The top 10 security land mines

The 10 most common security land mines that experts say you need to avoid.

9. Spending unthinkingly wastes resources you might need for important threats

Another compliance-related security trap that companies frequently fall into is spending the same effort or expense to protect IT systems with wildly different levels of importance to their organization's security and success, Rothman said.

"Some people make the mistake of treating all security issues equally, and spend the same amount of time and money defending an old application that only five people use that they spend on an online application used by all of their customers," he said.

That approach not only wastes money, but it also can leave more important problems to later consideration -- or maybe none at all, once the budget has dried up. "Security people often don't know how to prioritize," Rothman said. "They should look at what happens if something specific breaks and look at how to drive spending from there."

10. Don't save the wrong data

In another common scenario that spells disaster for both security and compliance interests, many companies that process credit and debit cards inadvertently leave transaction logging systems on that store account information. This logging can lead to customer data breaches and PCI (Payment Card Industry) audit failures.

"Naturally, they don't realize they are storing the data a hacker or malicious employee would need to create fake plastic credit cards," said Symantec's Roop. "This is the cardinal sin of PCI compliance. We actually saw this example at a [recent] prospect. It is a big land mine that most likely will result in a failed PCI audit."

Even companies not collecting card data need to make sure that they only save the information they actively need to do business, Roop said. Keeping anything on hand that could be misused by attackers without a clear need to store that data is asking for trouble, he advised. And if it must be retained, then be sure to build a protection method for it as well.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ACTLeaderLeaderMcAfee AustraliaMicrosoftParadiseSymantecVIA

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Matt Hines

Latest Videos

More videos

Blog Posts