Pin Me

Top Reasons for IT Security Breaches

written by: Steve Mallard•edited by: Bill Bunter•updated: 5/23/2011

Security Breaches occur when patches, updates, untrained personnel, misconfiguration of servers and other issues occur. To protect your network, you should look at these top ten vulnerabilities and think outside of the box to protect your network.

  • slide 1 of 2

    Top Reasons for IT Security Breaches

    It is almost impossible to find the top ten reasons why security breaches occur on your network. This article contains not only the top ten but a few more critical areas to look at when securing your network. Here is a link to reported breaches of companies across the U.S.

    When a security breach occurs, there is generally a simple reason why this has taken place. Information Technology Professionals should be trained on all aspects of security and should be certified in information technology security. Allowing untrained IT personnel to work with your network can cause your network to fail or allow malicious users to breach the network.

    When new computers are deployed, connecting a computer to the internet before it is hardened with updates, patches, user configuration and its firewall can create an opening on your network. Because default installations of any operating system have vulnerabilities, hackers can exploit these computers or devices in minutes.

    Every IT team should be trained and made aware of security exploits that are on the web. The IT team should communicate anytime Microsoft or related vendors issue warnings and updates. Being unaware of potential security problems can lead to a breach of your network.

    Disaster Backup and Recovery plans need to be put in place and should be tested on a regular basis. How does this fall in the top ten? There have been many cases over the past year where IT personnel have misplaced, discarded or lost tape backups of critical data. Tapes should be stored securely both on and offsite.

    One of the biggest to leave holes in your network is by deploying devices such as wireless access points that still have default username and passwords in place. When deploying any device, the default username and passwords should be changed to protect access to the device. Wireless should be hardened by using a Radius server and WPA Enterprise security. Leaving the default passwords on firewalls or other devices can leave a critical opening on your network.

  • slide 2 of 2

    How To Make a Security Breach Less Likely

    Running a WSUS update server on your network is no guarantee that updates will be pushed out. Network and server personnel need to review the reports on the server and patch any holes on systems that have failed to get their updates. Automatic security doesn't mean that all computers will be up to date and patched. An audit of all computers should be performed on a regular basis. Any system that fails to get updates should be patched immediately.

    We often take passwords for granted. As we develop relationships with employees, the simple trust that we gain from these relationships should not apply to passwords. Passwords are critical to the survival of your data. You should develop a system of identifying personnel who call to have their passwords changed. Never respond to an email request and don't give out passwords to unauthorized personnel.

    A firewall is put in place to protect your network. If you fail to keep the firewall up to date with software, firmware and rules, you will create a security hole. Firewalls are one of the first lines of defense against any type of network breach. The dangers of not monitoring your firewall logs cannot be overemphasized.

    Never use unencrypted protocols on you network to manage other devices. Simple scanning software can pick up plain text data and your passwords or data may be captured.

    With viruses and malware changing everyday, you cannot place a computer on your network until is protected. Updates for antimalware and antivirus should be controlled at an enterprise level. These updates should be randomly checked to make sure your computers are protected.

    Computers should be checked for unnecessary services such as telnetd or ftpd. Any service that can jeopardize your network should be stopped or removed from computers or disabled on any device that is on your network.

    While these security issues are critical, training your personnel to look for these and any security issue such as computers not on a domain, simple file sharing, and temporary security fixes, failing to encrypt and protect data, failing to patch all software on computers and other common security issues are important issues to look for.