HUMANS ARE THE WEAKEST LINK IN THE SECURITY CHAIN - SAY 'GOODBYE' TO YOUR BUSINESS Tuesday 1 May 2001 PDF Print Digital security consultancy @stake reveals the common ways employees put their business at risk Digital security consultancy @stake today revealed that corporate employees who fail to implement basic security procedures are the biggest single cause of security breaches within the organisations it has worked with. To help companies address these problems, @stake has created a list of the most common security errors committed by employees who often unknowingly put the integrity of corporate systems at risk. Although this list shows some of the most common security errors made by employees, @stake warns that each company must identify their unique risk of security exposure and assess the level of security needed. Royal Hansen, practice director for @stake Europe, said, "Too many companies believe that IT security is a product issue - in fact, human beings are the weakest link in any security system. Expensive and elaborate security measures are often completely undone by a company's failure to enforce even the most simple precautions, opening up the entire corporate infrastructure to malicious attack. We have published our list of security errors in the hope that more companies will take the simple steps that will protect their business data." Many of the basic errors made by employees are to do with passwords, such as the practise of leaving password information on Post-It notes by their machine or using the same password for multiple systems. Other common security breaches result from bypassing existing security measures by incorrectly connecting hardware directly to the network. Failure to keep up-to-date with security patches is also a flaw frequently exploited by hackers to gain access to sensitive corporate data. @stake's list of security breaches is included below. Hansen continues, "There is no magic bullet for Internet security - it is a process, not an event. However, companies need to think holistically about how they implement security and people are a major part of that equation. The sooner companies integrate human error into their thinking - and take appropriate safeguards - the safer their systems will be." The ways employees compromise security at corporate sites are: · Writing their passwords on Post-It notes and leaving them on or near their machines. In an extreme example of this, @stake has experienced instances of a systems administrators loading all passwords to all servers on an (unprotected) Excell spreadsheet and leaving a paper copy of the speadsheet stuck on the desk near the administration console. · Setting their default passwords to be the same as their primary password. · Entering an existing password when the system prompts for a password to be changed. · Loading encrypted discs onto a system, failing to remove them and leaving the password open. · Plugging modems straight into servers and bypassing multi-level corporate security systems. · Plugging servers straight into the internet bypassing routers that may be acting as firewalls. · Issuing security certificates with blank passwords. · Failing to enter a password into Microsoft's server administration system so leaving a blank default password that compromises the whole corporate system. · Carrying (and subsequently losing) laptop computers loaded with company secrets (also applies to UK government employees). · Failing to keep up-to-date with and implement newly released patches issued by software vendors as breaches are discovered. For example, an Amazon.com employee failed to install a patch to a Microsoft Internet Information Server, allowing attackers using it to obtain credit card numbers and client information over a four-month period. For further information go to: http://www.atstake.com About @stake @stake works where business and technology intersect, because that is where security is most powerful. The firm integrates technical and business expertise to build security solutions that look beyond the network to the security of applications and data, and future business goals. @stake couples vertical industry expertise in three areas-- financial services, communication service providers and e-markets-- with pioneering research, to design and build strategic security solutions that enable the electronic business initiatives of its Global 2000 clients. Amidst other providers for whom security services are a way to sell products or drive the sale of broader service offerings, @stake stands out with its dedicated focus on security consulting services and the unmatched calibre of its people. @stake security consultants and research scientists built their expertise at premier organisations including the L0pht, Cerberus Information Security, DERA, the National Security Agency, Axent, BBN, Deloitte & Touche, Open Market and RSA. @stake matches its unparalleled security talent with equally strong vertical industry and business expertise drawn from Sapient, Cambridge Technology Partners, Arthur Andersen, Fleet, Fidelity, Exodus, Nortel and Interpath. This press release was distributed by ResponseSource Press Release Wire on behalf of Pleon in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.