While technology issues account for a great number of the successful computer and network security break-ins, people do their share, as well. Here is a short list of neglectful things business people do that enable attackers to succeed.
- Failing to update systems with security patches when security holes are found.
- Not making backup of critical business files.
- Not testing backups.
- Allowing untrained, uncertified people to take responsibility for securing critical business systems.
- Failing to understand how information security relates to the business.
- Failing to realize how much money the organizational reputation is worth.
- Pretending business compliance problems will go away if they ignore them.
- Failing to educate employees on what to look for and what to do when they see a potential security problem.
- Opening unsolicited e-mail attachments without verifying their source and checking their content first
- Installing games or screen savers or other programs from un-trusted sources.
- Giving passwords over the phone or changing passwords in response to telephone or personal requests when the requester is unknown.