The 7 Deadly Sins Of Information Security

All Too Human ...

Effective information security is based on more than just maintaining the proper technologies. It's also a matter of making sure that your employees are fully aware of the threats that face them on a daily basis. Security vendor Trustwave has issued a list of seven key issues that most frequently lead to a loss or exposure of data.

According to the research, based on more than 300 security breaches worldwide, an overwhelming 87 percent of businesses that had been breached had not developed specific security policies, including security awareness education programs. Coincidentally, today's organizations report an average of 14.4 incidents per year of unintentional data loss due to accidents, mistakes and similar issues involving employees. Maybe that should not surprise us given that only 32 percent of employees say they were trained on security policies by their companies.

Without further ado, here are seven deadly security sins.

No. 1: Passwords Even Your Mom Could Guess

Need to hack a password? Try "password1." It has everything you need: a capital letter, a number and just enough characters to pass muster with Active Directory. And of course, nobody would think of it. Just ask all the people who use it. It's one of the passwords that hackers try first. That is, of course, assuming the password isn't lying around on a desk somewhere in plain sight. In approximately 15 percent of physical security tests performed by the Trustwave at client sites last year, written passwords were found on sticky notes and other scraps of paper in plain view.

No. 2: Oh, Looky Here ...

More than 70 percent of surveyed workers admit that they have peeked at other people's computer screens, either at the office, at a coffee shop, on a plane or in some other public place. And in case that wandering eye fails to impress you, one in three workers leaves his computer logged-on and unlocked while away from his desk. To make matters worse, 26.4 percent of malware is keylogger- or application-specific, which often requires detailed knowledge of, or physical access to, a targeted system. Hang on. We're going to grab a cup of coffee now. Don't look at our stuff.

No. 3: Hey! A Free USB!

The survey says 60 percent of users who find random USB sticks in the parking lot will plug them into their computers. That implies the remaining 40 percent know better. But if you slap a logo sticker onto that USB device, the percentage of people who would be tempted to use it goes up to 90 percent. So much for knowing better. Not necessarily coincidentally, about 35 percent of the users report having experienced a virus infection through a USB device.

No. 4: Let's Go Phishing

Nearly 70 percent of IT security pros admit that they sometimes come across phishing emails that snuck past the spam filters. And, falling for these attempts is not just for the Great Unwashed. Approximately 27 percent of IT organizations have top executives or privileged users who, though they should probably know better, have fallen prety to malicious email attacks. The good news is that when users are properly trained on how to spot phishing attempts, they fall for it 42 percent less frequently than those who have not been trained.

No. 5: Um, Where's My Phone?

Where would we be without our smartphones? They are so handy, so compact, so easy to use and also so easy to lose that all too often we do get to find out what we would do without them. With that in mind, you might think that little four-digit passcode would not be too much of an inconvenience. But, apparently it is. The survey says about 70 percent of users do not password-protect their smartphones. A lot of times, those phones are found by other people. And according to the survey, nearly 90 percent of the people who find lost phones dig through them to see what they can find.

No. 6: Hooking Up With Another Man's Wi-Fi

This was Trustwave's original headline for this little ditty, and we just couldn't pass it up. The number of Wi-Fi hotspots is expected to increase by 350 percent by 2015. Meanwhile, only 18 percent of the users log on to a VPN when accessing public Wi-Fi. The rest do not. Trusting souls are they! But all too often, that trust is misplaced. And, you don't have to go to some anonymous coffee shop or log on to some hot spot that just showed up on your phone in order to get exploited. The FBI recently released an alert to travelers warning about an increase in malware that pops up on hotel Internet connections, claiming to be an application update that you might otherwise take for granted. Beware.

No. 7: Social Disease

The sin that comes after hooking up with another man's Wi-Fi is, potentially, a social disease (of sorts). According to the survey, 67 percent of young workers think corporate social media policies are outdated. But, that's probably not such a big deal, given that 70 percent of them admit that they routinely ignore the IT policies anyway. No word on whether they would be more likely to follow the policies if those policies were more up to date and Generation Y-ish. Given this collective thumb-nosing, 52 percent of enterprises have seen an increase of malware infections due to employees' use of social media.

More Security Coverage From CRN

The Latest Security Headlines:
Malwarebytes Takes First Step Toward Enterprise
Sophos CEO's Top Priority: MDM Space, Raise Profile
How To Guard Against Virus Attacks