Worst security mistakes made by...

End-user training is often the one area of a good security policy that is given the least amount of attention. When end users are not properly trained on how to use and maintain security, breaches will result.

Here is a list of some of the security mistakes that end users make, especially when they are not properly trained:

• Opening attachments on e-mails from unknown and unexpected sources
• Not installing necessary and recommended security patches, such as for Office and Internet Explorer
• Installing games, screen savers, or other Internet downloaded programs without verifying that they are safe and do not contain viruses or Trojan horses
• Not making backups of their local data or not verifying and testing such backups when made
• Using a modem from their LAN client while still connected to the LAN without an Internet firewall and without organizational permission
• Using a password-saving utility to retain logon credentials for local, LAN and Internet sites

But, before you begin pointing the blame finger at your end users, IT professionals are not without their own faults, oversights and outright mistakes. Here are some of the top security mistakes made by IT people who should know better:

• Placing a system online (LAN or Internet) before hardening and testing it
• Not installing necessary and recommended security patches and OS upgrades
• Using insecure remote management tools, such as telnet, on servers, routers, firewalls, etc.
• Giving out passwords or changing passwords over the phone
• Performing an administrative-level operation based on a request from someone without properly verifying their identity or authority
• Not making backups of the LAN data or not verifying and testing such backups when made
• Running unnecessary and insecure protocols and services
• Deploying firewalls, proxies, etc. with default settings
• Not installing and maintaining antivirus software
  
  

  Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT User passwords and network permissions 20 days to a more secure enterprise Eight is too many characters for strong passwords Nine common password oversights to avoid Secure your Windows systems with proper password practices Managing multiple passwords in Windows Windows desktop endpoint security challenges podcast series How to strike a balance between Windows security and business needs Managing single sign-on security burdens in Windows Build secure computer password policies Remote user security checklist Patches, alerts and critical updates Microsoft releases six patches for November Structuring patch management in seven steps Underlying causes of inconsistent patch management Microsoft's Online Desktop Manager caters to small IT shops Microsoft's Patch Tuesday brings a bumper crop of security fixes Act fast with five critical September patches Microsoft's August patches run the gamut Patching third-party browsers adds more work in Windows shops Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator Windows legacy operating systems Windows 7 launches, offers salvation from Vista Admins can wear many hats using Netcat Choosing the best way to install images Ten ways to sell security to management Improve Windows security with our top 10 tips Windows Vista management tutorial Ten ways to selling security to management Vista security option changes to named pipe access Minasi talks Vista security, Windows Server 2008 features Troubleshooting IEEE 1394 bus devices for Windows machines RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary key-value pair  (SearchEnterpriseDesktop.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.