Other Hot Articles
20 security (and other IT) mistakes to avoid
Fall prey to any one of these common IT blunders and watch your organization’s prospects suffer -- not to mention your own
By IT World Canada Staff (with files from InfoWorld)
It’s sad but it’s true: IT, by sheer virtue of its complex responsibilities, has a somewhat unnerving capacity to fall prey to misguided practices – the stuff of cost overruns, missed deadlines, and in some cases, lost jobs.
In the spirit of "forewarned is forearmed," we bring you 20 mistakes that today's IT managers would do well to avoid. The names have been changed to protect the guilty, but the lessons learned are plain to see.
1. Overzealous password policies
A clear and consistently enforced password policy is essential for any network. What good is a firewall when an attacker only needs to type "password" to get in?
But strict password security cuts both ways. If your password requirements are too complex and draconian, or if users are forced to change their passwords too often, your policy can have the opposite of its intended effect. Users pushed to the limit of remembering passwords end up writing them down -- in a drawer, on a Post-It, or on a piece of tape stuck to their laptop's keyboard. Don't undermine the ultimate aim of your password policy by insisting on unrealistic requirements.
Besides, passwords are so 2004. If you want strict access control today, think multifactor authentication.
2. Ignoring the human element of security
Today's network admins have access to a dizzying array of security tools. But as hacker Kevin Mitnick is fond of saying, the weakest link in any network is its people. The most fortified network is still vulnerable if users can be tricked into undermining its security -- for example, by giving away passwords or other confidential data over the phone.
For this reason, user education should be the cornerstone of your site security policy. Make users aware of potential social engineering attacks, the risks involved, and how to respond. Furthermore, encourage them to report suspected violations immediately. In this era of phishing and identity theft, security is a responsibility that every employee must share.
3. Losing track of mobile users
Networked tools make it easy to push security updates, run nightly backups, and even manage software installation for users across an entire organization -- provided, of course, that their PCs are connected to the corporate LAN. But what about users who spend most of their time off-site? (See Protecting the mobile workforce.)
Mobility and telecommuting have changed the game for systems management, network security, and business continuity. Laptops that lack current security patches are a prime vector for malware. Files that are never backed up can mean countless hours of lost productivity. And what will happen to your sensitive data in the event of theft? Automated IT policies offer no reassurance if road warriors can slip through the cracks.
(As an aside, check out the fall’s hottest new laptops for business users – some interesting mobility and security features to know about.)
4. Mismanaging the datacenter
Sys admins aren't exactly known for their neatness, but in the datacenter, order is essential. Spaghetti cabling, mislabeled racks, and orphaned equipment can all cause big problems. Careless provisioning can easily lead an admin to reconfigure the wrong server or reformat the wrong volume, so keep things tidy (and always double-check your log-ins).
Good systems housekeeping also means getting production servers off engineers' desks and out of their hiding places in the basement. Managing those assets is IT's job, and it should shoulder the burden with diligence and gusto. Make sure your CFO understands the importance of maintaining a datacenter that's large and well-equipped enough to grow with the business without turning into a jungle. (For a real-life case study, read Taking over a trainwreck: Tridel's CIO speaks up.)
|
