For most of the enterprises, security means creating an infrastructure or having a firewall/intrusion detection system or using encryption and password authentication. Though all these points are in practice largely in organizations, but they are not enough to cope up with the ever-increasing digital threats and corporate espionage. There are several other factors which are there to be taken care of as they can cause core threats, if not taken care of properly.
The basic security flaws are:
1.Weaker or Default Passwords: Often it has been seen that organizations using high-tech hardware and software components tend to use default authentication passwords. All this results in easy entry points. On the other hand many face brute force attacks much easily due to weak passwords.
2.No Regular Updates: Generally softwares’ once installed are not updated or managed regularly. It’s not easy to keep a check on very quick updates and manage the piece of code regularly as updates are not always secure and management techniques which are today working may get obsolete tomorrow with a new zero-day.
3. No Data Storage Policy: Firms are today facing problems of data storage and while storing they make a big mistake of just looking at where the data will be stored, and not how the data will be stored. As ‘how’ is much more important than ‘where’ in security matters.
4.Less Trained Personnel: Just have a look at your firm, and you will see that if you are not an MNC and doing a small or medium scale business then you are depending on one or two guys for your security. In any organization, every employee should have basic security training. It has been seen that in more than 60% of the cases, a breach is through a weak link in the organization like a security unaware person, who does not know which attachments to download and run.
5.No Disaster Planning: Most of the firms are very good at storing data but they do not have a proper planning of what they will do if their back-up crashes, and if they are keeping a back-up of a back-up then how they are storing it as discussed in point 3 above. A proper well-thought disaster recovery planning should be in policy of an organization.
These were the general mistakes that an organization do. These are just the basic mistakes, but does the firm can consider itself secure after performing the tasks listed above. Security is not a one-time solution, it’s a regular process. The security processes change as the organization does, so no one can get lifetime security with one security solution in hand.