There are common mistakes that every company makes when it comes to IT, and unfortunately big or small this can cost money. David Kelleher, communications and research analyst at GFI’s GFISecurityLabs, talks about these mistakes and offers tips so that they don’t happen.
Bright Hub: What are some of the most common mistakes made by IT people in a SMB setting?
David Kelleher: Whenever a security breach occurs or something goes wrong on the network, it is most always the end-users' fault - as most employees, despite receiving lengthy lectures, dozens of emails and verbal warnings, continue to ignore even the most basic of security recommendations - such as not leaving their passwords on a sticky note stuck to their workstation.
While 99% of the time this would be the case, there are occasions when an accusatory finger has to be pointed in the direction you would least expect: the IT administrator's office. Yes, even IT administrators can make mistakes and they do, especially in small and medium sized businesses. Too heavy a workload, little time and the pressure to meet deadlines and keep the bosses happy inevitably leads to the IT people making errors of judgment... at times serious ones too.
1) Connecting systems to the Internet before hardening them. Classic mistake. Computers are not designed to be connected to the Internet straight out of the box. Before a phone line, Ethernet cable, or wireless card is anywhere near a new computer, install at least virus protection and spyware scanners, and a program to prevent malicious software from being installed.
2) Connecting test systems to the Internet with default accounts/passwords. A hacker's dream. Leaving the default accounts/passwords makes it all the more easy for a hacker to gain access to your network. Change passwords and delete/rename default accounts immediately.
3) Failing to update systems. Security holes exist in your operating system and no software is perfect. Once a vulnerability is found, it's usually exploited within a very short period of time. Therefore, it is imperative to install security patches as soon as possible even if it takes time to check them out in a test environment before updating.