The Six IT Security Mistakes Professionals Still Make

The Six IT Security Mistakes Professionals Still Make

Keeping workplace computers systems secure is a constant battle, but that means that not making simple mistakes is more important than ever. Here are the most common causes of IT security problems in the workplace.

Picture by Scott Robinson

This list is based on research by the global emergency response team at Kaspersky Lab, which analysed data based on 12 months of incidents reported to its team by enterprise clients. Team head Alexey Polyakov presented the data at Kaspersky’s recent security summit in Malaga. The percentage figure in brackets shows what proportion of total issues analysed by the team each problem accounted for. Some of these should be obvious issues to watch out for — keeping operating systems patched is a very basic requirement, for instance — but they fact they keep reappearing show there isn’t room for complacency.

Incorrectly configured network shares (35%). Allowing external access to business resources can help increase productivity, but it also can create major security holes. Make sure that systems are correctly secured, permissions are assigned appropriately,

Failure to install security patches (25%). Business environments often delay deploying patches to ensure that they won’t break existing applications and systems. While a little caution is advisable, you should still make updating as high a priority as possible.

Running multiple security software package on a single system (15%). Security software is not a “more is better” prospect; if you install multiple AV products, you’ll more often than not end up with performance issues, crashes, and a system that’s less secure than if you just pick a single product.

Not having a complete security strategy (15%). The inverse of the previous problem: this time, not having a complete security policy is the issue. No security policy can be bulletproof, but if you don’t cover the basics (antivirus, regular patching of OS and apps, encryption, and clearly articulated policies), you’re asking for trouble.

Unexpected freeware software creating issues (5%). We’re big fans of the free here at Lifehacker, but unexpected programs can create issues — either because they are malware masquerading as useful software, or because they create unexpected vulnerabilities.

Firmware vulnerability (5%). Possibly the hardest issue to deal with, but fortunately relatively rare.

Evolve is a weekly column at Lifehacker looking at trends and technologies IT workers need to know about to stay employed and improve their careers. Angus Kidman travelled to Malaga as a guest of Kaspersky Lab.


  • Following strict security guidelines like insanely long passwords with character mixes changed every few weeks when most people happily paste this weeks password on a post it note on their pc screen or fall for basic social engineering hack like the tech ringing asking for their password?

  • Worst issue I’ve come across is that in a heavily change managed environment – where change plans actually need proper investigation, investigation of known issues and a roll back plan, things like firmware roll ups never happen. Because it’s just too much hassle for an engineer to write the change plans – everyone avoids it until there’s a failure.

  • Another mistake is making security measures so restrictive and inflexible, that the only way to adequately use systems is to circumvent the security measures put in place, therefore rendering them useless…

  • I would have to say ITIL is got to be one of the biggest issues IT people have. It is a reference library yet people take it as gospel.

    Having to staff follow every part of every step in a ITIL plan is madness. Pick the bits you need to complete the task at hand, not just try and use every single part of it. It takes up to much real working time and does not really solve anything.

    ITIL = reference only!

Show more comments

Log in to comment on this story!