User Security
Opening email attachments with integrated email clients
Not updating client software
Downloading untrusted software
Not creating or testing backups
Using wireless router connected inside the LAN
Strategic Security
Not providing training to security personnel
Only addressing physical security, neglecting data security
Not validating security fixes
Relying on firewall for all security needs
Not evaluating impact on reputation and data of security breach
Not implementing long term security decisions, relying on hot fixes to put out fires
Not addressing issues, neglecting security as policy
Operational Security
Not hardening internet connected host
Connecting test systems to the internet
Not updating systems on a regular and emergency basis
Using unencrypted protocols for management, reporting
Choosing bad default user passwords, changing passwords in insecure manner, or notifying users in insecure manners
Not testing or maintaining backups, not understanding the intricacies of backup software and procedures
Tags: Backup, Information Security, poor security, Security, security mistakes
