The 5 most common dangers, mistakes and behaviors in IT

During the course of my career I've experienced several working environments and operating systems, but the only constant is human behavior. I’ve learned that what you can expect from a security system is dependent upon human factors. Sometimes this component can lead to disastrous results, compromising even the best security systems and most diligently implemented procedures. That's why I feel the need to list the most common dangers, mistakes and behaviors I have come across as an IT professional.

1. Using weak passwords. This is a hot topic and there are several schools of thought. The only good password must comply with this rule: Easy to remember, hard to break. Many people are told to form random passwords and avoid using dictionary words. This method has some downside though: if the password has no meaning to you, then you can’t remember the randomly chosen password. You can get the same result starting from a word that actually makes sense but manipulating it in a way that makes it hard for the encryption to be broken. For example, you can use a random alphanumerical sequence like ab35y9op7xc or a custom password like K@Th3rin0325!* What's the difference between the two passwords and which one is the most effective? You could think that the first one should be the best choice because it's harder to guess but you'd be wrong. The second one in fact is easier to remember because it's one person’s first name and date of birth, but it's a stronger password for 3 reasons: a) it's longer, b) it uses special characters which are harder to crack, and c) it's easier to remember because it makes sense. Who can’t recall their personal information?

2. Using too many passwords. I’ve worked places where I’ve had to remember a large number of unrelated and non-duplicated passwords to log into various programs that the employer used. When the employee is overwhelmed in this way, this is not an effective security system. In this case maybe a single sign-on solution would be beneficial. One password, possibly complex and hard to decrypt is always better than twenty passwords (that no one will remember or has written on a post-it note under their keyboard) for twenty different applications.

3. Security getting in the way of the users’ activity. This point is the consequence of the previous one. Security policies need to be implemented. But, they need not interfere with the users’ ability to accomplish their work. Employers need to do a good job of educating employees about the importance of the security procedures and the consequences of not implementing them. Otherwise, employees will see them as a hindrance imposed from above, and may try to find ways to skirt them. 

4. Neglecting to upgrade the system. This is something that theoretically shouldn't happen, but sadly it's more common than you could think. Sometimes companies may hold off on upgrading their systems, which can be a costly mistake. There are several possible reasons for this. It may be that the company had custom applications developed with older software. There is a comfort level with previous versions. “We’ve always done it like this, why change?” “If it’s not broken, why fix it?”. Often, when a company has to cut costs, IT budget is cut altogether or system upgrades are delayed. It is a very topical problem today. In fact, since April 2014, Windows XP will be discontinued and Microsoft will no longer release updates. This will force companies who are still using Windows XP into scheduling migration activities. If a company doesn't complete these upgrades or doesn’t do so correctly and effectively, the company risks security compromises to their system. If the company has personal data about customers in their systems, then this could lead to potential legal ramifications as well. 

5. Believing you’re immune by malware because you have a Mac. It's true that infections are spread more in Windows-based computers, but this doesn't mean that a Mac computer is immune to malware. It is less likely, but the idea that it doesn’t happen at all is a myth. In fact, in recent years, as Macs have become more popular among the general population, there have been several infections reported by major antivirus companies. This is a truly hot topic. Apple has had to release security updates to deal with this. 

However, I often say that the best antivirus is common sense. Keep your system upgraded. Install an anti-virus, anti-malware, anti-spyware software and keep these updated. Don’t open emails and attachments from people you don’t know. Don’t leave your passwords written down on a piece of paper on, in or near your desk (yes, it happens... ).