain