Effective information security is based on more than just maintaining the proper technologies. It's also a matter of making sure that your employ-ees are fully aware of the threats that face them on a daily basis. Security vendor Trustwave has issued a list of seven key issues that most frequently lead to a loss or exposure of data.
DWPIA Whitepaper - The 7 Deadly Sins of Information Security
1. White Paper
A White Paper from DWP
Information Architects, Inc.
www.dwpia.com
This report is not intended to
answer every question you
might have about the subject at
hand. This report consists of the
opinions and current thoughts
of the author at the time of pub-
lication.
This report is intended to give
general advice and information
with regard to its subject mat-
ter. It is distributed with the
understanding that the author,
publisher, and DWP Infor-
mation Architects are not ren-
dering specific advice for any
specific company or organiza-
tion.
DWP Information Architects
would be happy to review your
current systems and to offer
appropriate context-specific
advice.
DWP Information Architects
and the authors will not be lia-
ble to any person or organiza-
tion for any actions they take
as a result of the information
contained in this report.
In other words, you’re responsi-
ble for your own actions.
Box 3876, Thousand Oaks, CA 91359
Telephone: 866-995-4488
Email: info@dwpia.com
Web: www.dwpia.com
The 7 Deadly Sins of Information Security
Effective information security is based on more than just maintaining the
proper technologies. It's also a matter of making sure that your employ-
ees are fully aware of the threats that face them on a daily basis. Security
vendor Trustwave has issued a list of seven key issues that most fre-
quently lead to a loss or exposure of data.
According to the research, based on more than 300 security breaches
worldwide, an overwhelming 87 percent of businesses that had been
breached had not developed specific security policies, including security
awareness education programs. Coincidentally, today's organizations re-
port an average of 14.4 incidents per year of unintentional data loss due
to accidents, mistakes and similar issues involving employees. Maybe
that should not surprise us given that only 32 percent of employees say
they were trained on security policies by their companies.
Without further ado, here are seven deadly security sins.
Need to hack a password? Try "Password1." It has everything you need:
a capital letter, a number and just enough characters to pass muster with
Active Directory. And of course, nobody would think of it. Just ask all
the people who use it. It's one of the passwords that hackers try first. That
is, of course, assuming the password isn't lying around on a desk some-
where in plain sight. In approximately 15 percent of physical security
tests performed by the Trustwave at client sites last year, written pass-
words were found on sticky notes and other scraps of paper in plain view.
More than 70 percent of surveyed workers admit that they have peeked
at other people's computer screens, either at the office, at a coffee
shop, on a plane or in some other public place. And in case that wander-
ing eye fails to impress you, one in three workers leaves his computer
logged-on and unlocked while away from his desk. To make matters
worse, 26.4 percent of malware is keylogger- or application-specific,
which often requires detailed knowledge of, or physical access to, a tar-
geted system. Hang on. We're going to grab a cup of coffee now. Don't
A Product of Web: www.DWPia.com Email: info@DWPia.com
DWP Information Architects Inc. Phone 866-995-4488
2. Page 2 Ph: 866-995-4488 Email info@dwpia.com
look at our stuff.
The survey says 60 percent of users who find ran-
dom USB sticks will plug them into their comput-
ers. That implies the remaining 40 percent know
better. But if you slap a logo sticker onto that USB
device, the percentage of people who would be
tempted to use it goes up to 90 percent. So much for
knowing better. Not necessarily coincidentally,
about 35 percent of the users report having experi-
enced a virus infection through a USB device.
Nearly 70 percent of IT security pros admit that they
sometimes come across phishing emails that snuck
past the spam filters. And, falling for these attempts
is not just for the Great Unwashed. Approximately
27 percent of IT organizations have top executives
or privileged users who, though they should proba-
bly know better, have fallen prety to malicious email
attacks. The good news is that when users are
properly trained on how to spot phishing attempts,
they fall for it 42 percent less frequently than those
who have not been trained.
