Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

50-Cent Holes

CIOs can spend millions on firewalls, intrusion detection systems and whatever else their security vendors are selling, but when that VP of marketing decides to sync his work laptop with his unsecured home PC - and there's no policy or training to make him think twice - your million-dollar security efforts become worthless.
Page:

Sure, you've got a million-dollar security battleship, but it's full of. . . 50-Cent Holes!

Reader ROI

  • Common security problems and how to fix them
  • Steps for preventing future holes

This has not been a banner year for information security.

From a stolen laptop full of Social Security numbers to a Web site that lost oceans of credit card data, commonsense security procedures seem in short supply. "Almost without exception we're living in a world where no one thinks to lock the stable doors until the horses have escaped," says David Friedlander, a senior analyst at Forrester Research.

CIOs can spend millions on firewalls, intrusion detection systems and whatever else their security vendors are selling, but when that VP of marketing decides to sync his work laptop with his unsecured home PC - and there's no policy or training to make him think twice - your million-dollar security efforts become worthless.

With that in mind, here are 10 common security ailments and 10 practical remedies. They're easy and inexpensive, and you can do them right now. All involve some form of user education and training. "How do you stop stupid mistakes?" asks Mark Lobel, a partner in the security practice at PricewaterhouseCoopers. "It's education and security awareness - basic blocking and tackling - and it does not have to cost a fortune."

Save As . . .

The Hole : A company familiar to Adam Couture, a principal analyst at Gartner Research, searched its Exchange servers for documents called "passwords.doc". There were 40 of them.

The Problem: Uneducated users. "Some of these [mistakes] are so obvious that you think: 'Nobody would do that'," Couture says. "But you give people too much credit." Any hacker, malcontent employee or grandmother with a minimal amount of computer know-how could unlock those documents and ravage your company's most sensitive applications (not to mention all of your employees' personal information).

The Solution : First, CIOs need to acknowledge that there might be passwords.doc files on their networks, find them and destroy them. Then, via e-mail or a companywide meeting, they need to explain to users why keeping a file like this on the network is a really, really bad idea.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Accenture, ACT, American Express, BlackBerry, CitiGroup, eBay, Financial Institutions, Forrester Research, Gartner, Gartner Research, HIS Limited, Iron Mountain, Legend, Mastercard, MCI, Morgan, Morgan Stanley, Osterman Research, PLUS, PricewaterhouseCoopers, PriceWaterHouseCoopers, PwC, Time Warner, Unwired, VIA, Visa, Wachovia

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • CommVault Extends its Data Protection and Information Management Strategy with Simpana 9
    This IDC Insight explores the differentiators of CommVault's Simpana data and information management software and the customer challenges the help address. The focus of this Insight is on the data management and data protection capabilities on Simpana.
    Learn more »
  • Reducing Costs Through Better Server Utilisation
    By consolidating systems onto the latest server technology and taking advantage of virtualization techniques, enterprises can optimize datacenter efficiency, gain flexibility, and reduce operating costs—without sacrificing performance or impacting service levels. Read on.
    Learn more »
  • IBM Tivoli Storage Manager for Virtual Environments - Advanced Data Protection for VMware ESX Environments
    Server virtualization is taking hold in companies of all sizes, and VMware is one of the more popular hypervisors adopted by IT organizations. While VMware server virtualization continues to gain momentum, IT organizations still have some hurdles to overcome if they are to deploy virtualization more widely across the enterprise. Backup and recovery of virtual server environments ranks highly as a top initiative and area of investment—a major focus for a growing population of corporate IT organizations expanding the use of virtualization to incorporate more tier-1 production applications. This paper introduces Tivoli Storage Manager for Virtual Environments (TSM for VE), IBM’s solution for optimizing backup and recovery in VMware installations.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.

HP and IDG news, product videos and resources