If you've ever wondered about some of the prime ways to lose big from a natural disaster, get hacked or otherwise part with data stored on your computers, here are some of the very best:
* Rely only on technology. Firewalls, encryption and anti virus software are all that's needed to protect information.
* Don't back up data. If you must, don't test. Also, leave your backup media on-site -- like sitting on top of a power supply.
* Don't subscribe to mailing lists and security bulletins, and don't ever read information security trade publications.
* Leave your operating systems and software applications with default settings in place. System hardening is unnecessary.
* Don't patch your software or update your virus signatures, and never run assessments of vulnerability to detect newly discovered software flaws and system misconfiguration. It just takes too much time.
* Don't create security policies that document how you're safeguarding your information to protect your organization and clients from disasters and legal liabilities.
* Completely outsource your information security. There's no need for anyone inside your organization to trouble themselves with such matters.
* Apply the principle of 'greatest privilege.' Give all staff full access to your information systems. Everyone should have access to everything -- it's only fair.
* Don't train users on your security policies and what to look out for, such as unsolicited e-mail attachments. Your users don't need more training.
* Do not, under any circumstances, get upper management involved in security initiatives. They're focused on business and should not be bothered or even care about technology or the liabilities associated with their information.
* Don't pay attention to or even bother to really understand what it is you're trying to protect.
* By all means, don't take an inventory of your information systems or document your network.
* Leave your databases, especially those containing credit card or other confidential information, unencrypted. And be sure to store them on publicly accessible servers.
* Run your business without disaster recovery and business continuity plans. After all, you can think clearly and make critical decisions under pressure, right?
* If you do happen to have a security policy, never refer to it, enforce it, update it or obey it.
* When an employee quits or is laid off, leave her network log-ins and e-mail accounts enabled. You never know when she might want to check to see how things are going.
* Don't monitor your systems. They'll be OK running by themselves. If something major happens with the availability or integrity of your information, you'll be notified automatically, right?
* Ignore known best practice including international information security standards from the Internet Engineering Task Force, International Standards Organization, , SANS Institute and your local information security consultant.
* Use passwords that consist of your pet's name, your name, your mom's maiden name, or your birthday. That way, you won't forget them. Better yet, just use "password" for your passwords. Also, don't forget to write them down and post them on your monitor or keyboard.
* Respond to viruses, hacker attacks, and other intrusions when they happen -- don't prevent having to deal with them.
By adhering to these practices you can rest assured knowing that your computers are an easy target for disgruntled employees, hackers, viruses, and more. You can arrive at work every day knowing that there's an good chance your business data will be gone upon your arrival.
Nick Pegley is a marketing expert with All Covered: Technology Services Partner for Small Business, providing information technology consulting and IT services in 20 major U.S. metro areas. Outsource your procurement, installation and technical headaches.
Took me time to read all the comments, but I really enjoyed the article.
ReplyDeleteCheap Roadster Cartier Watches