Where would we be without our smartphones? They
are so handy, so compact, so easy to use and also so
easy to lose that all too often we do get to find out
what we would do without them. With that in mind,
you might think that little four-digit passcode would
not be too much of an inconvenience. But, apparent-
ly it is. The survey says about 70 percent of users do
not password-protect their smartphones. A lot of
times, those phones are found by other people. And
according to the survey, nearly 90 percent of the
people who find lost phones dig through them to see
what they can find.
This was Trustwave's original headline for this little
ditty, and we just couldn't pass it up. The number of
Wi-Fi hotspots is expected to increase by 350 per-
cent by 2015. Meanwhile, only 18 percent of the us-
ers log on to a VPN when accessing public Wi-Fi.
The rest do not. Trusting souls are they! But all too
often, that trust is misplaced. And, you don't have to
go to some anonymous coffee shop or log on to
some hot spot that just showed up on your phone
in order to get exploited. The FBI recently released
an alert to travelers warning about an increase in
malware that pops up on hotel Internet connec-
tions, claiming to be an application update that you
might otherwise take for granted. Beware.
The sin that comes after hooking up with another
man's Wi-Fi is, potentially, a social disease (of
sorts). According to the survey, 67 percent of
young workers think corporate social media poli-
cies are outdated. But, that's probably not such a
big deal, given that 70 percent of them admit that
they routinely ignore the IT policies anyway. No
word on whether they would be more likely to fol-
low the policies if those policies were more up to
date and Generation Y-ish. Given this collective
thumb-nosing, 52 percent of enterprises have seen
an increase of malware infections due to employ-
ees' use of social media.
We Can Help
DWP Information Architects is Knowledgeable, Pro-
fessional, and Experienced. We have built hundreds of
security systems. Our clients have included many small
businesses in Ventura County and Los Angeles.
We also manage networks and backup systems for
companies all across the United States.
If we can help you, please contact us today:
DWP Information Architects, Inc.
Phone: 866-995-4488
Email: info@dwpia.com
Web: www.dwpia.com
3. Page 3 Ph: 866-995-4488 Email info@dwpia.com
About DWP Information Architects
DWP Information Architects is Ventura County’s Prem-
ier Microsoft Partner. We were founded in 2002 and have
been providing managed care for computer systems since
the day we opened our doors.
We manage your entire I.T. (information technology)
system so you can do . . . whatever it is you do.
Because of our investment in the best people and the best
consulting tools available, we can provide a level of ser-
vice and support normally only available to very large
companies.
We make it possible for small and medium size business-
es (SMB's) to have:
A real, fulltime I.T. department
Service ticketing
Project management
Limited budget
24x7 monitoring
Automated patching of computer systems
Access to absolute top-notch tech support
And we do it for less than what most companies are pay-
ing for "a computer guy."
Company Overview
DWP Information Architects is a consulting firm that
specializes in managing your entire information tech-
nology infrastructure.
That means Internet connectivity, Windows operating
systems, and Microsoft Networks.
We can help you with:
General Tech Support
(Desktops, Servers, Monthly maintenance)
Setting Up Microsoft Windows networks
Microsoft Exchange Server
Microsoft Server 2012
Choosing, Installing, and Managing Email Services
Backups, Fault Tolerance, Failover Systems
Getting Connected to the Internet (Choosing an
ISP, Frame Relay, Other Options)
Keeping Your Network Up and On the Net
TCP/IP
Networking Domain Control
Troubleshooting
Choosing, Installing, and Creating Content for Web
Services
Remote Access Solutions
Fax Services
Security and Firewalls
Domain Name Service (DNS)
Maintaining your Network
Disaster Recovery Preparation and Services
Configuring Network Hardware, such as Routers,
DSU/CSUs, Hubs, Switches, etc.
. . . and More!!!
DWP Information Architects, Inc.
Knowledgeable — Professional — Experienced
The author is Denis S. Wilson,
President and Principal Consult-
ant for DWP Information Archi-
tects Inc. in Thousand Oaks,
CA.
4. DWP Information Architects, Inc.
Knowledgeable — Professional — Experienced
Designing, building, and supporting networks for small and
medium sized businesses since 2002.
Call 866-995-4488