Global IT leader Gartner recently released a list of the top 10 security-related misconceptions that can hamper computer management and cause information leaks. At the recent Gartner Security & Risk Management summit in National Harbor, Md., Gartner analyst Jay Heiser highlighted these ten risk factors as areas which, left unprotected, can have serious ramifications for enterprise operations and business sustainability, reported Network World.
1) It couldn’t happen to us
Organizations that eschew software layered security solutions through ignorance or hubris might find themselves the targets of a data breach.
2) We already spend a lot on information security – just look at our budget
Gartner found that organizations spend an average of about five percent of their IT budgets on protecting themselves.
3) We can count the number of security risks, so we can control them
Firms that only evaluate potential threats on a numeric-ratio basis to their size are going about it the wrong way – all it takes is one quality threat to dismantle a poor security system.
4) We have a physical security system
There are many protective solutions out there because there are many types of businesses. If a solution doesn’t match business needs, it might be insufficient.
5) We have great passwords
Just because the password isn’t ‘password’ doesn’t mean businesses can grow complacent. Strong password hygiene is important.
6) Make it someone else’s problem
Moving security concerns to a different segment of IT, or out of IT all together, doesn’t necessarily eliminate the root causes of risks.
7) It’s definitely someone else’s problem
Taking an active role in security measures falls to everyone in the company.
8) Use this magic elixir
No protective solution can do everything, because security still depends on user awareness of vulnerable practices.
9) Just make it official
Simply drafting a policy isn’t going to ensure compliance, for the same reason listed above. Getting personnel on board is key to mitigating potential issues.
10) Encryption, right? Sure!
Encryption can be an incredibly useful tool, but only if it’s implemented correctly and personnel understand what’s expected of them in the system.
Where does your company fit in? Do any of these sound familiar?
It’s clear that many of these situations stem not from software itself but from poor user practices, whether it’s passing the buck or getting complacent. Application control solutions can go a long way in establishing a comprehensive effort to oversee user activity and diagnose potential problems. However, its success, like all software security services, is conditional upon employee awareness and cooperation.