The aim of this topic is for you to share with others your experience in the worst mistakes an end-user, a Senior Executive or an IT person (in general) makes that can, to a certain level, jeopardizes the security of data. Just remember that it’s not the intend of this topic to name a specific program, a software company or a person unless you are sure that you will win a lawsuit.
To start with, in my opinion, the worst security mistakes an end user makes are:
– Opening unsolicited email attachments without verifying their source and checking their content first.
– Failing to install security patches.
As for the senior executive, his worst security mistakes are:
– Assigning untrained people to maintain security and providing neither the training nor the time to make it possible to learn and do the job.
– Authorizing reactive, short term fixes so problems re-emerge rapidly.
The worst security mistake an IT person makes are:
– Connecting test systems to the Internet with default accounts and passwords.
– Failing to update systems when security vulnerabilities are found and patches or upgrades are available.
– Failing to maintain and test backups.
– Failing to implement or update virus detection software.
… Appreciating your thoughtful additions.
