Monday | 6 July, 2009
CSO
50-Cent Holes
CIOs can spend millions on firewalls, intrusion detection systems and whatever else their security vendors are selling, but when that VP of marketing decides to sync his work laptop with his unsecured home PC - and there's no policy or training to make him think twice - your million-dollar security efforts become worthless.
Alice Dragoon (CIO) 07/11/2005 20:52:34
Page:

Sure, you've got a million-dollar security battleship, but it's full of. . . 50-Cent Holes!

Reader ROI

  • Common security problems and how to fix them
  • Steps for preventing future holes

This has not been a banner year for information security.

From a stolen laptop full of Social Security numbers to a Web site that lost oceans of credit card data, commonsense security procedures seem in short supply. "Almost without exception we're living in a world where no one thinks to lock the stable doors until the horses have escaped," says David Friedlander, a senior analyst at Forrester Research.

CIOs can spend millions on firewalls, intrusion detection systems and whatever else their security vendors are selling, but when that VP of marketing decides to sync his work laptop with his unsecured home PC - and there's no policy or training to make him think twice - your million-dollar security efforts become worthless.

With that in mind, here are 10 common security ailments and 10 practical remedies. They're easy and inexpensive, and you can do them right now. All involve some form of user education and training. "How do you stop stupid mistakes?" asks Mark Lobel, a partner in the security practice at PricewaterhouseCoopers. "It's education and security awareness - basic blocking and tackling - and it does not have to cost a fortune."

Save As . . .

The Hole : A company familiar to Adam Couture, a principal analyst at Gartner Research, searched its Exchange servers for documents called "passwords.doc". There were 40 of them.

The Problem: Uneducated users. "Some of these [mistakes] are so obvious that you think: 'Nobody would do that'," Couture says. "But you give people too much credit." Any hacker, malcontent employee or grandmother with a minimal amount of computer know-how could unlock those documents and ravage your company's most sensitive applications (not to mention all of your employees' personal information).

The Solution : First, CIOs need to acknowledge that there might be passwords.doc files on their networks, find them and destroy them. Then, via e-mail or a companywide meeting, they need to explain to users why keeping a file like this on the network is a really, really bad idea.

Page:
More about Wachovia, HIS Limited, PwC, PricewaterhouseCoopers, Accenture, Osterman Research, Legend, Mastercard, Forrester Research, American Express, MCI, Unwired, Time Warner, Morgan, Morgan Stanley, PLUS, Visa, PriceWaterHouseCoopers, Financial Institutions, ACT, Iron Mountain, CitiGroup, eBay, BlackBerry, VIA, Gartner, Gartner Research

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

Look before you leap | Key considerations for moving to 802.11n

Discover how you can plan a high performance 802.11n network and how your business can reap the maximum benefit from a clean-slate 802.11n impementation. Read on to discover the best 802.11n strategy for your organisation.

Sponsored Links