Common Mistakes and Pitfalls in IT Security

Security has become an integral part of our vast network of information technology. Individuals and businesses alike need to protect their data from a host of threats, including malware and viruses, hackers, corruption, erasure, and even physical concerns like mobile device theft.

Despite a multitude of provisions, programs, and protocols, security mistakes are still made by end users and providers alike. We know to use strong antivirus protection, but many of us are skipping the basics. Here are some of the most common problems encountered in IT security, along with how you can prevent them from affecting you.

Problems with password creation

There are plenty of guidelines and suggestions for creating strong passwords to prevent intrusions. But many people—including some IT professionals—still aren't as careful as they should be when creating passwords.

One problem area is default passwords. It's easy for network administrators to simply leave the default in place when setting up a system—but customers don't always remember to change them, and default passwords are easy targets for security breaches.

Weak passwords are also prevalent. It's important to create passwords that can't easily be guessed or cracked through common malicious methods like blunt force attacks, which are automated programs set to hammer dictionary words through an access point at a high rate of speed in an attempt to discover the password.

To create a strong password:

  • Don't use common words or phrases alone, especially those with personal significance to you. Even adding a few numbers to a common word can heighten the strength of your password.
  • Choose a password that you can remember so that you don't have to write it down. Writing out your passwords makes it that much easier for your account to be compromised.
  • Change your password regularly, especially on highly targeted information like your bank account.

Restrictions that don't restrict hackers

Businesses that interact with their customers online sometimes set restrictions on passwords and security questions that are meant to heighten security. Unfortunately, some of these measures are less than helpful, and can actually be detrimental.

One example is particularly common. You've probably created a few accounts that require a security question. This measure is typically employed so you can retrieve your password through an automated system, without having to wait for a human response. However, many websites provide a drop-down list of very basic questions to choose from, like your mother's maiden name, or the name of your first pet.

This means that with a little research, a determined hacker can find the answer to your security question and obtain your password. When it comes to security questions, the best solution is to allow users to choose their own questions and answers, so they can use something that isn't quite so obvious.

Password length restrictions are another problem. Limiting a password to six alphanumeric characters is a fairly prevalent restriction, used on many websites. The trouble is that the shorter a password, the easier it is to discover, either by guessing or using a permutation program.

Formulating a backup plan

By now, everyone is supposed to be aware of the importance of data backups. Unfortunately, there are still countless individuals and business owners who are going without. They may have invested in what they believe is tight security, and feel that there's no need to invest in additional backups. Or, they may have just forgotten, which happens more often than you might think.

One of the biggest mistakes in IT security is assuming that a disaster will never happen to you. Having a solid backup system is absolutely critical, if only because there are so many ways for data loss to occur.

Whether you're an individual or a business, the basics of IT security are strong passwords, smart antivirus protection, and a reliable data backup system. When you follow these simple principles, you can rest assured that your information is as protected as possible.