Digital security consultancy @stake reveals the common ways employees
put their business at risk
Digital security consultancy @stake today revealed that corporate
employees who fail to implement basic security procedures are the
biggest single cause of security breaches within the organisations it
has worked with. To help companies address these problems, @stake has
created a list of the most common security errors committed by employees
who often unknowingly put the integrity of corporate systems at risk.
Although this list shows some of the most common security errors made by
employees, @stake warns that each company must identify their unique
risk of security exposure and assess the level of security needed.
Royal Hansen, practice director for @stake Europe, said, "Too many
companies believe that IT security is a product issue - in fact, human
beings are the weakest link in any security system. Expensive and
elaborate security measures are often completely undone by a company's
failure to enforce even the most simple precautions, opening up the
entire corporate infrastructure to malicious attack. We have published
our list of security errors in the hope that more companies will take
the simple steps that will protect their business data."
Many of the basic errors made by employees are to do with passwords,
such as the practise of leaving password information on Post-It notes by
their machine or using the same password for multiple systems. Other
common security breaches result from bypassing existing security
measures by incorrectly connecting hardware directly to the network.
Failure to keep up-to-date with security patches is also a flaw
frequently exploited by hackers to gain access to sensitive corporate
data. @stake's list of security breaches is included below.
Hansen continues, "There is no magic bullet for Internet security - it
is a process, not an event. However, companies need to think
holistically about how they implement security and people are a major
part of that equation. The sooner companies integrate human error into
their thinking - and take appropriate safeguards - the safer their
systems will be."
The ways employees compromise security at corporate sites are:
· Writing their passwords on Post-It notes and leaving them on or near
their machines. In an extreme example of this, @stake has experienced
instances of a systems administrators loading all passwords to all
servers on an (unprotected) Excell spreadsheet and leaving a paper copy
of the speadsheet stuck on the desk near the administration console.
· Setting their default passwords to be the same as their primary
· Entering an existing password when the system prompts for a password
to be changed.
· Loading encrypted discs onto a system, failing to remove them and
leaving the password open.
· Plugging modems straight into servers and bypassing multi-level
corporate security systems.
· Plugging servers straight into the internet bypassing routers that may
be acting as firewalls.
· Issuing security certificates with blank passwords.
· Failing to enter a password into Microsoft's server administration
system so leaving a blank default password that compromises the whole
· Carrying (and subsequently losing) laptop computers loaded with
company secrets (also applies to UK government employees).
· Failing to keep up-to-date with and implement newly released patches
issued by software vendors as breaches are discovered. For example, an
Amazon.com employee failed to install a patch to a Microsoft Internet
Information Server, allowing attackers using it to obtain credit card
numbers and client information over a four-month period.
For further information go to: http://www.atstake.com
@stake works where business and technology intersect, because that is
where security is most powerful. The firm integrates technical and
business expertise to build security solutions that look beyond the
network to the security of applications and data, and future business
@stake couples vertical industry expertise in three areas-- financial
services, communication service providers and e-markets-- with
pioneering research, to design and build strategic security solutions
that enable the electronic business initiatives of its Global 2000
clients. Amidst other providers for whom security services are a way to
sell products or drive the sale of broader service offerings, @stake
stands out with its dedicated focus on security consulting services and
the unmatched calibre of its people.
@stake security consultants and research scientists built their
expertise at premier organisations including the L0pht, Cerberus
Information Security, DERA, the National Security Agency, Axent, BBN,
Deloitte & Touche, Open Market and RSA. @stake matches its unparalleled
security talent with equally strong vertical industry and business
expertise drawn from Sapient, Cambridge Technology Partners, Arthur
Andersen, Fleet, Fidelity, Exodus, Nortel and Interpath.
This press release was distributed by ResponseSource Press Release Wire on behalf of Pleon in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.