Blog / Security

[Part Two] 9 Common Security Mistakes that Could Endanger Your Company

10/01/2015

This is Part Two of a three-part blog series on virtual security. Part One.

The average total cost of a data breach in the U.S. is $3.8 million, according to the 2015 Cost of Data Breach Study conducted by the respected Ponemon Institute.

The following security mistakes are frighteningly common – and could cost you dearly. Read on to find out what they are and what you can do next. Before it’s too late.

See Part One for security mistakes #1-3.

Security Mistake #4: Neglecting your active directory.

We shared this story in a recent edition of The Vault, but it bears repeating. A few years ago, an enterprise engaged Involta to perform a security assessment. As part of that assessment, one of our security specialists went into the company’s headquarters. In under an hour, with no special equipment, he had a list of 86% of the employees’ passwords.

Including the CEO’s.

The good news: The company recognized the need for stronger security and engaged Involta as a partner. Recently that company aced a third-party security audit.

The reason we were able to grab so many passwords with such ease? The company hadn’t configured their active directory. In your company’s active directory, there are hundreds of parameters you can configure in terms of directories, policies and privileges, but many are not set by default. Meaning that if you don’t configure your active directory, you might as well slap a “Welcome, hackers” sign on it.

Security Mistake #5: Trusting antivirus programs to protect you.

Now, regularly updated antivirus protection from a leading company is a solid defense strategy against malware. But those programs don’t protect you from zero-day exploits – malicious intrusions taking advantage of just-discovered vulnerabilities in programs or protocols. Also, most malware these days goes undetected. Security should be a layered approach, using a number of harmonious tools to secure your data.

Security Mistake #6: No one “owns” security.

When there’s a critical lack of focus on security in an organization, often it is because no one “owns” security.

If you’re an enterprise, you should have someone identified as your security leader. In most organizations, that’s a CSO or CISO, or sometimes a Director of Security.

Where that person reports is really important. Your security leader should not report to the same people that the implementers report to because it creates an inherent conflict of interest at the top of that chain. When we consult, we advise organizations to have the CSO report to the CEO.

Stay tuned for Part Three of our blog series on virtual security. In the meantime:

Involta offers multifactor assessment services designed to test and strengthen your security, including security assessments and vulnerability scans.

Request a Quote

Related Resources

BlogBlog

The Next Generation of Networks

Enter go to Blog : The Next Generation of Networks
BlogBlog

Involta Cares: Spotlight Interview with Olivia Bontrager

Enter go to Blog : Involta Cares: Spotlight Interview with Olivia Bontrager
BlogBlog

Anywhere Operations Means Business as Usual

Enter go to Blog : Anywhere Operations Means Business as Usual
BlogBlog

Your Digital Workplace with Microsoft Teams Q&A Recap

Enter go to Blog : Your Digital Workplace with Microsoft Teams Q&A Recap
BlogBlog

People Who Deliver: Spotlight Interview with Weston Shultz

Enter go to Blog : People Who Deliver: Spotlight Interview with Weston Shultz
BlogBlog

Ransomware: The Monster to Watch Out For

Enter go to Blog : Ransomware: The Monster to Watch Out For

Stay up to date with the latest from Involta

We use cookies to offer you a better web experience? By continuing to use our website, you agree to the Privacy Policy.