Failure to Patch
One of the number one reasons hackers are so successful today is that they are able to prey upon systems with known vulnerabilities. Partners do a great disservice to customers when they don’t patch in a timely fashion.
Misconfiguring Systems
Partners should always harden customer systems with good configurations that follow the rule of least privilege in order to limit the damage cybercriminals can do with their attacks.
Using Default Accounts
Partners who deploy systems without changing default username and passwords are setting up customers for a fall.
Failure to Train Customers Users
Poorly trained users make costly mistakes with company assets.
Failure to Change Passwords Regularly
A compromised password that stays the same day-in and day-out is like a Christmas gift that keeps on giving to cybercrooks.
Failure to Update AV
Criminal hackers are cooking up new attack methods daily—it’s hard enough for AV vendors to keep up as-is. Failing to install updates just gives the bad guys a head start.
Relying on Perimeter Security
Do your security suggestions to customers stop at ‘Step 1: Run Firewall; Step 2: Run AV’? Bad partner!
Misconfiguring Firewalls
If your customers’ firewalls are set with so many rule exceptions that a Mack truck could run through it, then that firewall isn’t doing much good, now is it?
Developing Insecure Web Apps
Web application vulnerabilities are increasingly becoming the number one means for cybercrooks to break into corporate networks. Secure coding needs to be a top priority for partners who develop for customers.
Allowing Insecure USB Devices Into Customer Environments
Remember Conficker? Part of the reason it was able to spread so quickly was that it uploaded itself onto USB devices and used them to deliver its payload onto new computers that they connected to.
Help Desk Fails to Authenticate Users Properly
If you’re helping users without ensuring that they really are who they say they are, you could potentially be giving away valuable information to social engineers on the attack.
Forgetting to Secure Back Up Tapes
Countless data breaches over the last few years have been caused by the loss or theft of backup tapes containing unencrypted information.
Failure to Encrypt Laptops
So many companies’ data breach woes could have been prevented had their laptops been encrypted.
Mismanaging Encryption Keys
Some security experts explain poorly managing encryption keys as the same as locking a house and leaving the key under the doormat. Don’t leave your customers exposed.
Leaving the Server Room Door Open
All the IT security solutions in the world don’t amount to a hill of beans if the customer doesn’t care about physical security.
Selling Products, Not Solutions
Any security expert today will tell you that the most effective security is layered and holistic. That means coming up with a plan with products and services that work together. That’s your value add right there.
Failure to Train Your Own Employees
If your employees are not trained in security principles, they’re just as capable of making dangerous mistakes with customer IT assets as the customer’s employees.
Failure to Segment Customer Networks
Leaving more sensitive information—such as important intellectual property or caches of personally identifiable information—to mingle with everything else on unsecured networks is asking for trouble.
Going Live With Systems Too Early
Failing to test system configurations or new applications for security before going live is all too common.
Trusting Your Employees Too Much
Your employees have access to a bevy of sensitive customer of information. Remember to trust but verify.
Installing Insecure Wi-Fi Networks
Wireless networks are easy to install—almost too easy if you’re not familiar with the security pratfalls of Wi-Fi. Channel partners would do well to bone-up on Wi-Fi security before the next installation.
Choosing Not To Bring In An Expert
If you’re a partner without any security specialization, don’t try to fool your customer by ‘faking’ it. Consider calling in a consultant for joint projects.
Failing to Secure Customers Remote Workers
Are your customers putting their mostly secure IT systems at risk by allowing their employees to connect willy-nilly from unsecured coffee shop networks?
Never Doing a Risk Assessment
How can you help customers prioritize risk and secure operations accordingly if you never aid them in a risk assessment?
Getting In The Way of Customers Business Processes
The biggest mistake of all is assuming security for security’s sake is the name of the game. Partners need to find a way to enable secure business processes.