Have you ever thought about the best ways to be negatively affected by a disaster, get hacked, or otherwise part with data stored on your computers? Here are some of the best ways to lose system security, in no particular order:
1) When an employee quits or is let go, leave his network log-ins and e-mail accounts enabled. You never know when he might want to check in on things.
2) Rely solely on technology. Firewalls, encryption and antivirus software are all you need to protect your information.
3) Completely outsource your information security initiatives. There's no need for anyone inside your organization to worry about such matters.
4) Leave your operating systems and software applications with the default settings. System hardening is for the birds.
5) Don't train your users on your security policies and what to look out for, such as unsolicited e-mail attachments and common hacker activities. Your users can't be burdened with more training.
6) If you do happen to have a security policy, never refer to it, enforce it, update it or do what it says.
7) By all means, don't take an inventory of your information systems or document your network.
8) Don't pay attention to or even bother to understand what you're trying to protect.
9) Don't patch your software or update your virus signatures, and never, ever run vulnerability assessments to detect newly discovered software flaws and system misconfiguration. It's just too time-consuming.
10) Respond to hacker attacks, viruses and other intrusions as they happen -- don't be proactive in dealing with them.
11) Ignore all known best practices and international information security standards from the International Standards Organization, Internet Engineering Task Force, SANS Institute and your local information security consultant, to name a few.
12) Leave your databases, especially those containing credit card or other confidential information, unencrypted. And be sure to store them on publicly accessible servers.
13) Run your business without disaster recovery and business continuity plans. After all, you can think clearly and make critical decisions under pressure, right?
14) Don't monitor your systems. They'll be fine running by themselves, and if anything major happens with the integrity or availability of your information, you'll be notified automatically, won't you?
15) Don't back up your data, but if you must, don't test your backups. Also, leave your backup media on-site -- preferably sitting on top of an uninterruptible power supply.
16) Don't create any security policies that document how you're safeguarding your information to protect your organization and clients from information disasters and legal liabilities.
17) Apply the principle of greatest privilege. Give all users the greatest amount of access to your information systems. Everyone should have access to everything -- it's only fair, right?
18) Don't subscribe to security bulletins and mailing lists, and don't ever read information security trade magazines.
19) Don't, under any circumstances, get upper management involved in information security initiatives. They're business-focused and shouldn't be bothered or even care about technology or the liabilities associated with their information, right?
20) Use passwords that consist of your pet's name, your name, your mom's maiden name, or your birthday. That way, you won't forget them. Better yet, just use "password" for your passwords. Also, don't forget to write them down and post them on your monitor or keyboard.
And, last but not least:
21) Leave your servers and network equipment in a room to which everyone, including outsiders off the street, has access.
By following these practices you can be sure that your computers will be an easy target for viruses, disgruntled employees, hackers, and others. You can show up to work each day with the pride of knowing that there's an excellent chance that your business data will be missing when you arrive. It's just a matter of time, and it's all easily achieved.
1. Protection of Valuable Information
Valuable information must be protected. Information is one of the most valuable assets of any enterprise, no matter what kind of product you are developing to handle it: a custom software or in-house automation solution. Its protection is a vital part of IT infrastructure. Make your life easier by integrating security into the solution.
2. Keeping Ahead of Competitors
Stay ahead of competition. Be in the first row of software manufacturers, who build their applications with security in mind. Any software is more welcome, when it fits into existing business processes. Adding another level of data protection is always viewed as a benefit, while its lack is a serious disadvantage.
3. Expanding Into New Markets
Adding security to typical applications is a way to expand the business into new markets. For example, adding a security to you LAN communication application may give you an access to government or military market.
4. Caring About Clients
Offering security drives sales. When you offer security in your software as a bonus, your clients will feel that you really care about their well-being.
5. Reduced Costs of Development
Plugging security into your application beforehand reduces development and support time. Sooner or later you will face the necessity to add security features to your solution. The later you do this, the more code you will have to modify. Inadvertent data loss caused by insecure software may cost you significant money and time lost in courts. This will make you think about adding security anyway.
6. Software Interoperability
By adding security you will improve different software systems interoperability. Some developers choose custom data storage and exchange formats, thinking that they are faster to implement. Later it turns into additional expenses, when proper communication with other applications becomes a must. A lot of resources will be spent on changing formats or creation of data converters. Use of standard security enabled data storage formats and data exchange protocols ensures widest possible interoperability.
7. Meeting Current Standards
In order to be reliable and up-to-date, a software needs to follow current standards. One of the widespread and important standard is requirement of software security. In the majority of industries data protection is a must, and your software should follow these standards to be adequate to current demands.