The 21 Best Ways to Lose Your Information
Computerworld -
Have you ever wondered what the best ways are to get hacked, be adversely affected by disasters, or otherwise lose information stored on your computer systems? Here, in no particular order, are the 21 best ways to not secure your systems:
1. Don't pay attention to or even bother to understand what you're trying to protect.
2. Leave your databases, especially those containing credit card or other confidential information, unencrypted. And be sure to store them on publicly accessible servers.
3. Don't patch your software or update your virus signatures, and never, ever run vulnerability assessments to detect newly discovered software flaws and system misconfigurations. It's just too time-consuming.
4. When an employee quits or is let go, leave his network log-ins and e-mail accounts enabled. You never know when he might want to check in on things.
5. Don't create any security policies that document how you're safeguarding your information to protect your organization and clients from information disasters and legal liabilities.
6. If you do happen to have a security policy, never refer to it, enforce it, update it or do what it says.
7. Completely outsource your information security initiatives. There's no need for anyone inside your organization to worry about such matters.
8. By all means, don't take an inventory of your information systems or document your network.
9. Apply the principle of greatest privilege. Give all users the greatest amount of access to your information systems. Everyone should have access to everything -- it's only fair, right?
10. Rely solely on technology. Firewalls, encryption and antivirus software are all you need to protect your information.
11. Run your business without disaster recovery and business continuity plans. After all, you can think clearly and make critical decisions under pressure, right?
12. Don't monitor your systems. They'll be fine running by themselves, and if anything major happens with the integrity or availability of your information, you'll be notified automatically, won't you?
13. Don't back up your data, but if you must, don't test your backups. Also, leave your backup media on-site -- preferably sitting on top of an uninterruptible power supply.
14. Leave your operating systems and software applications with the default settings. System hardening is for the birds.
15. Respond to hacker attacks, viruses and other intrusions as they happen -- don't be proactive in dealing with them.
16. Use passwords that consist of your pet's name, your name, your mom's maiden name, or your birthday. That way, you won't forget them. Better yet, just use
Additional Resources


White Papers & Webcasts
Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs
Since the adoption of SOX, much has been learned about IT compliance. Discover how to make SOX efforts more effective in "Sustaining Sox...
Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...
IDC White Paper: CCM for IT Compliance and Risk Management
Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these...
Best Practices for Managing Business Risks from the Use of IT
(Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of...
Keep it Clean: Maintaining the Integrity of your CMDB through Change Detection
Learn how configuration drift can challenge configuration management database (CMDB) integrity and how a configuration audit tool and an effective change management process...
Managing And Protecting Your Ever Increasing Mobile Assets
(Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie...
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
HIPAA requires businesses that handle personal health information (PHI) to set up strong controls to ensure the security and integrity of that information....
Sun OpenSSO Enterprise Webinar
(Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access...
Configuration Assessment: Choosing the Right Solution
Configuration assessment lets businesses proactively secure their IT infrastructure and achieve compliance with important industry standards and regulations. Learn why configuration assessment is...
Agile Enterprise Content Management (ECM) for Rapid ROI
(Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential...
Subscribe to Computerworld
