One of the number one reasons hackers are so successful today is that they are able to prey upon systems with known vulnerabilities. Partners do a great disservice to customers when they don’t patch in a timely fashion.
Partners should always harden customer systems with good configurations that follow the rule of least privilege in order to limit the damage cybercriminals can do with their attacks.
Partners who deploy systems without changing default username and passwords are setting up customers for a fall.
Poorly trained users make costly mistakes with company assets.
A compromised password that stays the same day-in and day-out is like a Christmas gift that keeps on giving to cybercrooks.
Criminal hackers are cooking up new attack methods daily—it’s hard enough for AV vendors to keep up as-is. Failing to install updates just gives the bad guys a head start.
Do your security suggestions to customers stop at ‘Step 1: Run Firewall; Step 2: Run AV’? Bad partner!
If your customers’ firewalls are set with so many rule exceptions that a Mack truck could run through it, then that firewall isn’t doing much good, now is it?
Web application vulnerabilities are increasingly becoming the number one means for cybercrooks to break into corporate networks. Secure coding needs to be a top priority for partners who develop for customers.
Remember Conficker? Part of the reason it was able to spread so quickly was that it uploaded itself onto USB devices and used them to deliver its payload onto new computers that they connected to.
If you’re helping users without ensuring that they really are who they say they are, you could potentially be giving away valuable information to social engineers on the attack.
Countless data breaches over the last few years have been caused by the loss or theft of backup tapes containing unencrypted information.
So many companies’ data breach woes could have been prevented had their laptops been encrypted.
Some security experts explain poorly managing encryption keys as the same as locking a house and leaving the key under the doormat. Don’t leave your customers exposed.
All the IT security solutions in the world don’t amount to a hill of beans if the customer doesn’t care about physical security.
Any security expert today will tell you that the most effective security is layered and holistic. That means coming up with a plan with products and services that work together. That’s your value add right there.
If your employees are not trained in security principles, they’re just as capable of making dangerous mistakes with customer IT assets as the customer’s employees.
Leaving more sensitive information—such as important intellectual property or caches of personally identifiable information—to mingle with everything else on unsecured networks is asking for trouble.
Failing to test system configurations or new applications for security before going live is all too common.
Your employees have access to a bevy of sensitive customer of information. Remember to trust but verify.
Wireless networks are easy to install—almost too easy if you’re not familiar with the security pratfalls of Wi-Fi. Channel partners would do well to bone-up on Wi-Fi security before the next installation.
If you’re a partner without any security specialization, don’t try to fool your customer by ‘faking’ it. Consider calling in a consultant for joint projects.
Are your customers putting their mostly secure IT systems at risk by allowing their employees to connect willy-nilly from unsecured coffee shop networks?
How can you help customers prioritize risk and secure operations accordingly if you never aid them in a risk assessment?
The biggest mistake of all is assuming security for security’s sake is the name of the game. Partners need to find a way to enable secure business processes.