Blog / Security

[Part Two] 9 Common Security Mistakes that Could Endanger Your Company

10/01/2015

This is Part Two of a three-part blog series on virtual security. Part One.

The average total cost of a data breach in the U.S. is $3.8 million, according to the 2015 Cost of Data Breach Study conducted by the respected Ponemon Institute.

The following security mistakes are frighteningly common – and could cost you dearly. Read on to find out what they are and what you can do next. Before it’s too late.

See Part One for security mistakes #1-3.

Security Mistake #4: Neglecting your active directory.

We shared this story in a recent edition of The Vault, but it bears repeating. A few years ago, an enterprise engaged Involta to perform a security assessment. As part of that assessment, one of our security specialists went into the company’s headquarters. In under an hour, with no special equipment, he had a list of 86% of the employees’ passwords.

Including the CEO’s.

The good news: The company recognized the need for stronger security and engaged Involta as a partner. Recently that company aced a third-party security audit.

The reason we were able to grab so many passwords with such ease? The company hadn’t configured their active directory. In your company’s active directory, there are hundreds of parameters you can configure in terms of directories, policies and privileges, but many are not set by default. Meaning that if you don’t configure your active directory, you might as well slap a “Welcome, hackers” sign on it.

Security Mistake #5: Trusting antivirus programs to protect you.

Now, regularly updated antivirus protection from a leading company is a solid defense strategy against malware. But those programs don’t protect you from zero-day exploits – malicious intrusions taking advantage of just-discovered vulnerabilities in programs or protocols. Also, most malware these days goes undetected. Security should be a layered approach, using a number of harmonious tools to secure your data.

Security Mistake #6: No one “owns” security.

When there’s a critical lack of focus on security in an organization, often it is because no one “owns” security.

If you’re an enterprise, you should have someone identified as your security leader. In most organizations, that’s a CSO or CISO, or sometimes a Director of Security.

Where that person reports is really important. Your security leader should not report to the same people that the implementers report to because it creates an inherent conflict of interest at the top of that chain. When we consult, we advise organizations to have the CSO report to the CEO.

Stay tuned for Part Three of our blog series on virtual security. In the meantime:

Involta offers multifactor assessment services designed to test and strengthen your security, including security assessments and vulnerability scans.

Request a Quote

Related Resources

BlogBlog

People Who Deliver: Spotlight Interview with Joe Brenneman

Enter go to Blog : People Who Deliver: Spotlight Interview with Joe Brenneman
BlogBlog

Securing Your Remote Worker

Enter go to Blog : Securing Your Remote Worker
BlogBlog

Helping our Hometown Recover and Rebuild...Again: Involta HQ City of Cedar Rapids Ravaged by Derecho Storm

Enter go to Blog : Helping our Hometown Recover and Rebuild...Again: Involta HQ City of Cedar Rapids Ravaged by Derecho Storm
BlogBlog

IT Starts with Security: Lessons from Healthcare Executives

Enter go to Blog : IT Starts with Security: Lessons from Healthcare Executives
BlogBlog

Digital Transformation: How do you “Get There?”

Enter go to Blog : Digital Transformation: How do you “Get There?”
BlogBlog

Digital Transformation: Why the Risk is Worth the Reward

Enter go to Blog : Digital Transformation: Why the Risk is Worth the Reward

Stay up to date with the latest from Involta

We use cookies to offer you a better web experience? By continuing to use our website, you agree to the Privacy Policy.