Failure to Patch

1Failure to Patch

One of the number one reasons hackers are so successful today is that they are able to prey upon systems with known vulnerabilities. Partners do a great disservice to customers when they don’t patch in a timely fashion.

2Misconfiguring Systems

Partners should always harden customer systems with good configurations that follow the rule of least privilege in order to limit the damage cybercriminals can do with their attacks.

3Using Default Accounts

Partners who deploy systems without changing default username and passwords are setting up customers for a fall.

4Failure to Train Customers Users

Poorly trained users make costly mistakes with company assets.

5Failure to Change Passwords Regularly

A compromised password that stays the same day-in and day-out is like a Christmas gift that keeps on giving to cybercrooks.

6Failure to Update AV

Criminal hackers are cooking up new attack methods daily&#151it’s hard enough for AV vendors to keep up as-is. Failing to install updates just gives the bad guys a head start.

7Relying on Perimeter Security

Do your security suggestions to customers stop at ‘Step 1: Run Firewall; Step 2: Run AV’? Bad partner!

8Misconfiguring Firewalls

If your customers’ firewalls are set with so many rule exceptions that a Mack truck could run through it, then that firewall isn’t doing much good, now is it?

9Developing Insecure Web Apps

Web application vulnerabilities are increasingly becoming the number one means for cybercrooks to break into corporate networks. Secure coding needs to be a top priority for partners who develop for customers.

10Allowing Insecure USB Devices Into Customer Environments

Remember Conficker? Part of the reason it was able to spread so quickly was that it uploaded itself onto USB devices and used them to deliver its payload onto new computers that they connected to.

11Help Desk Fails to Authenticate Users Properly

If you’re helping users without ensuring that they really are who they say they are, you could potentially be giving away valuable information to social engineers on the attack.

12Forgetting to Secure Back Up Tapes

Countless data breaches over the last few years have been caused by the loss or theft of backup tapes containing unencrypted information.

13Failure to Encrypt Laptops

So many companies’ data breach woes could have been prevented had their laptops been encrypted.

14Mismanaging Encryption Keys

Some security experts explain poorly managing encryption keys as the same as locking a house and leaving the key under the doormat. Don’t leave your customers exposed.

15Leaving the Server Room Door Open

All the IT security solutions in the world don’t amount to a hill of beans if the customer doesn’t care about physical security.

16Selling Products, Not Solutions

Any security expert today will tell you that the most effective security is layered and holistic. That means coming up with a plan with products and services that work together. That’s your value add right there.

17Failure to Train Your Own Employees

If your employees are not trained in security principles, they’re just as capable of making dangerous mistakes with customer IT assets as the customer’s employees.

18Failure to Segment Customer Networks

Leaving more sensitive information&#151such as important intellectual property or caches of personally identifiable information&#151to mingle with everything else on unsecured networks is asking for trouble.

19Going Live With Systems Too Early

Failing to test system configurations or new applications for security before going live is all too common.

20Trusting Your Employees Too Much

Your employees have access to a bevy of sensitive customer of information. Remember to trust but verify.

21Installing Insecure Wi-Fi Networks

Wireless networks are easy to install&#151almost too easy if you’re not familiar with the security pratfalls of Wi-Fi. Channel partners would do well to bone-up on Wi-Fi security before the next installation.

22Choosing Not To Bring In An Expert

If you’re a partner without any security specialization, don’t try to fool your customer by ‘faking’ it. Consider calling in a consultant for joint projects.

23Failing to Secure Customers Remote Workers

Are your customers putting their mostly secure IT systems at risk by allowing their employees to connect willy-nilly from unsecured coffee shop networks?

24Never Doing a Risk Assessment

How can you help customers prioritize risk and secure operations accordingly if you never aid them in a risk assessment?

25Getting In The Way of Customers Business Processes

The biggest mistake of all is assuming security for security’s sake is the name of the game. Partners need to find a way to enable secure business processes.


Must Read