10 Stupid Moves That Threaten Your Company's Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
10 Stupid Moves That Threaten Your Company's Security
Oldest First  |  Newest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/26/2016 | 11:23:38 AM
Backup
Another issue with lazy encryption is failing to encrypt backup systems.  This was one of the big facepalms from the Adobe hack of a couple of years ago, when the operational systems were properly encrypted by the backup systems were not.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Author
1/26/2016 | 11:26:29 AM
Re: Even Password Management tools can cause problems.
It is axiomatic that if your security interferes too much with your accessibility (i.e., your ability to "just make it work"), then your users/employees will resent your security measures and try to undermine it and find ways around it.

Good security isn't just having a big lock.  It's also having a lock that people WANT to use and WILL use.  The lock does no good if it's so burdensome to use that people would rather just leave it unused and collecting dust.

Case in point: Policies that make you change your password every three months (if not more frequently).  This is how you get passwords like "mypassword1" "mypassword2" "mypassword3" and so on.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/27/2016 | 7:43:02 PM
Re: Even Password Management tools can cause problems.
> "So I cycle a base password from 1 to 32 and then reuse again. What else are you going to do?"

Have a more reasonable password policy and more reasonable IT department as a whole?  ;)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/27/2016 | 7:44:59 PM
Re: Even Password Management tools can cause problems.
But, for sake of argument, could an IP thief not just sell the information for $500k to a competitor with the necessary infrastructure to make that $5mil. in profit no sweat?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/28/2016 | 12:36:48 PM
Re: Backup
The important thing about encryption that a lot of laypeople (and even non-laypeople) forget is that if an attacker is successfully able to compromise and/or spoof authentication, then the encryption does no good; it's already unlocked.

Thus the need for multiple layers of security as opposed to M&M security (hard on the outside, soft in the middle).
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/28/2016 | 12:37:51 PM
Re: Even Password Management tools can cause problems.
@nomil: Ah, see, I'm not an experienced black-hatter, so I don't know these things.  ;)
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/29/2016 | 8:52:24 AM
Re: Most Overlooked Security Flaw
GaryS: Additionally, many organizations fail to properly and completely destroy data.  "Delete" -- or even reformatting -- does not eliminate all data.  While there are more effective ways to do it "in software", complete physical destruction of the drives is usually the best (and often the only) way.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/30/2016 | 11:03:37 AM
Re: Even Password Management tools can cause problems.
@TerryB: Your tale/experiences remind me of an incident a few years ago when some disgruntled (possibly former...I don't quite recall) Coca-Cola employees stole and offered to sell the secret Coca-Cola recipe to Pepsi.

Pepsi played along -- while immediately contacting Coca-Cola and the FBI.  They all set up a sting to catch and arrest the Coca-Cola IP thieves.

And, of course, it wouldn't really have benefited Pepsi to take the deal in the first place.  There's a terrific economic analysis on why Pepsi buying and somehow leveraging Coca-Cola's formula would have only hurt both companies in the long run -- driving them to RTTB brinksmanship.  The blogger explains it better than I can, and his piece can be read here: freakonomics.com/2006/07/07/how-much-would-pepsi-pay-to-get-cokes-secret-formula/
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/30/2016 | 11:49:47 AM
Re: Even Password Management tools can cause problems.
@TerryB: Incidentally, I was under the impression that YKK manufactured something like 97% of the world's zippers.  Is that figure wrong/no longer correct?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/31/2016 | 10:34:34 AM
Re: Even Password Management tools can cause problems.
Indeed, after hearing that statistic several years ago, I started paying more attention to my zippers.


Sure enough, they all say "YKK" on them.


2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Slideshows
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Commentary
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
Register for InformationWeek Newsletters
Video
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll