IT Professionals Make Security Blunders Too

IT pros are human, but their security lapses can have far more devastating consequences to the business than those committed by ordinary users. This is because IT pros have complete mastery over the enterprise’s network and critical systems.

Careless behavior can invite big trouble. Here are some security blunders IT pros should take care to avoid:

  • Using weak passwords or the same password for other machines on the network… Brute force attacks work because enough people still make this basic mistake.
  • Running applications as root… Create unique accounts with specific privileges for each application and service.
  • Sharing Admin accounts… Create separate accounts: one for root and one for each administrator.  Whenever an administrator leaves the company, all root and Admin passwords should be reset immediately.
  • Failing to document changes during troubleshooting… This could leave behind potential vulnerabilities hackers can exploit.
  • Putting passwords in a text file… Discovery by hackers can give them unfettered access to critical systems.
  • Ignoring old accounts… When employees leave the organization, a process should be in place to de-provision their accounts before they leave the building.
  • Being lax about patches… Too many servers are compromised not because of a zero-day exploit, but because a year-old patch was never installed.
  • Retaining unused applications… Keep machines as clean as possible to minimize the attack surface.

Big investments in security technology are wasted when IT professionals ignore the rules expected of everyone else.

DataLink can assist with security risk assessment, compliance gap analysis, and vulnerability remediation to safeguard your organization’s IT resources. Contact us today at 410.729.0440 or sales@DataLinkTech.com.