50-Cent Holes

CIOs can spend millions on firewalls, intrusion detection systems and whatever else their security vendors are selling, but when that VP of marketing decides to sync his work laptop with his unsecured home PC - and there's no policy or training to make him think twice - your million-dollar security efforts become worthless.

Alice Dragoon (CIO)
07 November, 2005 20:52
Comments

Page:

1
2
3
4
next >

Sure, you've got a million-dollar security battleship, but it's full of. . . 50-Cent Holes!

Reader ROI

Common security problems and how to fix them
Steps for preventing future holes

This has not been a banner year for information security.

From a stolen laptop full of Social Security numbers to a Web site that lost oceans of credit card data, commonsense security procedures seem in short supply. "Almost without exception we're living in a world where no one thinks to lock the stable doors until the horses have escaped," says David Friedlander, a senior analyst at Forrester Research.

With that in mind, here are 10 common security ailments and 10 practical remedies. They're easy and inexpensive, and you can do them right now. All involve some form of user education and training. "How do you stop stupid mistakes?" asks Mark Lobel, a partner in the security practice at PricewaterhouseCoopers. "It's education and security awareness - basic blocking and tackling - and it does not have to cost a fortune."

Save As . . .

The Hole : A company familiar to Adam Couture, a principal analyst at Gartner Research, searched its Exchange servers for documents called "passwords.doc". There were 40 of them.

The Problem: Uneducated users. "Some of these [mistakes] are so obvious that you think: 'Nobody would do that'," Couture says. "But you give people too much credit." Any hacker, malcontent employee or grandmother with a minimal amount of computer know-how could unlock those documents and ravage your company's most sensitive applications (not to mention all of your employees' personal information).

The Solution : First, CIOs need to acknowledge that there might be passwords.doc files on their networks, find them and destroy them. Then, via e-mail or a companywide meeting, they need to explain to users why keeping a file like this on the network is a really, really bad idea.

Page:

1
2
3
4
next >

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Accenture, ACT, American Express, BlackBerry, CitiGroup, eBay, Financial Institutions, Forrester Research, Gartner, Gartner Research, HIS Limited, Iron Mountain, Legend, Mastercard, MCI, Morgan, Morgan Stanley, Osterman Research, PLUS, PricewaterhouseCoopers, PriceWaterHouseCoopers, PwC, Time Warner, Unwired, VIA, Visa, Wachovia

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Latest Stories

Community Comments

"Ich kenne einige Leute, die aus Kanadakommen. Eines Tages werde ich auch ..."

Australia's first 4G smartphone is the HTC Velocity 4G
"Actually when someone doesn't know then its up to other visitors that ..."

Swedish e-commerce startup's execs linked to NYC sex crime
"Hi to all, how is everything, I think every one is getting ..."

Face Time - Interview with John Brennan and Robert DiStefano
"I am truly thankful to the owner of this website who has ..."

How to implement next-generation storage infrastructure for Big Data
"hwjae , click here http://www.breastenhanceproduct.org/how-to-benefit-from-herbal-breast-enhancements"

Pfizer's Future Depends on IT Transformation

Latest Blog Posts

Whitepapers

Key Considerations in Modernising Your Backup and Deduplication Solutions
There is a definite need for better data backup solutions in today’s enterprise data centers. The question is whether to continue with software-only backup and deduplication solutions, or to make the move to a purpose-built backup appliance with deduplication capabilities. This paper provides a structured approach to assessing the advantages of the appliance model. Read this whitepaper.

Learn more »
Traditional Backup is Dead - Are you prepared?
Conventional backup and recovery approaches clearly can't keep up with ever-growing storage rates. It's time to take on a new strategy.

Learn more »
Shedding Light on Backup and Availability Challenges in Virtual Environments
This IDG white paper explores specific backup and availability challenges organisations must surmount as they move to virtualise their business-critical applications. It then shows how attaining proper service levels for these applications requires a high degree of visibility into the VMware virtual environment.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Advanced Malware Exposed - How advanced malware, zero-day and targeted APT attacks are evading today's network defences

This handbook shines a light on the dark corners of advanced malware, both to educate as well as to spark renewed efforts against these stealthy and persistent threats. By understanding ...

Recent comments

"Ich kenne einige Leute, die aus Kanadakommen. Eines Tages werde ich auch ..."
Australia's first 4G smartphone is the HTC Velocity 4G
"Actually when someone doesn't know then its up to other visitors that ..."
Swedish e-commerce startup's execs linked to NYC sex crime
"Hi to all, how is everything, I think every one is getting ..."
Face Time - Interview with John Brennan and Robert DiStefano
"I am truly thankful to the owner of this website who has ..."
How to implement next-generation storage infrastructure for Big Data
"hwjae , click here http://www.breastenhanceproduct.org/how-to-benefit-from-herbal-breast-enhancements"
Pfizer's Future Depends on IT Transformation

Follow CIO

Market Place

Cyber Security Summit 2012 | 1-3 August | Save $150 using promo code CSO | Check out agenda today

Gartner Security & Risk Management Summit, 16-17 July 2012, Sydney

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

50-Cent Holes

Save As . . .

Comments

Post new comment

Building trusted relationships

Planning your IT career

Taking the risk out of diversity

5 open source help desk apps to watch

NBN Co focuses on continuous delivery to meet its deadlines

How to create a clear project plan

5 open source billing systems to watch

10 Tips for Dealing with a Bully Boss

Face Time - Interview with John Brennan and Robert DiStefano

Pfizer's Future Depends on IT Transformation

All Systems Down

IT service management going social

Australia's first 4G smartphone is the HTC Velocity 4G

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Advanced Malware Exposed - How advanced malware, zero-day and targeted APT attacks are evading today's network defences

The Pathways ICT Leadership Development Program Brochure and Curriculum 2012