Common Mistakes and Pitfalls in IT Security

By Melissa Rudy
Updated: May 21, 2012

Common Mistakes and Pitfalls in IT Security

Security has become an integral part of our vast network of information technology. Individuals and businesses alike need to protect their data from a host of threats, including malware and viruses, hackers, corruption, erasure, and even physical concerns like mobile device theft.

Despite a multitude of provisions, programs, and protocols, security mistakes are still made by end users and providers alike. We know to use strong antivirus protection, but many of us are skipping the basics. Here are some of the most common problems encountered in IT security, along with how you can prevent them from affecting you.

Problems with password creation

There are plenty of guidelines and suggestions for creating strong passwords to prevent intrusions. But many people—including some IT professionals—still aren't as careful as they should be when creating passwords.

One problem area is default passwords. It's easy for network administrators to simply leave the default in place when setting up a system—but customers don't always remember to change them, and default passwords are easy targets for security breaches.

Weak passwords are also prevalent. It's important to create passwords that can't easily be guessed or cracked through common malicious methods like blunt force attacks, which are automated programs set to hammer dictionary words through an access point at a high rate of speed in an attempt to discover the password.

To create a strong password:

  • Don't use common words or phrases alone, especially those with personal significance to you. Even adding a few numbers to a common word can heighten the strength of your password.
  • Choose a password that you can remember so that you don't have to write it down. Writing out your passwords makes it that much easier for your account to be compromised.
  • Change your password regularly, especially on highly targeted information like your bank account.

Restrictions that don't restrict hackers

Businesses that interact with their customers online sometimes set restrictions on passwords and security questions that are meant to heighten security. Unfortunately, some of these measures are less than helpful, and can actually be detrimental.

One example is particularly common. You've probably created a few accounts that require a security question. This measure is typically employed so you can retrieve your password through an automated system, without having to wait for a human response. However, many websites provide a drop-down list of very basic questions to choose from, like your mother's maiden name, or the name of your first pet.

This means that with a little research, a determined hacker can find the answer to your security question and obtain your password. When it comes to security questions, the best solution is to allow users to choose their own questions and answers, so they can use something that isn't quite so obvious.

Password length restrictions are another problem. Limiting a password to six alphanumeric characters is a fairly prevalent restriction, used on many websites. The trouble is that the shorter a password, the easier it is to discover, either by guessing or using a permutation program.

Formulating a backup plan

By now, everyone is supposed to be aware of the importance of data backups. Unfortunately, there are still countless individuals and business owners who are going without. They may have invested in what they believe is tight security, and feel that there's no need to invest in additional backups. Or, they may have just forgotten, which happens more often than you might think.

One of the biggest mistakes in IT security is assuming that a disaster will never happen to you. Having a solid backup system is absolutely critical, if only because there are so many ways for data loss to occur.

Whether you're an individual or a business, the basics of IT security are strong passwords, smart antivirus protection, and a reliable data backup system. When you follow these simple principles, you can rest assured that your information is as protected as possible.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more