The Worst Information Security Mistakes Businesses Make

The Worst Information Security Mistakes Businesses Make

While technology issues account for a great number of the successful computer and network security break-ins, people do their share, as well. Here is a short list of neglectful things business people do that enable attackers to succeed.

Business Owners

  • Failing to update systems with security patches when security holes are found.
  • Not making backup of critical business files.
  • Not testing backups.
  • Allowing untrained, uncertified people to take responsibility for securing critical business systems.
  • Failing to understand how information security relates to the business.
  • Failing to realize how much money the organizational reputation is worth.
  • Pretending business compliance problems will go away if they ignore them.
  • Failing to educate employees on what to look for and what to do when they see a potential security problem.


  • Opening unsolicited e-mail attachments without verifying their source and checking their content first
  • Installing games or screen savers or other programs from un-trusted sources.
  • Giving passwords over the phone or changing passwords in response to telephone or personal requests when the requester is unknown.