June 30, 2010, 8:10 AM — by Kevin Haley, Symantec - "Don't forget to floss regularly." It's something we hear every time we visit the dentist's office, and it really is good advice. But how many of us are actually doing it? Perhaps some of us are, but I would venture to guess that the majority of us simply aren't doing it as often as we know we should.
I'm sure there are many things that fall into this same category: things we know we should be doing because they're good for us, but that we simply don't do as often as we should. One that always comes to the forefront of my mind -- go figure, right -- is following the basic security best practices that get shouted from the rooftops every time an Internet security professional is asked what organizations should be doing to protect their data and infrastructure.
We've all heard these best practices before, but I'm consistently surprised by how many organizations -- both large and small -- I hear of that have fallen victim to cybercrime because they just aren't "flossing." So, here are the 3 most common security best practices companies should be following as part of their security regimen.
Keep Systems Up-to-Date with the Latest Security Patches
Software vulnerabilities provide attackers with access points onto computers and networks. Such vulnerabilities can be found in virtually anything, from operating systems down to the smallest media or Web browser plug-ins. And they're no small problem: According to Symantec's Internet Security Threat Report (ISTR) XV released in April of this year, Symantec documented a whopping 4,501 vulnerabilities in 2009. That's a lot of unlocked doors waiting to be opened without permission.
Out of all security vulnerabilities, those in Web browsers are perhaps the most serious due to their role in online fraud and in the propagation of malicious code. Web browsers are a particular security concern because they are exposed to a greater amount of potentially untrusted or hostile content than most other applications. In 2009, Symantec documented 374 new vulnerabilities in web browsers and 321 vulnerabilities in browser plug-ins. It is especially important to keep these plug-ins patched since they make a system vulnerable no matter what browser is being used.