4) Failure to properly authenticate callers. Giving users passwords over the phone or changing user passwords in response to telephone or personal requests when the requester is not authenticated may be the easiest way to reduce the support call tickets but it is a joy for those involved in social engineering efforts. Enforce proper authentication at all times, even if the voice is familiar.
5) Failing to maintain and test backups. Laziness is one of the biggest security threats, but creating proper backups is much easier than recreating the data from scratch. Backups should be made often and copies kept offsite (not in the boss's safe).
6) Failure to confirm that your disaster recovery plan actually works. Okay, so you have your backups now. But do they work? Have you verified the backups are good? Do you have a disaster recovery plan? Three 'no's'? You're in trouble.
7) Failing to implement or update virus detection software. What is the use of having virus and spyware scanners if they're not updated? Up-to-date scanners ensure that the latest malicious software is detected immediately.
8) Failing to educate users. Users need to know exactly what kinds of threats are out there. Uneducated computer users are often those who fall victim to viruses, spyware, and phishing attacks, all of which are designed to corrupt systems or leak personal information to a third party without the user's consent. Don't take users for granted or trust them too much.
9) Trying to do it all yourself. Large companies have IT departments but small business administrators should ask for advice and help if they have problems setting up their network. External help, though costly at times, ensures you've done the job right, first time round.
10) Failing to recognize 'insider threats'. Too much trust can kill your network. Disgruntled employees and others can cause enormous problems if they're not properly monitored. IT people should monitor network activity, especially the use of portable devices such as iPods, memory sticks and others. You do not want the company's confidential data sold by an irate employee to the competition.