Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DWPIA Whitepaper - The 7 Deadly Sins of Information Security


Published on

Effective information security is based on more than just maintaining the proper technologies. It's also a matter of making sure that your employ-ees are fully aware of the threats that face them on a daily basis. Security vendor Trustwave has issued a list of seven key issues that most frequently lead to a loss or exposure of data.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DWPIA Whitepaper - The 7 Deadly Sins of Information Security

  1. 1. White Paper A White Paper from DWP Information Architects, Inc. This report is not intended to answer every question you might have about the subject at hand. This report consists of the opinions and current thoughts of the author at the time of pub- lication. This report is intended to give general advice and information with regard to its subject mat- ter. It is distributed with the understanding that the author, publisher, and DWP Infor- mation Architects are not ren- dering specific advice for any specific company or organiza- tion. DWP Information Architects would be happy to review your current systems and to offer appropriate context-specific advice. DWP Information Architects and the authors will not be lia- ble to any person or organiza- tion for any actions they take as a result of the information contained in this report. In other words, you’re responsi- ble for your own actions. Box 3876, Thousand Oaks, CA 91359 Telephone: 866-995-4488 Email: Web: The 7 Deadly Sins of Information Security Effective information security is based on more than just maintaining the proper technologies. It's also a matter of making sure that your employ- ees are fully aware of the threats that face them on a daily basis. Security vendor Trustwave has issued a list of seven key issues that most fre- quently lead to a loss or exposure of data. According to the research, based on more than 300 security breaches worldwide, an overwhelming 87 percent of businesses that had been breached had not developed specific security policies, including security awareness education programs. Coincidentally, today's organizations re- port an average of 14.4 incidents per year of unintentional data loss due to accidents, mistakes and similar issues involving employees. Maybe that should not surprise us given that only 32 percent of employees say they were trained on security policies by their companies. Without further ado, here are seven deadly security sins. Need to hack a password? Try "Password1." It has everything you need: a capital letter, a number and just enough characters to pass muster with Active Directory. And of course, nobody would think of it. Just ask all the people who use it. It's one of the passwords that hackers try first. That is, of course, assuming the password isn't lying around on a desk some- where in plain sight. In approximately 15 percent of physical security tests performed by the Trustwave at client sites last year, written pass- words were found on sticky notes and other scraps of paper in plain view. More than 70 percent of surveyed workers admit that they have peeked at other people's computer screens, either at the office, at a coffee shop, on a plane or in some other public place. And in case that wander- ing eye fails to impress you, one in three workers leaves his computer logged-on and unlocked while away from his desk. To make matters worse, 26.4 percent of malware is keylogger- or application-specific, which often requires detailed knowledge of, or physical access to, a tar- geted system. Hang on. We're going to grab a cup of coffee now. Don't A Product of Web: Email: DWP Information Architects Inc. Phone 866-995-4488
  2. 2. Page 2 Ph: 866-995-4488 Email look at our stuff. The survey says 60 percent of users who find ran- dom USB sticks will plug them into their comput- ers. That implies the remaining 40 percent know better. But if you slap a logo sticker onto that USB device, the percentage of people who would be tempted to use it goes up to 90 percent. So much for knowing better. Not necessarily coincidentally, about 35 percent of the users report having experi- enced a virus infection through a USB device. Nearly 70 percent of IT security pros admit that they sometimes come across phishing emails that snuck past the spam filters. And, falling for these attempts is not just for the Great Unwashed. Approximately 27 percent of IT organizations have top executives or privileged users who, though they should proba- bly know better, have fallen prety to malicious email attacks. The good news is that when users are properly trained on how to spot phishing attempts, they fall for it 42 percent less frequently than those who have not been trained. Where would we be without our smartphones? They are so handy, so compact, so easy to use and also so easy to lose that all too often we do get to find out what we would do without them. With that in mind, you might think that little four-digit passcode would not be too much of an inconvenience. But, apparent- ly it is. The survey says about 70 percent of users do not password-protect their smartphones. A lot of times, those phones are found by other people. And according to the survey, nearly 90 percent of the people who find lost phones dig through them to see what they can find. This was Trustwave's original headline for this little ditty, and we just couldn't pass it up. The number of Wi-Fi hotspots is expected to increase by 350 per- cent by 2015. Meanwhile, only 18 percent of the us- ers log on to a VPN when accessing public Wi-Fi. The rest do not. Trusting souls are they! But all too often, that trust is misplaced. And, you don't have to go to some anonymous coffee shop or log on to some hot spot that just showed up on your phone in order to get exploited. The FBI recently released an alert to travelers warning about an increase in malware that pops up on hotel Internet connec- tions, claiming to be an application update that you might otherwise take for granted. Beware. The sin that comes after hooking up with another man's Wi-Fi is, potentially, a social disease (of sorts). According to the survey, 67 percent of young workers think corporate social media poli- cies are outdated. But, that's probably not such a big deal, given that 70 percent of them admit that they routinely ignore the IT policies anyway. No word on whether they would be more likely to fol- low the policies if those policies were more up to date and Generation Y-ish. Given this collective thumb-nosing, 52 percent of enterprises have seen an increase of malware infections due to employ- ees' use of social media. We Can Help DWP Information Architects is Knowledgeable, Pro- fessional, and Experienced. We have built hundreds of security systems. Our clients have included many small businesses in Ventura County and Los Angeles. We also manage networks and backup systems for companies all across the United States. If we can help you, please contact us today: DWP Information Architects, Inc. Phone: 866-995-4488 Email: Web:
  3. 3. Page 3 Ph: 866-995-4488 Email About DWP Information Architects DWP Information Architects is Ventura County’s Prem- ier Microsoft Partner. We were founded in 2002 and have been providing managed care for computer systems since the day we opened our doors. We manage your entire I.T. (information technology) system so you can do . . . whatever it is you do. Because of our investment in the best people and the best consulting tools available, we can provide a level of ser- vice and support normally only available to very large companies. We make it possible for small and medium size business- es (SMB's) to have:  A real, fulltime I.T. department  Service ticketing  Project management  Limited budget  24x7 monitoring  Automated patching of computer systems  Access to absolute top-notch tech support And we do it for less than what most companies are pay- ing for "a computer guy." Company Overview DWP Information Architects is a consulting firm that specializes in managing your entire information tech- nology infrastructure. That means Internet connectivity, Windows operating systems, and Microsoft Networks. We can help you with:  General Tech Support (Desktops, Servers, Monthly maintenance)  Setting Up Microsoft Windows networks  Microsoft Exchange Server  Microsoft Server 2012  Choosing, Installing, and Managing Email Services  Backups, Fault Tolerance, Failover Systems  Getting Connected to the Internet (Choosing an ISP, Frame Relay, Other Options)  Keeping Your Network Up and On the Net  TCP/IP  Networking Domain Control  Troubleshooting  Choosing, Installing, and Creating Content for Web Services  Remote Access Solutions  Fax Services  Security and Firewalls  Domain Name Service (DNS)  Maintaining your Network  Disaster Recovery Preparation and Services  Configuring Network Hardware, such as Routers, DSU/CSUs, Hubs, Switches, etc.  . . . and More!!! DWP Information Architects, Inc. Knowledgeable — Professional — Experienced The author is Denis S. Wilson, President and Principal Consult- ant for DWP Information Archi- tects Inc. in Thousand Oaks, CA.
  4. 4. DWP Information Architects, Inc. Knowledgeable — Professional — Experienced Designing, building, and supporting networks for small and medium sized businesses since 2002. Call 866-995-4488