Unsecured Security
A few decades ago, IT security wasn’t much of an issue. Sure, there are hackers and malicious code, but most of them were created out of mischief and at worst could only render a computer inoperable. The really dangerous hackers at that time had no real reason to go after the common user. However, these days cyber crime is financially motivated, with syndicates employing hackers and programmers in order to amass millions of dollars through various methods, including phishing, ransomware distribution, or even by hacking rival institutions or companies for a fee.
What makes this problem even more serious is that there are a number of techniques, practices, and information relating to security that doesn’t really work as intended. They are simply outmoded, compromised, or not true in the first place. They are the IT security equivalent of old wives’ tales. Here are some that you might want to purge from your repertoire:
An Antivirus/Anti-Malware Suite Will Keep You 100% Safe
You can’t blame security software companies for claiming that their products will keep you safe from all attacks, simply because being upfront and stating that they’ll only protect you from most attacks isn’t likely to inspire buyer confidence and leaves them open to competitors willing to promise the moon and the stars. Additionally, it’s not like they aren’t trying – if it were up to security software companies, they’d create an antimalware that completely protects customers, because that means they’d rake in the profits from selling the best product in the market. Unfortunately, the reality of the situation is that no software suite could ever hope to protect a user 100%. Even the best set of anti malware and anti-virus suites is just half of the equation, the other half is the user being smart and educated about IT security, because he or she is the one aspect of security that no software can account for.
Firewalls Will Keep You Protected All the Time
Firewalls are great at blocking attacks that the user doesn’t allow in, but these days firewall protection has become less relevant because most malware works by tricking users into running code from their desktops – basically from inside the firewall. Firewalls these days are no longer effective because hackers finally found a way to bypass them, by taking advantage of unwary users who believe that they are completely safe and secure from behind a firewall.
Keeping Everything Patched Will Plug Vulnerabilities and Exploits
Don’t take this the wrong way – it is essential to keep your software up to date with fixes and patches, but don’t be complacent as patches themselves do not guarantee that the code will be free of exploits. They fix known vulnerabilities, but sometimes new holes are opened up or they miss one that hasn’t been discovered yet.
Enforcing Strong Passwords Will Keep Your Users Secure
There are network admins who mandate that passwords be of a certain length and should contain only characters and numbers or disallow special characters. The problem with this approach is that it assumes that hackers are manually trying to guess passwords, or at least has a software that tries various combinations, but the truth is that there are hackers who brute force systems using an army of machines that use dictionary-based attacks. Enforcing a strict format for passwords just limits the amount of permutations that the hackers need to try.
But what’s really worth noting about the panacea that is strong passwords is that they don’t really matter much. Most hackers don’t use brute force or guessing – it doesn’t matter if the password is a 56-alphanumeric string that doesn’t mean anything in any language or a long string of random gibberish. If the user is tricked into giving it away (either through a phishing attack or through social engineering,) then the hacker beats your password policies.
Conclusion
If the above examples haven’t made it clear yet, no amount of security policies, secure code, and idiot-proof software will completely protect a network unless a company pays more attention to the true weak points of the system: the end-users. The best IT security system should always include a campaign to educate the end-users on how to use their privileges correctly and to avoid mistakes that would otherwise compromise the network regardless of any software or hardware-based protection.
October 15th, 2014 at 11:56 pm
[…] who fail to take security threats as seriously as they should. It has to do with that mindset that IT security is the sole responsibility of the IT department (disregarding the fact that the IT department usually requires authorization and input from the […]
October 28th, 2014 at 10:54 am
[…] and experiences of our customers, ensuring that you will be notified immediately if there is a potential problem from either of our […]
November 7th, 2014 at 1:32 am
[…] you safe, then you’d be wrong and thinking the way hackers want you to think so that you can continue being vulnerable to their […]