4) Failing to disable accounts for departed employees. You would not believe how frequently HR fails to tell IT that an employee has left the business. They might, if you are lucky, remember to ask them for their mobile phone, but hey, why not let's leave all their remote access in place!
3) Failing to configure any security on a wireless access point. We all know wireless is here to stay. But if you are going to broadcast all your company's data to all and sundry, perhaps it is a good idea to enable the basic security features that comes standard with the product. It may not be the greatest, and it may be inconvenient, but it sure beats having to explain to the boss why he was able to connect to the network from the car park on his new wireless PDA, just purchased at Dixons.
2) Not keeping your firewall patched. This is pretty much tantamount to paying for an expensive lock on your front door at home and then leaving the keys in the lock - on the outside! And of course if you are going to patch the firewall software, don't forget to patch the underlying operating system if there is one.
1) Not securing home PCs with their own firewall, VPN and virus detection. It was difficult to decide what should be top of the list, but this won out. With broadband and laptops becoming widely deployed, users are accessing corporate resources from outside your logical boundary. If these machines are not properly secured, then neither is your network!
NetConnect are exhibiting at Infosecurity Europe 2004 which is Europe's number one IT Security Exhibition. Now in its 9th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 27th to the 29th April 2004.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.