Stupid security mistakes: Things you missed while doing the hard stuff

While you were upgrading your servers with the latest intrusion detection, did someone just walk in and steal them?

By , ITworld |  Security

Thankfully, there was no personal data on any of these

Source: Jeran Renz/Wikipedia

Your data is among your most important assets: it may contain information proprietary to your business, or information about your customers that you've promised to keep secret and secure. Hackers will be trying to get this data, of course, but there's really no need to actively try to help them do it. Remember the 2006 incident when AOL put the search records of millions of users, complete with personally identifying information, on a public server by accident. It's easy to make fun (and especially easy to make fun of AOL), but the truth is that most organizations of any size have a heterogeneous host of servers, some public, some not, and some set up by shadow IT and not covered by rigorous security policies. The advent of cloud storage as a trend has just made it easier to perpetrate an embarrassing screwup along these lines.

 

What terrible security problems lurk within?

Source: Jessica Rinaldi/Reuters

Just as it can be difficult to keep track of how public various servers on your corporate network are, it can also be hard to keep track of network nodes that might be public facing. Rather famously, in 2007 TJX (the company that owns prominent discount department stores like TJ Maxx and Marshalls) suffered an embarrassing breach when hackers tinkered with public kiosks that were set up so people could submit job applications. (They even did so in plain sight, simply claiming to be IT staff there to repair the machines.) Remember, it makes no sense setting up elaborate defenses against unauthorized intrusions onto the network when you provide a fully authorized entrance that anyone can walk right through.

What's the dumbest security mistake you've ever encountered in the wild? Don't be afraid to tell us in the comments (though you may want anonymize yourself).

[ Hackers can have their own dumb problems! See How hackers get caught: Apparently the mistake that's hardest to avoid is bragging that you did it ]

This article, "Stupid security mistakes: Things you missed while doing the hard stuff," was originally published at ITworld. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Now read:
Ahead of their time: Nine technologies that came early
Curious histories of generic domain names
Computing fossils: Old tech holding on for dear life

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question